My client has been creating traditional client / server applications. I've convinced him to move to multi tier with EAServer. It wasn't a hard sell, he was already considering it. In developing his client / server apps he has implemented a security system on the database based upon the user's database login info - this is complete with roles and such. It appears a lot of people have read-only access to certain tables, etc. He would like to maintain that. However, when connecting with a connection cache I am not using the user's id unless I have a connection cache for each and every user. I really don't want to have that - in fact, I can't. That would be too many connections. I was going to just go with a user's table to vaidate the login but he really doesn't want that. He says that he saw an article on how to pass-thru the validation to the database from Jaguar, but all that I can find is how to use NT validation at the operating system level, not the database. Am I trying to do something really difficult here? -- -------------------------------- Rik Brooks Author, Columnist, Lecturer Rik's Sybase Dojo www.texasmob.com/dojo
![]() |
0 |
![]() |
Look up the section on proxy authorization ("Set Session Authorization" or the com.sybase.jaguar.conncache.ssa property) should be a good eyecatcher). Unfortunately, not all DBMS support it. On Fri, 12 Jul 2002 16:18:57 -0500, <rik@texasmob.com> wrote: >My client has been creating traditional client / server applications. I've >convinced him to move to multi tier with EAServer. It wasn't a hard sell, he >was already considering it. > >In developing his client / server apps he has implemented a security system >on the database based upon the user's database login info - this is complete >with roles and such. It appears a lot of people have read-only access to >certain tables, etc. He would like to maintain that. > >However, when connecting with a connection cache I am not using the user's >id unless I have a connection cache for each and every user. I really don't >want to have that - in fact, I can't. That would be too many connections. > >I was going to just go with a user's table to vaidate the login but he >really doesn't want that. He says that he saw an article on how to pass-thru >the validation to the database from Jaguar, but all that I can find is how >to use NT validation at the operating system level, not the database. > >Am I trying to do something really difficult here? > >-- >-------------------------------- >Rik Brooks >Author, Columnist, Lecturer >Rik's Sybase Dojo www.texasmob.com/dojo > >
![]() |
0 |
![]() |
Rik, I am doing some Jaguar proof of concept work for a customer. Here, the DBAs want to be able to track run away queries and locks back to an individual. As you are aware, when using a connection cache, connections become anonymous. If your database supports it and the user ID specified in the connection cache is authorized for SET SESSION AUTHORIZATION, you can code ProxyUserName='user_id' on the DBParm of the tranaction object. While this works nicely (at least on Sybase ASE), I haven't come up with a clean implementation yet. Jaguar components need to be stateless. That means you may have to pass the user ID to each method if using Automatic Demarcation or pass it at least once after each CreateInstance() call. I'd be interested in hearing if you have made any progress in this area. Bob bob.loconto@pepsi.com
![]() |
0 |
![]() |