I know that plain Progress 4GL code with static buffers, find, for each etc. is subject to database security at compile-time (or additionally at run-time with the "Use Runtime Permissions Checking" option).
Dynamic queries are subject to database security at run-time only.
Does anyone know how code like in the following example would behave?
define query q for OrderLine.
DEFINE VARIABLE hQuery AS HANDLE NO-UNDO.
hQuery = QUERY q:HANDLE.
hQuery:QUERY-PREPARE("FOR EACH OrderLine NO-LOCK WHERE OrderLine.Itemnum = 100":U).
hQuery:QUERY-OPEN().
get first q.
do while available OrderLine:
display OrderLine.Qty.
get next q.
end.
close query q.
QUERY-PREPARE() and QUERY-OPEN() are executed at run-time, the compiler cannot evaluate what the arguments are at compile time so run time is when security will be applied.
(Even though you used a static string for the arguments the compiler isn’t smart enough to do anything with it.)