Security issues
When you develop a component for deployment to COM+,
you can define roles that determine which users or groups of users
are authorized to perform specific transactions. Then when you deploy
the component, you assign roles to specific users in the COM+ Component
Services tool.
Enabling authorization in the Project painter or
wizard
When you create a COM/COM+ project using
a wizard, you can instruct COM+ to check the security credentials
of any client that calls the component. In the Project painter,
you can specify checking at both the component and package level
on the COM+ Component and COM+ Package property
pages.
To ensure that security is enabled, add a role to the COM
application in the Microsoft Management Console, add users to the
role, and grant the role to the component.
Programmatic security
PowerBuilder provides functions on the transaction service
object that you can use in the component to determine programmatically
whether the caller is authorized to call a specific method. IsSecurityEnabled determines
whether security is enabled for the component. IsCallerInRole determines
whether the client process or server process calling a method on
the component is in a role that is authorized to call it.
Impersonation
IsCallerInRole looks at the role of the
direct caller of the current method. If a client calls a method
on a component, and that method accesses a database, the access
rights to the database are determined by the security context of
the component, not the client. PowerBuilder provides additional
functions on the transaction service object to enable the component
to assume the security context of the client before performing an
operation that the client may not be authorized to perform. ImpersonateClient assumes
the security context of the client, IsImpersonating determines
whether the component is running in its client’s security
context, and RevertToSelf restores the component’s
security context.