Groups
In LN, a group is defined as a collection of database users. All users assigned to a group are granted the same database privileges. Once a group is defined with a certain set of privileges, users can be assigned to that group. Using groups simplifies management of a large number of users with common requirements.
An LN group consists of a database name and methods for providing object security and authentication within the database. The LN group name is the same as the name of the database that holds the LN data within the RDBMS. The LN group uses the mechanisms of the RDBMS to authenticate and provide object security.
For the Microsoft SQL Server, an LN group consists of three components:
- A database
- A login (for authentication)
- A SQL Server role (for object security)
The SQL Server database has the same name as the LN group. The login is also named the same as the LN group and is assigned database owner (DBO) privileges in the database. A SQL Server role is created whose name is derived from the LN group name. This role becomes the target for privileges granted on objects in the database. Users are associated with the SQL Server role and, as a result, inherit the privileges granted to the role. The advantage of having a group table is that all members of the group can share and operate on the same data in a single table. LN tables are typically owned by the group so that the tables and data can be shared amongst all users of the application.
For example, users
Maria and
John can both be assigned to
LN
group
baandb. Group
baandb owns the tables and grants select, insert,
delete, and update privileges to the SQL Server role. Therefore, users
Maria and
John inherit the select, insert, delete, and
update privileges granted to the SQL Server role, to access and manipulate
LN
group table data.
The LN users are shielded from directly administering the role. The LN DBA sessions and the database driver do all the processing that is needed to make use of the role.
Only the administrator must be concerned about role administration. With the LN DBA module the administrator can easily maintain the role within the LN Tools.