class RSqlSecurityPolicy |
A container for the security policies for a shared SQL database.
security policies that apply to the database.
security policies that apply to individual database objects, i.e. database tables.
the database schema.
read activity on the database.
write activity on the database.
write activity on each named database table.
read activity on each named database table.
creating a RSqlSecurityPolicy object.
setting all the appropriate security policies into it.
passing the object as an argument to RSqlDatabase::Create().
closing the RSqlSecurityPolicy object on return from RSqlDatabase::Create().
Once a secure shared database has been created with specific security policies, these policies are made persistent and cannot be changed during the life of that database.
Security policies are encapsulated by TSecurityPolicy objects. The general usage pattern is to create the security policies container object (RSqlSecurityPolicy) using a default security policy (TSecurityPolicy), and then to assign more specific 'overriding' security policies.
The following code fragment shows how you do this:
TSecurityPolicy defaultPolicy; RSqlSecurityPolicy securityPolicy; RSqlDatabase database; TInt err; // Create security policies container object using a default security policy. securityPolicy.Create(defaultPolicy); // Set up policy to apply to database schema // and assign it TSecurityPolicy schemaPolicy; ... err = securityPolicy.SetDbPolicy(RSqlSecurityPolicy::ESchemaPolicy, schemaPolicy); // Set up policy to apply to write activity on the database // and assign it TSecurityPolicy writePolicy; ... err = securityPolicy.SetDbPolicy(RSqlSecurityPolicy::EWritePolicy, writePolicy); // Set up policy to apply to write activity to the database table named "Table1" // and assign it TSecurityPolicy tablePolicy1; ... err = securityPolicy.SetPolicy(RSqlSecurityPolicy::ETable, _L("Table1"), RSqlSecurityPolicy::EWritePolicy, tablePolicy1); // Set up policy to apply to read activity to the database table named "Table2" TSecurityPolicy tablePolicy2; err = securityPolicy.SetPolicy(RSqlSecurityPolicy::ETable, _L("Table2"), RSqlSecurityPolicy::EReadPolicy, tablePolicy2); // Create the database, passing the security policies err = database.Create(KDatabaseName, securityPolicy); // We can close the RSqlSecurityPolicy object. securityPolicy.Close();
Note that in this example code fragment, the client has not assigned specific overriding policies for all possible cases; for example, no overriding policy has been assigned to control read activity on the database, read activity on "Table1", nor write activity on "Table2". For these cases, the default security policy will apply.
A client can also retrieve a database's security policies by calling RSqlDatabase::GetSecurityPolicy(); this returns a RSqlSecurityPolicy object containing the security policies. Note that it is the client's responsibility to close the RSqlSecurityPolicy object when the client no longer needs it. The following code fragment suggests how you might do this:
RSqlDatabase database; RSqlSecurityPolicy securityPolicy; // Retrieve the security policies; on return from the call to // GetSecurityPolicy(), the RSqlSecurityPolicy object passed // to this function will contain the security policies. database.GetSecurityPolicy(securityPolicy); ... // This is the security policy that applies to database schema TSecurityPolicy schemaPolicy = securityPolicy.DbPolicy(RSqlSecurityPolicy::ESchemaPolicy); ... // This is the security policy that applies to write activity to the database // table named "Table1". TSecurityPolicy writePolicy = securityPolicy.Policy(RSqlSecurityPolicy::ETable, _L("Table1"), RSqlSecurityPolicy::EWritePolicy); ... // Close the RSqlSecurityPolicy object when no longer needed. securityPolicy.Close();
Note that in the cases where an 'overriding' security policy was not originally assigned, then the security policy returned will simply be the default security policy.
Note: The database security policies are used to control the access to the objects (tables, indexes, triggers, views) in the main database. The access to the temporary tables, indexes, etc. is not a subject of any restrictions, e.g. a client with "read" database security policy only can create and use temporary tables, views, indexes, triggers.
TSecurityPolicy RSqlDatabase RSqlSecurityPolicy::SetDbPolicy() RSqlSecurityPolicy::SetPolicy()
Public Member Functions | |
---|---|
RSqlSecurityPolicy() | |
IMPORT_C void | CreateL(const TSecurityPolicy &) |
IMPORT_C TSecurityPolicy | DefaultPolicy() |
IMPORT_C void | ExternalizeL(RWriteStream &) |
IMPORT_C void | InternalizeL(RReadStream &) |
IMPORT_C TSecurityPolicy | Policy(TObjectType, const TDesC &, TPolicyType) |
IMPORT_C TInt | SetDbPolicy(TPolicyType, const TSecurityPolicy &) |
IMPORT_C TInt | SetPolicy(TObjectType, const TDesC &, TPolicyType, const TSecurityPolicy &) |
Private Member Functions | |
---|---|
CSqlSecurityPolicy & | Impl() |
void | Set(CSqlSecurityPolicy &) |
Public Member Enumerations | |
---|---|
enum | TObjectType { ETable } |
enum | TPolicyType { ESchemaPolicy, EReadPolicy, EWritePolicy } |
Private Attributes | |
---|---|
CSqlSecurityPolicy * | iImpl |
IMPORT_C | RSqlSecurityPolicy | ( | ) |
Initializes RSqlSecurityPolicy instance data members with their default values.
