DB2 PHP Generator online Help
Prev | Return to chapter overview | Next |
Permission manager
Permission manager allows you to restrict user access to the pages of the generated application. To open this window, press the Manage permissions... button. This is not applicable for the database server authorization, in that case the permissions should be set with the server facilities (GRANT and REVOKE statements).
How permissions are granted and applied
1. | Permissions can be granted at the application and page levels. |
2. | Permissions granted at the application level are automatically applied to all pages in the application. |
3. | Page-level permissions are granted for each page individually. Effective user permissions for a page are calculated as sum of permissions granted to the user at the application and page levels i.e. permissions are cumulative. |
4. | PUBLIC permissions are permissions to be granted to all authorized users of your application, including those that might be created later. Any user in the application will have the sum of privileges granted directly to him and PUBLIC privileges. PUBLIC privileges also can be granted at the application and page levels. |
5. | You can enable the guest account in your application to allow any unauthorized user access to your website. The privileges can be granted to guest just like any user in the application. Note that PUBLIC privileges do not affect the guest privileges and vice versa. |
6. | The following permissions can be granted: Select, Insert, Update, Delete, and Admin. If a user has the Admin permission for a page, he/she can read, change, and delete all the records of the page as well as add the new records and manage the page access permissions via Admin Panel (if the table-based authorization is used and permissions are stored in a database table). |
7. | Exporting, Printing, and Comparison operations are available for everyone who has the Select privilege. |
8. | The Copy operation is available for everyone who has the Insert privilege. |
Live examples can be found in the Security Demo.
Hard-coded authorization
On using this kind of authorization, all users and their permissions are stored in generated .php files, so it is necessary to re-generate the application to modify this data. Use the checkboxes at the Permissions tab to grant/revoke the corresponding application-level permissions to users specified at the Hard-coded authorization window. To grant or revoke page-level permissions, use the Customize page level permission... button.
Table-based authorization
On using this kind of authorization, user accounts are always stored in a database table while permissions can be stored either in the generated files (as on using the hard-coded authorization) or in a database table like user accounts (recommended). To choose between these options, switch to the Storage tab and click the appropriate radio button.
To store permissions in the database, you can use an existing table or create a new one. On using this storage option, you can manage users and their permissions (both application and page levels) without necessity of re-building your site via DB2 PHP Generator GUI as well as via the web-based Administration Panel.
Prev | Return to chapter overview | Next |