Database access problem.

[golyg]

We have this application built with PB6.0.
In this app, when the user logs on we also log them onto a database (Sybase SQL Anywhere DB) and depending on certain access rights they then can view or update certain data.
Say a user with read-only rights opens the app, they then can go through the app and only view data. They cannot make changes to the system since they only have read-only rights.
But if this user opens a Sysbase SQL Anywhere session, it realizes that there is already a database connection, asks for the userID and password, and logs them onto the database, but it will ignore all access rights.
So this user, with read-only rights, can update the database.

The user will have this app installed as well Sybase SQL Anywhere on their machines.
It is not an option to remove SQL anywhere.

Any ideas on how we can prevent this "Backdoor access"

Thanks

 

[BetterLateThanNever]

Hi,

If I understand you correctly you are using the application to enforce user data rights. If this is the case, and your users are not restricted at the database side then there is not a lot you can do about "backdoor access". To control the users via any connection i.e. at the database, you must assign their usernames the appropriate permissions on the database itself.

Cheers.

 

[golyg]

sort-of...
I am gaining a better understanding of what is happening.
now, a user with a read-only rights can't update the database from either the app or through a 3rd party database program, which is fine, this is correct.
Here is where I think it gets tricky..
a user that can update the database through the app, called a preparer, is not allowed to update the database through a 3rd party app but can. they do not want the user to be able to update the database only through the app not a 3rd party software.

i'm confused to how i am supposed to restrict the user one time but allow to update at other times....

thanks