Checking ESQL Run-time Privileges

Progress automatically checks privileges in ESQL programs at compile time, in the same way it does for standard Progress and Progress/SQL procedures. However, Progress does not check privileges at run time. To prevent unauthorized users from running your Embedded SQL programs, use the Progress CAN-DO function at appropriate points in your application.

The CAN-DO function returns a 1 (true) or a 0 (false) based on the value of a character field (a privilege field) that contains a comma-separated list of user ID string values. If the specified user IDs (or the user ID of the application) has permission from the list, it returns 1; otherwise it returns 0. To retrieve and store the CAN-DO function value, define a variable of type sqlbool as the target of a singleton SELECT or FETCH.

For more information on how user ID values specify permissions, see the CAN-DO function entry in the Progress Language Reference. For information on using tables to store activities-based permissions, see the security sections of the Progress Programming Handbook.


Copyright © 2004 Progress Software Corporation
www.progress.com
Voice: (781) 280-4000
Fax: (781) 280-4095