You are not logged in.
Pages: 1
Hello,
I have tried to find the solution in documentation and examples but without significant success.
My task is to manage access to some model tables via permissions stored in server Database.
Looks like I should use AccessRights field of then authuser table (TSQLAuthUser class).
I see the field contains permissions and tables are there by their model indexes...
First... it is not clear what the indexes are.
Please explain me the moment.
For example I have a model:
Result := TSQLModel.Create([TSQLAuthUser, TSQLAuthGroup, TAccount, TTransfer, TOmMessagePatientDetails,
TPersonal, TCountry, TLanguage, TClient, TMandant,
TOmMessageOpenDetailsInstant, TOmMessageOpenDetailsPDF, TOmMessageOpenDetailsJpg,
TOmMessageOpenDetailsForm, TOmMessageOpenDetailsMail]);
Now I want to restrict user USER1 to use TOmMessagePatientDetails table ONLY for READ (not DELETE and no UPDATE).
In my example TOmMessagePatientDetails has index = 4. Right?
What if other developer will change table order in the model? It looks like allowed in code.
So... Where can I read all steps documentation about how to make per-table permissions?
Thanks a lot.
Offline
The Model order should never be modified.
By design.
Even a deprecated table should still be there, even if not used.
Otherwise the AccessRight and also RecordReference published fields would not work as expected.
You could easily get the table index in the model using Model.GetTableIndex() or Model.GetTableIndexExisting() methods.
Offline
>By design.
Clear answer.
Thanks a lot.
Will make a comment in the sources... Maybe it will help to prevent troubles from my colleagues.
Offline
to be clear...
one question more:
if I am logged in as user from USER Auth Group... then I can not get all users than can access a table (for example TOmMessageOpenDetailsMail).
For the operation I need administrator permissions.
Right?
Offline
Yes.
Two notes:
1. The Groups define the R/W permission per table. So if you change the group, you change the policy rights.
2. The security rules would be only for remote REST access, not for server-side service ORM access (e.g. from within a service method, which is executed with full rights);
Offline
See
thanks a lot!
Offline
Pages: 1