| class RSqlSecurityPolicy |
A container for the security policies for a shared SQL database.
security policies that apply to the database.
security policies that apply to individual database objects, i.e. database tables.
the database schema.
read activity on the database.
write activity on the database.
write activity on each named database table.
read activity on each named database table.
creating a RSqlSecurityPolicy object.
setting all the appropriate security policies into it.
passing the object as an argument to RSqlDatabase::Create().
closing the RSqlSecurityPolicy object on return from RSqlDatabase::Create().
Once a secure shared database has been created with specific security policies, these policies are made persistent and cannot be changed during the life of that database.
Security policies are encapsulated by TSecurityPolicy objects. The general usage pattern is to create the security policies container object (RSqlSecurityPolicy) using a default security policy (TSecurityPolicy), and then to assign more specific 'overriding' security policies.
The following code fragment shows how you do this:
TSecurityPolicy defaultPolicy;
RSqlSecurityPolicy securityPolicy;
RSqlDatabase database;
TInt err;
// Create security policies container object using a default security policy.
securityPolicy.Create(defaultPolicy);
// Set up policy to apply to database schema
// and assign it
TSecurityPolicy schemaPolicy;
...
err = securityPolicy.SetDbPolicy(RSqlSecurityPolicy::ESchemaPolicy, schemaPolicy);
// Set up policy to apply to write activity on the database
// and assign it
TSecurityPolicy writePolicy;
...
err = securityPolicy.SetDbPolicy(RSqlSecurityPolicy::EWritePolicy, writePolicy);
// Set up policy to apply to write activity to the database table named "Table1"
// and assign it
TSecurityPolicy tablePolicy1;
...
err = securityPolicy.SetPolicy(RSqlSecurityPolicy::ETable, _L("Table1"), RSqlSecurityPolicy::EWritePolicy, tablePolicy1);
// Set up policy to apply to read activity to the database table named "Table2"
TSecurityPolicy tablePolicy2;
err = securityPolicy.SetPolicy(RSqlSecurityPolicy::ETable, _L("Table2"), RSqlSecurityPolicy::EReadPolicy, tablePolicy2);
// Create the database, passing the security policies
err = database.Create(KDatabaseName, securityPolicy);
// We can close the RSqlSecurityPolicy object.
securityPolicy.Close();
Note that in this example code fragment, the client has not assigned specific overriding policies for all possible cases; for example, no overriding policy has been assigned to control read activity on the database, read activity on "Table1", nor write activity on "Table2". For these cases, the default security policy will apply.
A client can also retrieve a database's security policies by calling RSqlDatabase::GetSecurityPolicy(); this returns a RSqlSecurityPolicy object containing the security policies. Note that it is the client's responsibility to close the RSqlSecurityPolicy object when the client no longer needs it. The following code fragment suggests how you might do this:
RSqlDatabase database;
RSqlSecurityPolicy securityPolicy;
// Retrieve the security policies; on return from the call to
// GetSecurityPolicy(), the RSqlSecurityPolicy object passed
// to this function will contain the security policies.
database.GetSecurityPolicy(securityPolicy);
...
// This is the security policy that applies to database schema
TSecurityPolicy schemaPolicy = securityPolicy.DbPolicy(RSqlSecurityPolicy::ESchemaPolicy);
...
// This is the security policy that applies to write activity to the database
// table named "Table1".
TSecurityPolicy writePolicy = securityPolicy.Policy(RSqlSecurityPolicy::ETable, _L("Table1"), RSqlSecurityPolicy::EWritePolicy);
...
// Close the RSqlSecurityPolicy object when no longer needed.
securityPolicy.Close();
Note that in the cases where an 'overriding' security policy was not originally assigned, then the security policy returned will simply be the default security policy.
