Connecting non-database users to a USoft application
In a number of cases you want to run a USoft application with a general database account and accept application users who do not have direct access to that database account. This is called account funneling: application users effectively share the same general database account.Validation Agent-specific information (password, mpped user Refer to your USoft Authorizer help for information about funneling and and user authentication.
In this case you still want to have the Rules Engine check rules for the specific application user. This type of deployment typically serves web application architectures. The web users are registered within USoft Authorizer and all authorization rules apply.
To grant a non-database user access to a USoft application:
To connect a user to a USoft application that uses a general database account, the following statement must be executed before any other statements are executed on behalf of that user:
SELECT '<username>', '<password>', '<key>'
This INVOKE statement returns the user name upon success, or an empty record set or error message in the case of a failure.
The result of successfully executing this statement is that the Rules Engine applies the authorization rules for the user. The key field is currently not used but will serve in the future to allow logging or extra user authentication checks. For web applications, the IP number could be passed for example.
Here is an ASP example, in which the authorized user 'JOHN' connects to a USoft application:
On error resume next
'-- Establish connection to the Database
Set Conn = Server.CreateObject("ADODB.Connection")
Query = "INVOKE RulesEngine.SetUser WITH SELECT 'JOHN', 'secret', '100.123.000.001'"
Set RS = Server.CreateObject("ADODB.recordset")
RS.ActiveConnection = Conn
<% RS.MoveFirst %>
<% Response.Write RS("RETURN") %>
If err.number <> 0 Then
Set RS = Nothing
Set Conn = Nothing