Open Data Services provides the capability for a server application to act in the security context of a client that has connected to it. One potential use of this feature would allow an Open Data Services server application to handle user access entirely through Windows NT facilities, so that the Open Data Services application does not need to maintain a separate list of user IDs and passwords. Another potential use of this feature might involve implementing your own auditing procedures to track system usage during a client session.
An Open Data Services server application can act in the security context of a client through the use of the srv_impersonate_client function and the Windows NT Registry. The srv_impersonate_client function is available for client connections that use the named pipes or multi-protocol Net-Library.
Individual event handlers in an Open Data Services server application can act in the security context of clients. For example, if you want to restrict the execution of particular remote stored procedures requests based on the client user, your remote stored procedures event handler could use the srv_impersonate_client function to determine the user's authorization.
One method of restricting access to an Open Data Services server application based on the client security context is to create a special Registry key and set access permissions on the key. You can use the Windows NT regedt32 utility to set permissions on the key, or you can write a custom setup program that will do it. When the connect event handler is called, the code can impersonate the client and then attempt to access the Registry key.
In this way, the Open Data Services server application can control access based on the success or failure of this action. For example, if a client does not have permission to access the key, the Open Data Services server application can return a specific error to the client and then issue a disconnect event.
Call srv_revert_to_self to return to the original security context of the Open Data Services application.