Note: The database security policies are used to control the access to the objects (tables, indexes, triggers, views) in the main database. The access to the temporary tables, indexes, etc. is not a subject of any restrictions, e.g. a client with "read" database security policy only can create and use temporary tables, views, indexes, triggers.
| Public Member Functions | |
|---|---|
| RSqlSecurityPolicy() | |
| IMPORT_C void | Close() |
| IMPORT_C TInt | Create(const TSecurityPolicy &) |
| IMPORT_C void | CreateL(const TSecurityPolicy &) |
| IMPORT_C TSecurityPolicy | DbPolicy(TPolicyType) |
| IMPORT_C TSecurityPolicy | DefaultPolicy() |
| IMPORT_C void | ExternalizeL(RWriteStream &) |
| IMPORT_C void | InternalizeL(RReadStream &) |
| IMPORT_C TSecurityPolicy | Policy(TObjectType, const TDesC &, TPolicyType) |
| IMPORT_C TInt | SetDbPolicy(TPolicyType, const TSecurityPolicy &) |
| IMPORT_C TInt | SetPolicy(TObjectType, const TDesC &, TPolicyType, const TSecurityPolicy &) |
| Private Member Functions | |
|---|---|
| CSqlSecurityPolicy & | Impl() |
| void | Set(CSqlSecurityPolicy &) |
| Public Member Enumerations | |
|---|---|
| enum | TObjectType { ETable } |
| enum | TPolicyType { ESchemaPolicy, EReadPolicy, EWritePolicy } |
| Private Attributes | |
|---|---|
| CSqlSecurityPolicy * | iImpl |
| IMPORT_C TInt | Create | ( | const TSecurityPolicy & | aDefaultPolicy | ) |
| const TSecurityPolicy & aDefaultPolicy |
| IMPORT_C void | CreateL | ( | const TSecurityPolicy & | aDefaultPolicy | ) |
| const TSecurityPolicy & aDefaultPolicy |
| IMPORT_C TSecurityPolicy | DbPolicy | ( | TPolicyType | aPolicyType | ) | const |
| TPolicyType aPolicyType |
| IMPORT_C void | ExternalizeL | ( | RWriteStream & | aStream | ) | const |
| RWriteStream & aStream |
| IMPORT_C void | InternalizeL | ( | RReadStream & | aStream | ) |
| RReadStream & aStream |
| IMPORT_C TSecurityPolicy | Policy | ( | TObjectType | aObjectType, |
| const TDesC & | aObjectName, | |||
| TPolicyType | aPolicyType | |||
| ) | const | |||
| TObjectType aObjectType | |
| const TDesC & aObjectName | |
| TPolicyType aPolicyType |
| void | Set | ( | CSqlSecurityPolicy & | aImpl | ) | [private] |
| CSqlSecurityPolicy & aImpl |
| IMPORT_C TInt | SetDbPolicy | ( | TPolicyType | aPolicyType, |
| const TSecurityPolicy & | aPolicy | |||
| ) | ||||
| TPolicyType aPolicyType | |
| const TSecurityPolicy & aPolicy |
| IMPORT_C TInt | SetPolicy | ( | TObjectType | aObjectType, |
| const TDesC & | aObjectName, | |||
| TPolicyType | aPolicyType, | |||
| const TSecurityPolicy & | aPolicy | |||
| ) | ||||
| TObjectType aObjectType | |
| const TDesC & aObjectName | |
| TPolicyType aPolicyType | |
| const TSecurityPolicy & aPolicy |
Not currently supported.
Defines a set of values that represents the database objects which can be protected by database security policy types.
| ETable |
Defines a set of values that represents the database security policy types. Each database security policy type refers to a set of capabilities encapsulated in a TSecurityPolicy object. The TSecurityPolicy object defines what capabilities the calling application must have in order to perform partiqular database operation. TSecurityPolicy
| ESchemaPolicy |
Schema database security policy. An application with schema database security policy can modify the database schema, write to database, read from database. |
| EReadPolicy |
Read database security policy. An application with read database security policy can read from database. |
| EWritePolicy |
Write database security policy. An application with write database security policy can write to database. |