Query as another user
Hi all,
I would like to make DQL queries with a technical user but the query should return only the results for which the particular (for example johndoe) user has write permission.
Let's suppose technical user has write permission on everything. We would not like to make this technical user a superuser and create sessions in the name of "johndoe".
Is it possible to emulate what is appended to the DQLs to select only those documents/folders? (in the background DQL enforces the ACL security, appends something in the where clauses when a non-superuser runs a query)
For example a "pseudo query" which is executed by tech-user:
SELECT * FROM dm_document d WHERE folder('/Example') AND EXISTS (SELECT 1 FROM dm_acl WHERE object_name=d.acl_name and r_accessor_name='johndoe' and r_accessor_permit='WRITE')
The above obviously won't work in this form. Has anybody done something like that?
In DQLs there is "FOR WRITE" statement, but this is not good as the query is executed with tech user not the real user.
Categories
- All Categories
- Cloud Editions
- 1 Thrust Services
- cat as link
- 1 Core SaaS Application development
- 10 Developer Announcements
- 15 General Questions
- 33.4K TeamSite
- 141 Application Governance & Archiving
- 15.2K Designing Analytics Reports
- 1K DevShare Downloads
- Core SaaS Applications
- nested parent
- 4.3K Developing Analytics Applications
- 8.8K Documentum Developer Forum
- Media Management developer
- 159 Transactional Content Processing (TCP)
- 1.7K Web Experience Management
- 55 Tempo Social
- 1 XM Fax