602SQL Documentation Index  

User Privileges when Executing Stored Procedures and Evaluating Queries

When a user executes stored procedures or evaluates queries, his user privileges are being checked. However there are cases when it's necessary to bypass these privileges to a certain extent:

The application author has the possibility to mark procedures and queries whose execution or evaluation won't be restricted by access privileges in a scheme. It's called running the procedure or query as an admin mode object. Privileges to call such a procedure or a query will still be checked, however privileges to objects belonging to the same scheme won't be checked during its evaluation.

These procedures and queries are marked by calling the Admin_mode function or by selecting the checkbox Admin mode object on the Properties tab of the Output window.

Only a user assigned to the Author role may mark this procedure or query. This mark is persistent and therefore is saved when the server is shut down or when exporting and importing the application. In a locked application it's not allowed to set the admin mode object specification (a locked application doesn't allow to assign anyone to the Author role).

The following query selects those documents from the DOCTAB table, that the user can read and that contain the word "Mississippi":

SELECT Contents FROM Doctab WHERE Has_select_privil(Contents,2) AND Position("Mississippi" In Contents)>0

This query cannot be evaluated directly, because the user doesn't have the global privilege to access the Contents column and cannot use it in the WHERE condition in the Position function. If the query is marked to be evaluated without privileges checking then it works and doesn't tamper the access privileges.

A Survey of Admin Mode Privileges

When calling a procedure in an admin mode object users are allowed to:

All of these privileges apply only to data and objects in the same scheme as the procedure which is run as a admin mode object.

If a procedure being run as a admin mode object opens and returns a cursor, full access to data in this cursor is not guaranteed. These privileges are evaluated according to the subject working with this cursor. Admin mode object is valid only inside the procedure body, a resulting cursor passed out of the procedure body won't inherit it.