My client has been creating traditional client / server applications. I've
convinced him to move to multi tier with EAServer. It wasn't a hard sell, he
was already considering it.

In developing his client / server apps he has implemented a security system
on the database based upon the user's database login info - this is complete
with roles and such. It appears a lot of people have read-only access to
certain tables, etc. He would like to maintain that.

However, when connecting with a connection cache I am not using the user's
id unless I have a connection cache for each and every user. I really don't
want to have that - in fact, I can't. That would be too many connections.

I was going to just go with a user's table to vaidate the login but he
really doesn't want that. He says that he saw an article on how to pass-thru
the validation to the database from Jaguar, but all that I can find is how
to use NT validation at the operating system level, not the database.

Am I trying to do something really difficult here?

--
--------------------------------
Rik Brooks
Author, Columnist, Lecturer
Rik's Sybase Dojo www.texasmob.com/dojo

Look up the section on proxy authorization ("Set Session
Authorization" or the com.sybase.jaguar.conncache.ssa property) should
be a good eyecatcher).  Unfortunately, not all DBMS support it.

On Fri, 12 Jul 2002 16:18:57 -0500, <rik@texasmob.com> wrote:

>My client has been creating traditional client / server applications. I've
>convinced him to move to multi tier with EAServer. It wasn't a hard sell, he
>was already considering it.
>
>In developing his client / server apps he has implemented a security system
>on the database based upon the user's database login info - this is complete
>with roles and such. It appears a lot of people have read-only access to
>certain tables, etc. He would like to maintain that.
>
>However, when connecting with a connection cache I am not using the user's
>id unless I have a connection cache for each and every user. I really don't
>want to have that - in fact, I can't. That would be too many connections.
>
>I was going to just go with a user's table to vaidate the login but he
>really doesn't want that. He says that he saw an article on how to pass-thru
>the validation to the database from Jaguar, but all that I can find is how
>to use NT validation at the operating system level, not the database.
>
>Am I trying to do something really difficult here?
>
>--
>--------------------------------
>Rik Brooks
>Author, Columnist, Lecturer
>Rik's Sybase Dojo www.texasmob.com/dojo
>
>

Rik,

I am doing some Jaguar proof of concept work for a customer. Here, the DBAs 
want to be able to track run away queries and locks back to an individual. 
As you are aware, when using a connection cache, connections become 
anonymous. If your database supports it and the user ID specified in the 
connection cache is authorized for SET SESSION AUTHORIZATION, you can code 
ProxyUserName='user_id' on the DBParm of the tranaction object. 

While this works nicely (at least on Sybase ASE), I haven't come up with a 
clean implementation yet. Jaguar components need to be stateless. That 
means you may have to pass the user ID to each method if using Automatic 
Demarcation or pass it at least once after each CreateInstance() call. 

I'd be interested in hearing if you have made any progress in this area.

Bob

bob.loconto@pepsi.com