RSqlSecurityPolicy Class Reference

class RSqlSecurityPolicy

A container for the security policies for a shared SQL database.

The container can contain:
  • security policies that apply to the database.

  • security policies that apply to individual database objects, i.e. database tables.

For the database, you use RSqlSecurityPolicy::SetDbPolicy() to apply a separate security policy to:
  • the database schema.

  • read activity on the database.

  • write activity on the database.

For database tables, you use RSqlSecurityPolicy::SetPolicy() to apply a separate security policy to:
  • write activity on each named database table.

  • read activity on each named database table.

A client uses a RSqlSecurityPolicy object to create a secure database. It does this by:

Once a secure shared database has been created with specific security policies, these policies are made persistent and cannot be changed during the life of that database.

Security policies are encapsulated by TSecurityPolicy objects. The general usage pattern is to create the security policies container object (RSqlSecurityPolicy) using a default security policy (TSecurityPolicy), and then to assign more specific 'overriding' security policies.

The following code fragment shows how you do this:

TSecurityPolicy defaultPolicy;
RSqlSecurityPolicy securityPolicy;
RSqlDatabase database;
TInt err;

// Create security policies container object using a default security policy.
securityPolicy.Create(defaultPolicy); 

// Set up policy to apply to database schema
// and assign it
TSecurityPolicy schemaPolicy;
...
err = securityPolicy.SetDbPolicy(RSqlSecurityPolicy::ESchemaPolicy, schemaPolicy);

// Set up policy to apply to write activity on the database
// and assign it
TSecurityPolicy writePolicy;
...
err = securityPolicy.SetDbPolicy(RSqlSecurityPolicy::EWritePolicy, writePolicy);

// Set up policy to apply to write activity to the database table named "Table1"
// and assign it
TSecurityPolicy tablePolicy1;
...
err = securityPolicy.SetPolicy(RSqlSecurityPolicy::ETable, _L("Table1"), RSqlSecurityPolicy::EWritePolicy, tablePolicy1);

// Set up policy to apply to read activity to the database table named "Table2"
TSecurityPolicy tablePolicy2;
err = securityPolicy.SetPolicy(RSqlSecurityPolicy::ETable, _L("Table2"), RSqlSecurityPolicy::EReadPolicy, tablePolicy2);

// Create the database, passing the security policies
err = database.Create(KDatabaseName, securityPolicy);

// We can close the RSqlSecurityPolicy object.
securityPolicy.Close();

Note that in this example code fragment, the client has not assigned specific overriding policies for all possible cases; for example, no overriding policy has been assigned to control read activity on the database, read activity on "Table1", nor write activity on "Table2". For these cases, the default security policy will apply.

A client can also retrieve a database's security policies by calling RSqlDatabase::GetSecurityPolicy(); this returns a RSqlSecurityPolicy object containing the security policies. Note that it is the client's responsibility to close the RSqlSecurityPolicy object when the client no longer needs it. The following code fragment suggests how you might do this:

RSqlDatabase database;
RSqlSecurityPolicy securityPolicy;

// Retrieve the security policies; on return from the call to 
// GetSecurityPolicy(), the RSqlSecurityPolicy object passed 
// to this function will contain the security policies.
database.GetSecurityPolicy(securityPolicy);
...
// This is the security policy that applies to database schema
TSecurityPolicy schemaPolicy = securityPolicy.DbPolicy(RSqlSecurityPolicy::ESchemaPolicy);
...
// This is the security policy that applies to write activity to the database
// table named "Table1".
TSecurityPolicy writePolicy = securityPolicy.Policy(RSqlSecurityPolicy::ETable, _L("Table1"), RSqlSecurityPolicy::EWritePolicy);
...
// Close the RSqlSecurityPolicy object when no longer needed.
securityPolicy.Close();

Note that in the cases where an 'overriding' security policy was not originally assigned, then the security policy returned will simply be the default security policy.

Note: The database security policies are used to control the access to the objects (tables, indexes, triggers, views) in the main database. The access to the temporary tables, indexes, etc. is not a subject of any restrictions, e.g. a client with "read" database security policy only can create and use temporary tables, views, indexes, triggers.

