Re: View updating in practice?
Date: Mon, 11 Nov 2002 16:38:16 GMT
Message-ID: <3DCFDCE3.143C2557_at_exesolutions.com>
Jens Lechtenbörger wrote:
> "Bob Badour" <bbadour_at_golden.net> writes:
>
> > "Jens Lechtenbörger" <lechtej_at_uni-muenster.de> wrote in message
> > news:m265v87zud.fsf_at_pcwi1068.uni-muenster.de...
> > > Daniel Morgan <dmorgan_at_exesolutions.com> writes:
> > >
> > [snip]
> > > The question is the following: How dangerous are clueless users? If
> > > view updates are triggered from applications, then the application
> > > designer hopefully guarantees that the right things happen. If
> > > users access the database via SQL, they might delete valuable data.
> >
> > How dangerous? Very. However, I do not see the difference between a clueless
> > user deleting valuable data from a base table and a clueless user deleting
> > valuable data from a view. I see this as an issue for the dbms' security
> > function.
>
> My point is the following: With views, even users with a clue might
> not have a chance to understand their actions.
>
> Jens
I strongly disagree. Your assumption that a user knows the difference between a table, a view, and a synonym is ill-founded. To an end use data is data is data.
If you have a problem with dangerous users solve it by one of the following means:
- Escort them to the door
- Train them adequately
- Write an AFTER-UPDATE AFTER-DELETE trigger to create an audit trail.
- Combined 2 and 3, above.
Daniel Morgan Received on Mon Nov 11 2002 - 17:38:16 CET