Re: implementing row level security

From: Alexander Schmidt <aschmidt-no-spam_at_no-spam-mail.ru>
Date: Fri, 21 May 2004 22:06:59 +0400
Message-ID: <newscache$qzs2yh$zgj$1_at_news.les.loc>


Take a look at Fine Graned Security.

--

Sincerely,
Alexander Schmidt
Microsoft Certified Professional
Conset Technology
"Jan" <janik_at_pobox.sk> wrote in message
news:81511301.0405040831.65aacc76_at_posting.google.com...

> He cannot access data, as I already mentioned - no grants, schema
> locked,
> only the way to access data is through stored procedures.
> Stored Procedures are there not only for security reason, but because
> of
> the complexity of data (tree structure, each node type has different
> approach of handling etc.) - so it was simpler/faster for us to
> develop our own RLS functions tailed for our app. then
> use Oracle one.
>
> Daniel Morgan <damorgan_at_x.washington.edu> wrote in message
news:<1083376717.759773_at_yasure>...
> > Jan wrote:
> >
> > > I had similar dilema, our model was quite complex (tree structure with
> > > some child tables) and we had to solve security on the node level.
> > > All the data were accessed through stored procedure (Insert, Update,
> > > Delete, Select). We started with Oracle RLS but after we decided to
> > > use our own solution
> > > - one simple table with the node privileges and procedure for checking
> > > those rights.
> > > We just put this checking procedure into our
> > > Insert/Update/Delete/Select procedures - that was the only way how to
> > > access the data. No grants on tables and schema locked.
> > >
> > > jan
> >
> > And your solution will work right up until the moment when someone
> > accesses the database with something other than the approved tool.
> >
> > The minute they do ... you have zero security.
> >
> > Want to take bets on 'when' it will happen? It would be unfair to
> > wager on 'if'.
Received on Fri May 21 2004 - 20:06:59 CEST

Original text of this message