Are stored procedures and data-aware components mutually exclusive?

Are stored procedures and data-aware components mutually exclusive?

Post by Kevin Frev » Fri, 08 Aug 2003 21:14:46


Arthur,

I've used TClientDataSets to update data when the result set comes from a
stored procedure (BDE and ADO)
Check out:
http://www.yqcomputer.com/ ,1410,22571,00.html

Good luck,
krf
 
 
 

Are stored procedures and data-aware components mutually exclusive?

Post by Brian Bush » Sat, 09 Aug 2003 10:53:13


You are correct you can't do this with a dbAware component. You could write
BeforeDelete and BeforeUpdate events to handle the stored procedures to do this
but it seems easier to handle all the row level rules in delphi events and
prevent the users from editing or deleting records they are not entitled to
change

 
 
 

Are stored procedures and data-aware components mutually exclusive?

Post by Arthur Hoo » Sat, 09 Aug 2003 19:10:45


I am trying to prevent the database users from getting at data where
they shouldn't, especially if they use tools such as MS SQL
Enterprise manager. Security inside the application itself may not be
enough!



--
Arthur Hoornweg
(please remove the ".net" from my e-mail address)
 
 
 

Are stored procedures and data-aware components mutually exclusive?

Post by Arthur Hoo » Sat, 09 Aug 2003 23:10:10


Security at table level is not the problem!

What I really need is row-level security. Imagine a table with
millions of records and each user may only access a subset of
those records, even if they use Enterprise Manager or generic SQL.

The user interface of my application consists mainly of a dbgrid so I
can't use stored procedures (I would need different stored procs for
retrieving/storing/deleting and tDataset just doesn't offer that
flexibility).

I currently try to solve it with a view that matches the user
name with a list of rights (=list of userid & projectnr)

Create View MyVirtualTable as
Select * from Physicaltable P where exists
(select * from Rights R where (R.projectnr=P.projectnr)
and ((R.userid=current_user) OR (R.userid='ALL USERS'))


This should give me the possibility to lock "physicaltable"
completely to all users and grant access to this table only through
the "MyVirtualtable" view, which checks if the user has sufficient
rights for each desired record. Theoretically this should work.
Unfortunately the "create view" syntax is rather limited, I could
do much more in a stored procedure. I'm still experimenting,
though...



--
Arthur Hoornweg
(please remove the ".net" from my e-mail address)