Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> comp.databases.theory -> Row-level security and user groups

Row-level security and user groups

From: pmazolo <member_at_dbforums.com>
Date: Wed, 23 Oct 2002 22:59:48 +0000
Message-ID: <1964523.1035413988@dbforums.com>

Hi, this is only in part theory, but mostly...

This is what I want to do: A database based on Delphi 6, ADO and JET 4.0
(Access 2000 files) hosted in a small network (3-15 users) on a W2000
NTFS file server (no client/server).

The database should have row-level security, that is, I need to keep track of who can see what records and who can edit it and so on.

What I thought was to stora a table of user rights connected to the main data table. Then when I show the data I can check who the user is
(checking W2000 user groups with the shareware NTSet component for
example), and then check my database to see if that user is allowed to see that record.

  1. But.... how can I secure the files on the server from someone deleting them, or reading them with ACCESS driectly?

(I have made a .MDW file setting up user rights in JET, but I have to
allow reading of the whole tables, my only hope is that there is some way to only allow my application and no other to access the files... at least not MS Access (security has to be OK, not perfect))

2. And... will this user group checking stuff be possible from a W98

   computer connected to the network?

(Then the smaller problem of what to do when the administrator changes
user groups on the server etc...and I have stored group connected access rights in my databse...)

Next issue:

Every record in the database will also store information about related external documents (.DOC for example, that will be stored in a special sub-directory on the server). I will give the user the option of opening these documents with a "default browser" from my application.

Now... these documents should also be secured like the records in the databae, that is, the wrong user should not be able to delete, edit or even look inside the wrong file with WORD for example, and preferrably not see them in a directory.

This could be done through setting file security fro each document in W2000 (with the NTSet component for example) when the document is stored on the server from my application (at the time that the "connected" database record is created and I set its user group rights, the user is allowed to "uppload" external documents for that record, so I set the documents group access rights too)

3. But, will this work on the files on the W2000 file server from a

   W98 client?

4. Any other suggestions to how I should solve this?!?

(I dont want to store all the documents in the databse because it will
be many many GB....)

Tnx
Piedro Mazolo

--
Posted via http://dbforums.com
Received on Wed Oct 23 2002 - 17:59:48 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US