Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> comp.databases.theory -> Re: access rights on any RDBMS

Re: access rights on any RDBMS

From: Abigail <abigail_at_foad.org>
Date: Wed, 25 Apr 2001 13:37:12 +0000 (UTC)
Message-ID: <slrn9edko8.r6k.abigail@tsathoggua.rlyeh.net>

[Removed comp.lang.perl.modules as this problem doesn't address a  specific module]

Eildert Groeneveld (eg_at_tzv.fal.de) wrote on MMDCCXCIV September MCMXCIII in <URL:news:3ae6746f_at_leda.tzv.fal.de>:
|| Hello Everyone,
|| we are developing a platform independant information system that
|| uses any RDBMS that complies to SQL-92, using a meta level for
|| specification of the business rules. The meta level is currently
|| written in PERL and so are the applications.
||
|| We now have to address the access right control. The requirements
|| are:
|| - be independant from the RDBMS used
|| - restrict access to any column for select, update, delete and insert
|| - restrict access conditional on the content of a column
||
|| One place to implement this would be the meta level. Then we
|| would be completely independant from the RDBMS. However, it implies
|| that no direct interaction from PERL (or any other language) with the
|| backend is possible, creating additional overhead.
||
|| Any thaughts on this problem?

Yes. Entirely independant from the RDBMS you can never be, somewhere down there you've got to communicate with it. But I presume you want a database independant API that your applications use, and use "drivers" to communicate with the databases. Those drivers could be based on DBI, but maybe you have done something else.

Every database I know of has the access granuality you require. (I don't know the details of all databases, so I might be wrong here). I would suggest using the native access control system, but write a database independant API to modify the access levels. For each supported database you write a small driver that translates the API to the native calls.

Then you have an independent interface, only overhead when you modify access control (but that's ok, because that is a relative uncommon operation) and no additional overhead when doing normal queries.

Abigail

-- 
$;                                   # A lone dollar?
=$";                                 # Pod?
$;                                   # The return of the lone dollar?
{Just=>another=>Perl=>Hacker=>}      # Bare block?
=$/;                                 # More pod?
print%;                              # No right operand for %?
Received on Wed Apr 25 2001 - 08:37:12 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US