IRISLIB database
Static Public Member Functions | List of all members
Security Class Reference
Inheritance diagram for Security:
Inheritance graph
[legend]
Collaboration diagram for Security:
Collaboration graph
[legend]

Static Public Member Functions

_.Library.Boolean CheckPrivilege (_.Library.String Username, _.Library.Integer ObjectType, _.Library.String Object, _.Library.String Action, _.Library.String Namespace)
 Check if user has SQL privilege for a particular action. More...
 
_.Library.Boolean CheckPrivilegeWithGrant (_.Library.String Username, _.Library.Integer ObjectType, _.Library.String Object, _.Library.String Action, _.Library.String Namespace)
 Check if user has SQL grant privilege for a particular action. More...
 
_.Library.Status GrantPrivilege (_.Library.String ObjPriv, _.Library.String ObjList, _.Library.String Type, _.Library.String User)
 GrantPrivilege lets you grant an ObjPriv to a User via this call instead of using the SQL GRANT statement. More...
 
_.Library.Status GrantPrivilegeWithGrant (_.Library.String ObjPriv, _.Library.String ObjList, _.Library.String Type, _.Library.String User)
 GrantPrivilegeWithGrant lets you grant an ObjPriv, WITH GRANT OPTION, to a User More...
 
_.Library.Status RevokePrivilege (_.Library.String ObjPriv, _.Library.String ObjList, _.Library.String Type, _.Library.String User, _.Library.Integer wGrant, _.Library.Integer Cascade, _.Library.String AsGrantor)
 RevokePrivilege lets you revoke an ObjPriv from a User via this call instead of using the SQL REVOKE statement. More...
 
_.Library.Boolean RoleExists (_.Library.String rolename)
 This entry point can be used to determine if a role exists. More...
 
_.Library.Boolean UserExists (_.Library.String username)
 This entry point can be used to determine if a user exists. More...
 
- Static Public Member Functions inherited from Help
_.Library.String Help (_.Library.String method)
 This is a helper class that is used by the various SYSTEM classes to provide a Help method. More...
 

Member Function Documentation

◆ CheckPrivilege()

_.Library.Boolean CheckPrivilege ( _.Library.String  Username,
_.Library.Integer  ObjectType,
_.Library.String  Object,
_.Library.String  Action,
_.Library.String  Namespace 
)
static

Check if user has SQL privilege for a particular action.

This does not check grant privileges.



Parameters:

Username
Name of the user to check. Required.
ObjectType
Required. Specifies the type to check the privilege of. ObjectTypes are 1 (table), 3 (view), 5 (schema), 6 (ml configuration), 9 (procedure).
Object
Required. The name the object to check the privilege of.
For example, ObjectType and Object could be "1" and "Sample.Person", or "9" and "SQLUser.My_Procedure".
Action
Comma delimited string of actions letters to check privileges for. Actions are one or more of the letters "a,s,i,u,d,r,e,l" (in any order) which stands for ALTER,SELECT,INSERT,UPDATE,DELETE,REFERENCES,EXECUTE,USE (for ML Configurations).
Privilege "e" is only allowed for Procedures. Privilege "l" is only allowed for ML Configurations. CheckPrivilege will only return 1 if the user has privileges on all Actions specified. Required.
Namespace
Namespace object resides in (optional) default is current namespace

Returns: 1 - if the Username does have the privilege 0 - if the Username does not have the privilege Status - if CheckPrivilege call is reporting an error

Notes: If Username is a user with the All role, CheckPrivilege will return 1 even if the Object does not exist. If the user calling CheckPrivilege is not the same as Username, the calling user must hold the Admin_Secure:"U" privilege.

Example:

  • Do $SYSTEM.SQL.Security.CheckPrivilege("Miranda",3,"SQLUser.Person","s","PRODUCT")

◆ CheckPrivilegeWithGrant()

_.Library.Boolean CheckPrivilegeWithGrant ( _.Library.String  Username,
_.Library.Integer  ObjectType,
_.Library.String  Object,
_.Library.String  Action,
_.Library.String  Namespace 
)
static

Check if user has SQL grant privilege for a particular action.



