Privileged Operations in ABL - Forum - Community Groups - Progress Community

Privileged Operations in ABL

 Forum

Privileged Operations in ABL

  • Hello Guys,

    We’re developing an ongoing support for Progress products on our product (SecureSphere by Imperva).
    Our R&D researchers encountered some questions (below) and I’d appreciate if you could answer the questions below, or direct me to someone in Progress that can help with these.

    1)      In ABL is it possible to lock a login/user?

    2)      In ABL is there a way to grant/revoke database-wide privileges (such as DBA and RESOURCE) to a user?

    3)      How can we create role (from SQL or ABL) (progress version10.2B)

    4)     

    a.      In ABL is there a way to execute create/add table operation by executing a statement (not from the Data Dictionary GUI)?

    b.      Is the following code is a statement that can be execute from ABL

    ADD TABLE "emp35_a"

    AREA "Schema Area"

    CAN-CREATE "!,*"

    CAN-DELETE "!,*"

    CAN-READ "!,*"

    CAN-WRITE "test"

    DUMP-NAME "emp35"  

    Thanks in advance for your help !

    Tal

  • Tal.Peretz@imperva.com schrieb:

    Hello Guys,

    We’re developing an ongoing support for Progress products on our product (SecureSphere by Imperva).
    Our R&D researchers encountered some questions (below) and I’d appreciate if you could answer the questions below, or direct me to someone in Progress that can help with these.

    1)      In ABL is it possible to lock a login/user?

    >You can develope your own login proedure. Details are in the vast documentation.

    2)      In ABL is there a way to grant/revoke database-wide privileges (such as DBA and RESOURCE) to a user?

    >BA and Ressource sounds like SQL thinking. OE is SQL-92 compatible and you can use SQL for example the SQLEXP to set roles, grants, etv.
    >BUT:ABL and SQL security is disconnected. This is very well documented in the Handbook.

    3)      How can we create role (from SQL or ABL) (progress version10.2B)

    >OE has no real own role model. This you have to setup as part of your application design.

    4)     

    a.      In ABL is there a way to execute create/add table operation by executing a statement (not from the Data Dictionary GUI)?

    >Yes, study the source code of the dictionary tool in $DLC. Nearly anything can be done by manipulating the meta schema (_file etc).

    b.      Is the following code is a statement that can be execute from ABL

    >No, see a. 

    ADD TABLE "emp35_a"

    AREA "Schema Area"

    CAN-CREATE "!,*"

    CAN-DELETE "!,*"

    CAN-READ "!,*"

    CAN-WRITE "test"

    DUMP-NAME "emp35"  

    Thanks in advance for your help !

    Tal

  • "Role" is application defined, but check out "tenant" in 11.0.

    Consulting in Model-Based Development, Transformation, and Object-Oriented Best Practice  http://www.cintegrity.com

  • Tal.Peretz@imperva.com wrote:

    1)      In ABL is it possible to lock a login/user?

    Can you elaborate on what you mean by this?  Are you talking about altering the properties of a user record or a user connection?  Or something else?