The OpenAccess SDK SQL engine enables setting up privileges of users for command execution and object access. The OpenAccess SDK SQL engine supports the SQL commands to define privileges and also verify user privileges before executing any DML command (SELECT, INSERT, UPDATE and DELETE).
The OpenAccess SDK SQL engine recognizes the commands used to set up privileges (GRANT, REVOKE) and passes the command information to the IP registered routine xxx_ip_DCL function, which can maintain the privilege information in its database. Before executing any DML command (SELECT, INSERT, UPDATE and DELETE), the OpenAccess SDK SQL engine calls the IP DCL function to validate the user access. The OpenAccess SDK SQL engine passes the user name, object name and the type of operation being requested to the IP PRIVILEGE function, which should check for the privilege.
A privilege is a right to execute a particular type of SQL statement, or a right to access another user’s object. OpenAccess SDK supports two kinds of privileges: system privileges and object privileges. System privileges determine what kinds of operations can be done – for example, CREATE TABLE and CREATE USER. Object privileges determine what kinds of operations can be done on a given object – for example, SELECT on a TABLE.
The IP can choose to support DCL and/or privilege checking. For example, if your backend is already configured with privilege information, then you only need to implement the IP PRIVILEGE function to validate the requested user’s operation on an object. You need to implement the DCL functionality if you want the user to be able to use the standard SQL Database Control Language to set up and modify privileges.
