Foreground and Background Rights

Previous Next

See Also

The Authorizer is based on a relational database, in which there may be relationships between data in several tables. If you grant rights to user groups you will have to remember that such relationships may exist. Having the right to delete a person's data may have its repercussions in other tables. That is why you can define rights in the foreground and in the background.


The foreground object is the object that is currently active in a data window or in the SQL Command dialog.


The user group may have the right to perform certain actions on a table in the foreground but these actions may cause all kind of actions in referenced tables, depending upon the relationships between the tables. For example, deleting a certain record in the foreground table may automatically delete a related record in a background table (through a cascading delete, or a corrective constraint). If you give a user group the right in the background, you grant the user the right to access or edit data through these processes.


To be able to execute UPDATE or DELETE statements, a background select right is also needed because the Rules Engine performs SELECT statements in the background before executing an update or delete statement. This means that when specifying an Update or Delete right, you also have to specify a background Select right.

Background processes for which (background) rights have to be explicitly specified include:

· Cascading update or delete processes executed by the Rules Engine.


· Corrective processes executed by the Rules Engine because of firing of corrective constraints.


· Referential integrity checks (checking if referenced parent records actually exist).


· Checking restrictive constraints.


An important rule is that user group members are allowed to do anything in the background that they are allowed to do in the foreground... and sometimes more.


If there are constraints defined on a table or column that "update" information in other tables, background rights must have been granted on these other tables.

Related Topics:

Matrix of Possibilities