Security issues
When you develop a component for deployment to MTS, you can
define roles that determine which users or groups of users are authorized
to perform specific transactions. Then when you deploy the component,
you assign roles to specific users in the MTS Explorer.
Enabling authorization in the Project painter or
wizard
When you create a COM/MTS project using a wizard,
you can instruct MTS to check the security credentials of any client
that calls the component. In the Project painter, you can specify
checking at both the component and package level on the MTS Component
and MTS Package property pages.
Programmatic security
PowerBuilder provides functions on the transaction service object
that you can use in the component to determine programmatically
whether the caller is authorized to call a specific method. IsSecurityEnabled
determines whether security is enabled for the component. IsCallerInRole
determines whether the client process or server process calling
a method on the component is in a role that is authorized to call
it.
Impersonation
IsCallerInRole looks at the role of the direct caller of the
current method. If a client calls a method on a component, and that
method accesses a database, the access rights to the database are
determined by the security context of the component, not the client. PowerBuilder provides
additional functions on the transaction service object to enable
the component to assume the security context of the client before
performing an operation that the client may not be authorized to
perform. ImpersonateClient assumes the security context of the client,
IsImpersonating determines whether the component is running in its client’s
security context, and RevertToSelf restores the component’s
security context.