Abstract

In order to determine permission on an object, it's "well known" that the only way to determine the permission is to fetch the object and then get the calculated attribute _permit to know the exact permisson level the user has on the object. It is not possible to use a query to determine the exact permission a user has on an object, however, it is possible to query for objects to which the user has at least a certain permission level.

Background

The only way to determine the permission on an object is to fetch the object and then get the calculated attribute _permit to know the exact permisson level the user has on the object. However, this is an expensive procedure.

It is still not possible to use a query to determine the exact permission a user has on an object, however, it is possible to query for objects to which the user has at least a certain permission level. This is definitely an improvement over doing object fetches. This approach is discussed in the DQL Reference Manual.

Excerpt from the DQL Reference Manual

The SELECT statement retrieves information from object types and RDBMS tables. By default, the statement returns only objects for which the user has at least Browse permission. If you want to enforce a higher level of permission on the returned objects, you can include the FOR base_permit_level clause. For example, suppose you issue the following SELECT statement:

SELECT FOR VERSION "r_object_id","object_name","owner_name" FROM "dm_document" WHERE "subject"='budget_proposal'

You can execute the statement as a stand alone statement or as part of a variety of other DQL statements.