Hello,
I would be interested in knowing how you deal with permissions in your
ODBC applications. Mine is based on a thin Access client that accesses
Postgresql remote tables and stored procedures through ODBC.
I have already granted permissions to users based on their specific ODBC
login and password. Depending on the group they are member of, they
receive either SELECT, INSERT, UPDATE or DELETE rights on the table.
This works fine.
Now, the problem is when you have to adapt the UI in order to show the
user he won't be able to update a form, for example. At the moment, the
user only know when he tries to commit his changes that he shouldn't
have tried to. Another problem is when a certain field from a table
shouldn't be visible to certain users... How to deal with that?
I have thought of different "home-made" security systems, where I deal
with users in my database directly, instead of using ONLY the PG
security.
How do you manage permissions in your applications? Is it possible to
read the permissions a user has on a specific table from the client, and
adapt the UI accordingly?
Thanks
Philippe Lang