TSecurityPolicy

RSqlDatabase

RSqlSecurityPolicy::SetDbPolicy()

RSqlSecurityPolicy::SetPolicy()

Public Member Functions
RSqlSecurityPolicy()
IMPORT_C voidClose()
IMPORT_C TIntCreate(const TSecurityPolicy &)
IMPORT_C voidCreateL(const TSecurityPolicy &)
IMPORT_C TSecurityPolicyDbPolicy(TPolicyType)
IMPORT_C TSecurityPolicyDefaultPolicy()
IMPORT_C voidExternalizeL(RWriteStream &)
IMPORT_C voidInternalizeL(RReadStream &)
IMPORT_C TSecurityPolicyPolicy(TObjectType, const TDesC &, TPolicyType)
IMPORT_C TIntSetDbPolicy(TPolicyType, const TSecurityPolicy &)
IMPORT_C TIntSetPolicy(TObjectType, const TDesC &, TPolicyType, const TSecurityPolicy &)
Private Member Functions
CSqlSecurityPolicy &Impl()
voidSet(CSqlSecurityPolicy &)
Public Member Enumerations
enumTObjectType { ETable }
enumTPolicyType { ESchemaPolicy, EReadPolicy, EWritePolicy }
Private Attributes
CSqlSecurityPolicy *iImpl

Constructor & Destructor Documentation

RSqlSecurityPolicy()

IMPORT_CRSqlSecurityPolicy()

Member Functions Documentation

Close()

IMPORT_C voidClose()

Create(const TSecurityPolicy &)

IMPORT_C TIntCreate(const TSecurityPolicy &aDefaultPolicy)

Parameters

const TSecurityPolicy & aDefaultPolicy

CreateL(const TSecurityPolicy &)

IMPORT_C voidCreateL(const TSecurityPolicy &aDefaultPolicy)

Parameters

const TSecurityPolicy & aDefaultPolicy

DbPolicy(TPolicyType)

IMPORT_C TSecurityPolicyDbPolicy(TPolicyTypeaPolicyType)const

Parameters

TPolicyType aPolicyType

DefaultPolicy()

IMPORT_C TSecurityPolicyDefaultPolicy()const

ExternalizeL(RWriteStream &)

IMPORT_C voidExternalizeL(RWriteStream &aStream)const

Parameters

RWriteStream & aStream

Impl()

CSqlSecurityPolicy &Impl()const [private]

InternalizeL(RReadStream &)

IMPORT_C voidInternalizeL(RReadStream &aStream)

Parameters

RReadStream & aStream

Policy(TObjectType, const TDesC &, TPolicyType)

IMPORT_C TSecurityPolicyPolicy(TObjectTypeaObjectType,
const TDesC &aObjectName,
TPolicyTypeaPolicyType
)const

Parameters

TObjectType aObjectType
const TDesC & aObjectName
TPolicyType aPolicyType

Set(CSqlSecurityPolicy &)

voidSet(CSqlSecurityPolicy &aImpl)[private]

Parameters

CSqlSecurityPolicy & aImpl

SetDbPolicy(TPolicyType, const TSecurityPolicy &)

IMPORT_C TIntSetDbPolicy(TPolicyTypeaPolicyType,
const TSecurityPolicy &aPolicy
)

Parameters

TPolicyType aPolicyType
const TSecurityPolicy & aPolicy

SetPolicy(TObjectType, const TDesC &, TPolicyType, const TSecurityPolicy &)

IMPORT_C TIntSetPolicy(TObjectTypeaObjectType,
const TDesC &aObjectName,
TPolicyTypeaPolicyType,
const TSecurityPolicy &aPolicy
)

Parameters

TObjectType aObjectType
const TDesC & aObjectName
TPolicyType aPolicyType
const TSecurityPolicy & aPolicy

Member Enumerations Documentation

Enum TObjectType

Not currently supported.

Defines a set of values that represents the database objects which can be protected by database security policy types.

Enumerators

ETable

Enum TPolicyType

Defines a set of values that represents the database security policy types. Each database security policy type refers to a set of capabilities encapsulated in a TSecurityPolicy object. The TSecurityPolicy object defines what capabilities the calling application must have in order to perform partiqular database operation. TSecurityPolicy

Enumerators

ESchemaPolicy

Schema database security policy. An application with schema database security policy can modify the database schema, write to database, read from database.

EReadPolicy

Read database security policy. An application with read database security policy can read from database.

EWritePolicy

Write database security policy. An application with write database security policy can write to database.

Member Data Documentation

CSqlSecurityPolicy * iImpl

CSqlSecurityPolicy *iImpl[private]