Advantage Client Engine
Remove a user’s or a user group’s permissions to a database object.
UNSIGNED32 AdsDDRevokePermission( ADSHANDLE hAdminConn,
UNSIGNED16 usObjectType,
UNSIGNED8 *pucObjectName,
UNSIGNED8 *pucParentName,
UNSIGNED8 *pucGrantee,
UNSIGNED32 ulPermissions );
hAdminConn (I) |
Handle of a database connection. |
usObjectType (I) |
Type of the database object that is specified by the pucObjectName parameter. Valid values are ADS_DD_TABLE_OBJECT, ADS_DD_COLUMN_OBJECT, ADS_DD_VIEW_OBJECT, ADS_DD_PROCEDURE_OBJECT, ADS_DD_LINK_OBJECT, ADS_DD_PUBLICATION_OBJECT, and ADS_DD_SUBSCRIPTION_OBJECT. |
pucObjectName (I) |
Name of the database object to revoke the specified permissions from. It may be the name of a database table, the name of a column in a database table, the name of a view, the name of a stored procedure, publication, subscription, or a link alias. |
pucParentName (I) |
Name of the database object that is the parent/owner of the object specified by pucObjectName. This parameter is only used if usObjectType is ADS_DD_COLUMN_OBJECT. In such case, this parameter specifies the name of the database table that owns the column specified by the pucObjectName parameter. For other object types, this parameter can be NULL and it is ignored. |
pucGrantee (I) |
Name of a user or a user group that is going to be granted the permissions. |
ulPermissions (I) |
This is a bit field for defining the access permissions to be revoked from the user or user group specified by the pucGrantee parameter. The permissions can be OR’ed together. Valid permissions are ADS_PERMISSION_READ, ADS_PERMISSION_UPDATE, ADS_PERMISSION_INSERT, ADS_PERMISSION_DELETE, ADS_PERMISSION_EXECUTE, ADS_PERMISSION_LINK_ACCESS, ADS_PERMISSION_INHERIT, ADS_PERMISSION_ALTER, ADS_PERMISSION_DROP, ADS_PERMISSION_CREATE, ADS_PERMISSION_WITH_GRANT, ADS_PERMISSION_ALL, and ADS_PERMISSION_ALL_WITH_GRANT. Note: The ADS_PERMISSION_ALL permission equates to all the permissions for which the current user has ADS_PERMISSION_WITH_GRANT permissions. |
usPropertyID |
Description |
AE_INVALID_OBJECT_NAME |
The name specified by the pucObjectName, pucParentName or pucGrantee could not be found in the database. |
AE_INVALID_OBJECT_PERMISSION |
The permissions specified by the ulPermissions parameter contains a permission that is not valid for the specified object type or grantee type. |
AdsDDRevokePermission removes the specified access permissions on a database object from a user or a user group. The ulPermissions parameter is used to specify a combination of permissions to revoke from the user or the user group. See AdsDDGrantPermission for more information on the types of permission that can be granted or revoked from user and user group.
Note If the user belongs to a user group, revoking a user’s permission to an object may not remove the user’s access permission to the object. The user may still inherit permission to the object from the user group that the user is a member of. To prevent the user from inheriting permissions to the object from a user group, revoke the inherit permission (ADS_PERMISSION_INHERIT) for the object from the user.
Note If the database is not set up to verify the user access permissions, the user’s access permissions will not be checked by the Advantage servers. See AdsDDSetDatabaseProperty and ADS_DD_VERIFY_ACCESS_RIGHTS property for more information. The property defaults to False on newly created data dictionary effectively giving all users full access to all objects in the database.
Note The allowed access to database tables is also affected by the table permission level property. See AdsDDSetTableProperty and the ADS_DD_TABLE_PERMISSION_LEVEL property.
Note This function can be called inside a transaction, but will not be part of the transaction. Any changes it makes cannot be rolled back.
usFindObjectType |
Description |
ADS_DD_PUBLICATION_OBJECT |
Retrieves the name of a publication object. The pucParentName is currently ignored and assumed to be the database. |
ADS_DD_SUBSCRIPTION_OBJECT |
Retrieves the name of a subscription object. The pucParentName is currently ignored and assumed to be the database. |
See AdsDDGrantPermission.