Visual C++ 6 Unleashed

By MICKEY WILLIAMS and David Bennett

• Table of Contents
  • Copyright
  • About the Authors
  • About the Contributors
  • Acknowledgments
  • Tell Us What You Think!
  • Introduction
  • How to Use This Book
  • What You Need to Use This Book
  • What's New in Visual C++ 6.0
  • Contacting the Main Author
  • Part I: Introduction
  • Chapter 1. The Visual C++ 6.0 Environment
  • Part II: MFC Programming
  • Chapter 2. MFC Class Library Overview
  • Chapter 3. MFC Message Handling Mechanism
  • Chapter 4. The Document View Architecture
  • Chapter 5. Creating and Using Dialog Boxes
  • Chapter 6. Working with Device Contexts and GDI Objects
  • Chapter 7. Creating and Using Property Sheets
  • Chapter 8. Working with the File System
  • Chapter 9. Using Serialization with File and Archive Objects
  • Part III: Internet Programming with MFC
  • Chapter 10. MFC and the Internet Server API (ISAPI)
  • Chapter 11. The WinInet API
  • Chapter 12. MFC HTML Support
  • Part IV: Advanced Programming Topics
  • Chapter 13. Using the Standard C++ Library
  • Chapter 14. Error Detection and Exception Handling Techniques
  • Chapter 15. Debugging and Profiling Strategies
  • Chapter 16. Multithreading
  • Chapter 17. Using Scripting and Other Tools to Automate the Visual C++ IDE
  • Part V: Database Programming
  • Chapter 18. Creating Custom AppWizards
  • Chapter 19. Database Overview
    • ODBC 4.0
    • OLE DB and ATL's Database Classes
    • ActiveX Data Objects (ADO)
    • MFC's Database Classes
    • Structured Query Language
    • Data Definition Language
    • Data Control Language
    • Data Manipulation Language
    • Summary
  • Chapter 20. ODBC Programming
  • Chapter 21. MFC Database Classes
  • Chapter 22. Using OLE DB
  • Chapter 23. Programming with ADO
  • Part VI: MFC Support for COM and ActiveX
  • Chapter 24. Overview of COM and Active Technologies
  • Chapter 25. Active Documents
  • Chapter 26. Active Containers
  • Chapter 27. Active Servers
  • Chapter 28. ActiveX Controls
  • Part VII: Using the Active Template Library
  • Chapter 29. ATL Architecture
  • Chapter 30. Creating COM Objects Using ATL
  • Chapter 31. Creating ActiveX Controls Using ATL
  • Chapter 32. Using ATL to Create MTS and COM+ Components
  • Part VIII: Finishing Touches
  • Chapter 33. Adding Windows Help
  • Part IX: Appendix

Data Control Language

Most database developers will probably not be overly concerned with the security of individual objects within their database. (That's the Database Administrator's job.) However, for those developers who need to handle security programmatically, the Data Control Language must be used to maintain security within a Visual C++ program. Data Control Language is the segment of the SQL language that allows you to work with user privileges for objects in the database. DCL uses the following two SQL commands to work with objects in the database:

• GRANT: Gives authority for a user or group to access or update a table, view, or procedure.
• REVOKE: Removes authority that has been previously granted to a user or a group.

This section reviews the use of GRANT and REVOKE.

Granting Privileges

The SQL language allows you to grant certain privileges on a particular object to a set of users. The privileges that can be granted are listed here:

• SELECT: Allows the user to query data.
• INSERT: Allows the user to add new rows.
• DELETE: Allows the user to delete rows.
• EXECUTE: Allows the user to execute procedures.
• UPDATE: Allows the user to modify existing rows.
• REFERENCES: This privilege is required if a user will be modifying a table that has referential integrity constraints that refer to columns in another table. The user must have the REFERENCES privilege on the columns used in the constraint.

Privileges for a certain object are granted with a GRANT statement, such as the following:

GRANT SELECT ON Employee TO PUBLIC

The preceding example makes use of the PUBLIC keyword to grant the SELECT privilege on the Employee table to all users. You can also grant several privileges to several users in a single statement, as shown in the following code line. You cannot, however, grant privileges to multiple objects in the same statement.

GRANT SELECT, INSERT ON Employee TO Bob, Doug

Some databases allow security at the column level. For the UPDATE and REFERENCES privileges, you can grant access to specific columns, as in the following example, which allows Bob and Doug to update only the Salary and Dept columns.

GRANT UPDATE (Salary, Dept) ON Employee TO Bob, Doug

You can grant EXECUTE privileges to users to give them the rights to execute a stored procedure. The syntax to grant Bob and Doug access to execute the GetDepartment procedure is as follows:

GRANT EXECUTE ON GetDepartment TO Bob, Doug

Revoking Privileges

You can revoke privileges for database objects by using REVOKE statements, which use syntax similar to the GRANT statements shown earlier in this chapter. For example, if you used the following statement to grant privileges:

GRANT SELECT ON Royalties TO Ed, Alex, Michal, Dave

you could revoke a user's privileges to the Royalties table with a statement like this:

REVOKE SELECT ON Royalties FROM Dave

You can also add CASCADE or RESTRICT modifiers to your REVOKE statements. If you want to revoke a user's privileges for a certain table, it would also make sense to revoke the user's privileges on any views that require access to that table. The CASCADE modifier will do this for you. On the other hand, the RESTRICT modifier will prevent you from revoking a privilege that is required according to other privileges the user has been granted.

CREATE ROLE payroll

GRANT SELECT, UPDATE, INSERT, DELETE ON Employee TO payroll

ALTER USER Bob DEFAULT ROLE payroll

Share This