Re: View updating in practice?

Jens Lechtenbörger wrote:

> "Bob Badour" <bbadour_at_golden.net> writes:
>
> > "Jens Lechtenbörger" <lechtej_at_uni-muenster.de> wrote in message
> > news:m265v87zud.fsf_at_pcwi1068.uni-muenster.de...
> > > Daniel Morgan <dmorgan_at_exesolutions.com> writes:
> > >
> > [snip]
> > > The question is the following: How dangerous are clueless users? If
> > > view updates are triggered from applications, then the application
> > > designer hopefully guarantees that the right things happen. If
> > > users access the database via SQL, they might delete valuable data.
> >
> > How dangerous? Very. However, I do not see the difference between a clueless
> > user deleting valuable data from a base table and a clueless user deleting
> > valuable data from a view. I see this as an issue for the dbms' security
> > function.
>
> My point is the following: With views, even users with a clue might
> not have a chance to understand their actions.
>
> Jens

I strongly disagree. Your assumption that a user knows the difference between a table, a view, and a synonym is ill-founded. To an end use data is data is data.

If you have a problem with dangerous users solve it by one of the following means:

1. Escort them to the door
2. Train them adequately
3. Write an AFTER-UPDATE AFTER-DELETE trigger to create an audit trail.
4. Combined 2 and 3, above.

Daniel Morgan Received on Mon Nov 11 2002 - 17:38:16 CET