Support Forums - View Thread

View Thread

The following is the text of the current message along with any replies.

Messages 1 to 6 of 6 total

Sat, Oct 12 2013 3:33 PM	Permanent Link
Barry	I thought the configuration.serversessions would list the role of the user that is currently connected, but it doesn't. So what is the best way to get the role for the current user (from a Delphi application)? Barry
Sun, Oct 13 2013 3:54 AM	Permanent Link
Roy Lambert NLH Associates Team Elevate	Barry SELECT Name FROM Configuration.UserRoles where GrantedTo = CURRENT_USER But beware a user can have several roles granted. Roy Lambert [Team Elevate]
Sun, Oct 13 2013 4:06 PM	Permanent Link
Barry	Roy, >SELECT Name FROM Configuration.UserRoles where GrantedTo = CURRENT_USER< Thanks. I wasn't sure if the user had restricted access to the database, he could still get access to the Configuration database. That is something you can't do with other database products for security reasons (unless you have Administrator rights). For example, if a user had only read access to a single table in a single database, from what you've told me, he could still access the Configuration database for all databases and get the Roles, user names and server sessions and a list of all the databases. Correct? >But beware a user can have several roles granted.< Good point. I hadn't thought of that. Barry
Tue, Oct 15 2013 4:21 AM	Permanent Link
Roy Lambert NLH Associates Team Elevate	Barry >Thanks. I wasn't sure if the user had restricted access to the database, he could still get access to the Configuration database. That is something you can't do with other database products for security reasons (unless you have Administrator rights). For example, if a user had only read access to a single table in a single database, from what you've told me, he could still access the Configuration database for all databases and get the Roles, user names and server sessions and a list of all the databases. Correct? That question I have no idea about I try things like this out in EDBManager and all my logins on that have admin access Roy Lambert [Team Elevate]
Tue, Oct 15 2013 5:24 AM	Permanent Link
Roy Lambert NLH Associates Team Elevate	Barry I just tried creating a user Fred with public access only and the only info he could get from the Configuration.UserRoles table was his own. You'll need to experiment a bit more on the roles you typically grant to users. Roy Lambert [Team Elevate]
Wed, Oct 16 2013 3:16 PM	Permanent Link
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com	Barry, << Thanks. I wasn't sure if the user had restricted access to the database, he could still get access to the Configuration database. That is something you can't do with other database products for security reasons (unless you have Administrator rights). For example, if a user had only read access to a single table in a single database, from what you've told me, he could still access the Configuration database for all databases and get the Roles, user names and server sessions and a list of all the databases. Correct? >> No, a user can only see whatever his/her granted permissions allow him/her to see. Furthermore, special tables like the ServerSessions table are only available to administrators. Tim Young Elevate Software www.elevatesoft.com