T
Tinco
Guest
To have OpenEdge implement an equivalent of the MS SQL 'Database role membership' called 'db_datareader' that give members of that predefined db_datareader database role the permission to run a SELECT statement against any table or view in a database please make sure to submit a Progress Enhancement Request through the Progress Community IDEAS: knowledgebase.progress.com/.../P11255 For now the existing workarounds are - use 'grant tablename select to PUBLIC' to grant SQL select access to a table to all users that can access the database and a 4GL script like def stream s. output stream s to grant.sql. for each _file where (0 _file-num). put stream s unformatted "grant select on pub." _file-name " to public;" skip. end. put stream s unformatted "commit work;" skip. output close. to generate the grant commands needed for all database tables. (it is then not possible to revoke the access to a table to an individual database user though) - create a SQL user having select rights on all database tables and let the database users use this SQL user account instead of their own regular (4GL) database account. - modify a script like the one described on knowledgebase.progress.com/.../000039715 to generate SQL grant commands for all users defined in the database. and use OpenEdge commands like sqlschema -u sysprogress -a sysprogress -g PUB."tablename" -o outputFileTablename progress:T:localhost:5555:databaseName and remove the SQL grant commands already mentioned in those files outputFileTablename.dfsql from the SQL grant script. - implement a trigger on the user table to generate the needed SQL grant select statements for new users and use a custom script after the addition of a new table in the database. (need custom coding)
Continue reading...
Continue reading...