Parameters:

Username
Name of the user to check. Required.
ObjectType
Required. Specifies the type to check the grant privilege of. ObjectTypes are 1 (table), 3 (view), 5 (schema), 6 (ml configuration), 9 (procedure).
Object
Required. The name the object to check the grant privilege of.
For example, ObjectType and Object could be "1" and "Sample.Person", or "9" and "SQLUser.My_Procedure".
Action
Comma delimited string of actions letters to check grant privileges for. Actions are one or more of the letters "a,s,i,u,d,r,e,l" (in any order) which stands for ALTER,SELECT,INSERT,UPDATE,DELETE,REFERENCES,EXECUTE,USE (for ML Configurations).
Privilege "e" is only allowed for Procedures. Privilege "l" is only allowed for ML Configurations. CheckPrivilegeWithGrant will only return 1 if the user has grant privileges on all Actions specified. Required.
Namespace
Namespace object resides in (optional) default is current namespace

Returns: 1 - if the Username does have the privilege 0 - if the Username does not have the privilege Status - if CheckPrivilegeWithGrant call is reporting an error

Notes: If Username is a user with the All role, CheckPrivilegeWithGrant will return 1 even if the Object does not exist. If the user calling CheckPrivilegeWithGrant is not the same as Username, the calling user must hold the Admin_Secure:"U" privilege.

Example:

  • Do $SYSTEM.SQL.Security.CheckPrivilegeWithGrant($username,1,"HHR.ProductionValues","s,i,u,d","USER")

◆ GrantPrivilege()

_.Library.Status GrantPrivilege ( _.Library.String  ObjPriv,
_.Library.String  ObjList,
_.Library.String  Type,
_.Library.String  User 
)
static

GrantPrivilege lets you grant an ObjPriv to a User via this call instead of using the SQL GRANT statement.

This does not include grant privileges.

$SYSTEM.SQL.Security.GrantPrivilege(ObjPriv,ObjList,Type,User)

ObjPriv
Comma delimited string of actions to grant. * for all actions:

  • Alter
  • Select
  • Insert
  • Update
  • Delete
  • References
  • Execute
  • Use
  • or any combination

ObjList * for all objects, else a comma delimited list of SQL object names (tables, views, procedures, schemas)

Type Table, View, Schema, Stored Procedures, or ML Configuration

User Comma delimited list of users

◆ GrantPrivilegeWithGrant()

_.Library.Status GrantPrivilegeWithGrant ( _.Library.String  ObjPriv,
_.Library.String  ObjList,
_.Library.String  Type,
_.Library.String  User 
)
static

GrantPrivilegeWithGrant lets you grant an ObjPriv, WITH GRANT OPTION, to a User

$SYSTEM.SQL.Security.GrantPrivilegeWithGrant(ObjPriv,ObjList,Type,User)

ObjPriv
Comma delimited string of actions to grant. * for all actions:

  • Alter
  • Select
  • Insert
  • Update
  • Delete
  • References
  • Execute
  • Use
  • or any combination

ObjList * for all objects, else a comma delimited list of SQL object names (tables, views, procedures, schemas)

Type Table, View, Schema, Stored Procedure, or ML Configuration

User Comma delimited list of users

◆ RevokePrivilege()

_.Library.Status RevokePrivilege ( _.Library.String  ObjPriv,
_.Library.String  ObjList,
_.Library.String  Type,
_.Library.String  User,
_.Library.Integer  wGrant,
_.Library.Integer  Cascade,
_.Library.String  AsGrantor 
)
static

RevokePrivilege lets you revoke an ObjPriv from a User via this call instead of using the SQL REVOKE statement.

$SYSTEM.SQL.Security.RevokePrivilege(ObjPriv,ObjList,Type,User,wGrant,Cascade,AsGrantor)

ObjPriv
Comma delimited string of actions to grant. * for all actions:

  • Alter
  • Select
  • Insert
  • Update
  • Delete
  • References
  • Execute
  • Use
  • or any combination

ObjList * for all objects, else a comma delimited list of SQL object names (tables, views, procedures, schemas)

Type Table, View, Schema, ML Configuration, or Stored Procedures

User Comma delimited list of users

wGrant 0/1 for WITH GRANT OPTION

Cascade 0/1 cascade revoke?

AsGrantor Alternate User to remove privileges for. AsGrantor can be a user name, a comma-separated list of user names, or "*".

◆ RoleExists()

_.Library.Boolean RoleExists ( _.Library.String  rolename)
static

This entry point can be used to determine if a role exists.



Parameters:

rolename
Name of the role to check.

Examples:

  • Write $SYSTEM.SQL.Security.RoleExists("SalesManager") // Writes a 1 if role SalesManager exists

This method can also be called as a Stored Procedure named SYSTEM_SQL.Security_RoleExists(rolename)

◆ UserExists()

_.Library.Boolean UserExists ( _.Library.String  username)
static

This entry point can be used to determine if a user exists.



Parameters:

username
Name of the user to check.

Examples:

  • Write $SYSTEM.SQL.Security.UserExists("Robert") // Writes a 1 if user Robert exists

This method can also be called as a Stored Procedure named SYSTEM_SQL.Security_UserExists(username)