IMPORT_C void | CreateL | ( | const TSecurityPolicy & | aDefaultPolicy | ) |
Initializes RSqlSecurityPolicy instance.
const TSecurityPolicy & aDefaultPolicy | Default security policy which will be used for the database and all database objects. |
IMPORT_C void | ExternalizeL | ( | RWriteStream & | aStream | ) | const |
Externalizes RSqlSecurityPolicy instance to a write stream.
RWriteStream & aStream | Stream to which RSqlSecurityPolicy instance should be externalised. |
IMPORT_C void | InternalizeL | ( | RReadStream & | aStream | ) |
Initializes RSqlSecurityPolicy instance from a stream. In case of an error the original security policy data is preserved.
RReadStream & aStream | A read stream containing the data with which the RSqlSecurityPolicy instance will be initialized. |
IMPORT_C TSecurityPolicy | Policy | ( | TObjectType | aObjectType, |
const TDesC & | aObjectName, | |||
TPolicyType | aPolicyType | |||
) | const |
Gets a database object security policy of the specified type.
If no security policy of the specified type exists for that database object - the default security policy will be returned.
TObjectType aObjectType | Database object type. At the moment there is only one database object type - RSqlSecurityPolicy::ETable. |
const TDesC & aObjectName | Database object name. It cannot be a null descriptor. |
TPolicyType aPolicyType | Database object security policy type: RSqlSecurityPolicy::EReadPolicy, RSqlSecurityPolicy::EWritePolicy. |
void | Set | ( | CSqlSecurityPolicy & | aImpl | ) | [private] |
Destroys the existing iImpl object and replaces it with aImpl parameter.
CSqlSecurityPolicy & aImpl |
IMPORT_C TInt | SetDbPolicy | ( | TPolicyType | aPolicyType, |
const TSecurityPolicy & | aPolicy | |||
) |
Sets a database security policy of a specific type.
Sets database security policy (aPolicy argument) of aPolicyType type. If the aPolicyType database security policy has already been set then it will be replaced with the supplied policy.
TPolicyType aPolicyType | Database security policy type: RSqlSecurityPolicy::ESchema, RSqlSecurityPolicy::ERead, RSqlSecurityPolicy::EWrite. |
const TSecurityPolicy & aPolicy | The database security policy. |
IMPORT_C TInt | SetPolicy | ( | TObjectType | aObjectType, |
const TDesC & | aObjectName, | |||
TPolicyType | aPolicyType, | |||
const TSecurityPolicy & | aPolicy | |||
) |
Sets a database object security policy of a specific type.
If there is no entry in the security policy container for the object with aObjectName name, then a new entry for this object will be created and all object security policies will be initialized with the default security policy. The specific database object policy, refered by aPolicyType parameter, will be set after that.
If an entry for aObjectName object already exists, its security policy of "aPolicyType" type will be reinitialized with the data of aPolicy parameter.
TObjectType aObjectType | Database object type. At the moment there is only one database object type - RSqlSecurityPolicy::ETable. |
const TDesC & aObjectName | Database object name. It cannot be a null descriptor. |
TPolicyType aPolicyType | Database object security policy type: RSqlSecurityPolicy::EReadPolicy, RSqlSecurityPolicy::EWritePolicy. |
const TSecurityPolicy & aPolicy | Database security policy. |
Not currently supported.
Defines a set of values that represents the database objects which can be protected by database security policy types.
ETable |
Defines a set of values that represents the database security policy types. Each database security policy type refers to a set of capabilities encapsulated in a TSecurityPolicy object. The TSecurityPolicy object defines what capabilities the calling application must have in order to perform partiqular database operation. TSecurityPolicy
ESchemaPolicy |
Schema database security policy. An application with schema database security policy can modify the database schema, write to database, read from database. |
EReadPolicy |
Read database security policy. An application with read database security policy can read from database. |
EWritePolicy |
Write database security policy. An application with write database security policy can write to database. |
Copyright ©2010 Nokia Corporation and/or its subsidiary(-ies).
All rights
reserved. Unless otherwise stated, these materials are provided under the terms of the Eclipse Public License
v1.0.