AUTHENTICATED_USER in zsql db connections?
I have a database that has security and logging built in -- (It's a postgresql installation); certain people are allowed to update and others are only allowed to read -- and when people update, we keep track of who changed what. I'd like zope to pass through the AUTHENTICATED_USER to the database -- so that the database log will show who did the update/delete/insert just as it does if we use some other interface. I think that means that I want AUTHENTICATED_USER to be part of the database connection string, and that I want each user to use a different instantiation of the connection... Is there any way to accomplish this? (I tried the obvious, making the connection string be dbname@localhost AUTHENTICATED_USER ; that didn't work... :) Jim Rowan DCSI DCE/DFS/Sysadmin Consulting jmr@computing.com (512) 374-1143
hi jim, <snippers>
Is there any way to accomplish this? (I tried the obvious, making the connection string be dbname@localhost AUTHENTICATED_USER ; that didn't work... :)
<snippers> this cannot work because when the user accesses the database through zope the connection is usually already there. it's a persistent connection that is opened right away. if your goal is to keep track of who does stuff you might do a dirty workaround and create another table in your database to capture the name of AUTHENTICATED_USER and other information needed and timestamp. important interactions (updates, inserts, etc) could write this info into the database by providing a second part to the ZSQL methods involved. <untested> <first part of ZSQL method> <dtml-var sql_delimiter> INSERT tracking_table_name VALUES ( <dtml-sqlvar AUTHENTICATED_USER.name type=string>, <dtml-sqlvar ZopeTime() type=date>, <dtml-sqlvar.... etc etc etc....) </untested> hope this helps jens Jens Vagelpohl Systems Administrator Washtenaw Development Council
Jens Vagelpohl wrote:
hi jim,
<snippers>
Is there any way to accomplish this? (I tried the obvious, making the connection string be dbname@localhost AUTHENTICATED_USER ; that didn't work... :)
<snippers>
this cannot work because when the user accesses the database through zope the connection is usually already there. it's a persistent connection that is opened right away. if your goal is to keep track of who does stuff you might do a dirty workaround and create another table in your database to capture the name of AUTHENTICATED_USER and other information needed and timestamp. important interactions (updates, inserts, etc) could write this info into the database by providing a second part to the ZSQL methods involved.
To solve the access problem you can also have two DB connections. One with the right to insert, delete, update and another just with select access. In the Zope security tab give anonymous access to the later and a special role access to the first. You'd still have to log who's doing what. hope this helps, -- Paulo Eduardo Neves maito:neves@email.com
paulo, since he wants to track what's relevant (update, insert, replace and such) he can conveniently stick the functionality for the tracking table into the very same ZSQL methods that handle the write operations, which in turn already use a privileged connection that is allowed to write. jens Jens Vagelpohl Systems Administrator Washtenaw Development Council
-----Original Message----- From: neves@inf.puc-rio.br [mailto:neves@inf.puc-rio.br]On Behalf Of Paulo Eduardo Neves Sent: Wednesday, September 22, 1999 21:36 To: zope@zope.org Cc: Jim Rowan Subject: Re: [Zope] AUTHENTICATED_USER in zsql db connections?
Jens Vagelpohl wrote:
hi jim,
<snippers>
Is there any way to accomplish this? (I tried the obvious, making the connection string be dbname@localhost AUTHENTICATED_USER ; that didn't work... :)
<snippers>
this cannot work because when the user accesses the database
through zope
the connection is usually already there. it's a persistent connection that is opened right away. if your goal is to keep track of who does stuff you might do a dirty workaround and create another table in your database to capture the name of AUTHENTICATED_USER and other information needed and timestamp. important interactions (updates, inserts, etc) could write this info into the database by providing a second part to the ZSQL methods involved.
To solve the access problem you can also have two DB connections. One with the right to insert, delete, update and another just with select access. In the Zope security tab give anonymous access to the later and a special role access to the first. You'd still have to log who's doing what.
hope this helps, -- Paulo Eduardo Neves maito:neves@email.com
_______________________________________________ Zope maillist - Zope@zope.org http://www.zope.org/mailman/listinfo/zope
(To receive general Zope announcements, see: http://www.zope.org/mailman/listinfo/zope-announce
For developer-specific issues, zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
participants (3)
-
Jens Vagelpohl -
Jim Rowan -
Paulo Eduardo Neves