FrontBase logo

FrontBase Documentation

 FrontBase logo

Backtrack:
  Welcome!
    6. Original Documentation
 Updated: 20-Nov-2000
prevnext
Table of Contents

6.13. Row Level Privileges

FrontBase offers a unique feature called Row Level Privileges, which allows you to specify access privileges for individual rows. Each is row is said to be owned by a specific user and belonging to a specific group. Access privileges (SELECT, UPDATE and DELETE) for a row can be specified for the owner, the group and the world.

Please note that Row Level Privileges is licensed as a separate option and that the feature is not available in the free version.

Deploying Row Level Privileges

To use the Row Level Privileges feature, a given database has to be initialized with the feature given as an option:

      /Local/Library/FrontBase/bin/FrontBase -rlpriv <database name>

You can also specify the -rlpriv option when creating a database via the FBDatabaseManager.

Once created, the option is recorded in the database, i.e. you don't need to specify the option when the database server is subsequently stopped and started.

Managing the meta data

      CREATE GROUP <group name>;
            -- CURRENT_USER must be _SYSTEM
      DROP GROUP <group name> RESTRICT|CASCADE;
            -- CURRENT_USER must be _SYSTEM

      ALTER GROUP <group name> ADD USER <user name>;
         -- CURRENT_USER must be _SYSTEM
      ALTER GROUP <group name> DROP USER <user name>;
         -- CURRENT_USER must be _SYSTEM

      ALTER USER <user name> SET DEFAULT GROUP <group name>;
         -- CURRENT_USER must be _SYSTEM or <user name>

      ALTER TABLE <table name> SET DEFAULT PRIVILEGES(<row privileges>)
         [USER <user name>];
         -- CURRENT_USER must be _SYSTEM or <user name>, if no user name
         -- is given, the current user is used

      <row privileges> ::= <row privs> | <row privileges> , <row privs>
      <row privs>      ::= <owner privs> | <group privs> | <world privs>
      <user privs>     ::= USER = * | <priv mask>
      <group privs>    ::= GROUP = * | <priv mask>
      <world privs>    ::= * = * | <priv mask>
      <priv mask>      ::= <priv> | <priv mask> + <priv>
      <priv>           ::= SELECT | UPDATE | DELETE

Example: 
      ALTER TABLE T0
         SET DEFAULT PRIVILEGES(USER=*, GROUP=SELECT+UPDATE, *=SELECT);

Managing the content data

      UPDATE <table name> SET PRIVILEGES(<row privileges>) [WHERE <cond expr>];
      UPDATE <table name> SET GROUP <group name> [WHERE <cond expr>];
      UPDATE <table name> SET USER <user name> [WHERE <cond expr>];
         -- CURRENT_USER has to either own the row or be _SYSTEM

SELECTing the access privileges for a row

The owner, group and privileges for a given set of rows can be fetched as follows:

      SELECT USER, GROUP, PRIVILEGES FROM <table> WHERE <cond expr>;

By wrapping the SELECT in a VIEW, the values can be used in queries:

      CREATE VIEW(ROW_OWNER, ROW_GROUP, ROW_PRIVS) T0_PRIVS
         SELECT USER, GROUP, PRIVILEGES FROM T0;

      SELECT * FROM T0_PRIVS WHERE ROW_OWNER = '<user name>';


If you have feedback or questions on this document, please send e-mail to doc-feedback@frontbase.com. Please reference the section number and topic. Thanks!!

©2000 FrontBase, Inc. All rights reserved.