Ingres does not support Windows domain accounts for authentication. However, domain support for Data Scoping exists over Ingres in that the domain into which the user is logged on at the client computer is used for Data Scoping rule evaluation.
For example, if a user is logged into a domain on a client computer, that domain user is used for Data Scoping rule evaluation. If a user logged into the client computer as DomainA\joe, the user is authenticated to Ingres as joe (not DomainA\joe because Ingres does not support domain accounts) but DomainA\joe is used for Data Scoping rule evaluation, regardless of whether the Ingres database is local or remote.
If the user is logged into a different client computer, such as DomainB\joe, the user is still authenticated to Ingres as joe but DomainB\joe is used for Data Scoping rule evaluation. Thus, two different client computers connected to the same server are authenticated to Ingres using the same user ID (joe) but two different domain user accounts are used for Data Scoping rule evaluation.
Data Scoping rules are enforced for domain groups in which the particular user is a member. You can create rules for multiple domains on one MDB using the DataScope Rule Editor. You can create rules when logged into different domains by using the DataScope Rule Editor locally or remotely. Only the rules created for the domain that is used to Windows‑authenticate to the MDB are applied.
You can then create Data Scoping rules for domain group accounts defined on the domain that is currently logged in. Rules are applied in the following ways:
Data Scoping rule evaluation takes place as described for a local computer.
|
Copyright © 2010 CA.
All rights reserved.
|
|