Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> comp.databases.theory -> Re: View updating in practice?

Re: View updating in practice?

From: Daniel Morgan <dmorgan_at_exesolutions.com>
Date: Mon, 11 Nov 2002 16:38:16 GMT
Message-ID: <3DCFDCE3.143C2557@exesolutions.com>


Jens Lechtenbörger wrote:

> "Bob Badour" <bbadour_at_golden.net> writes:
>
> > "Jens Lechtenbörger" <lechtej_at_uni-muenster.de> wrote in message
> > news:m265v87zud.fsf_at_pcwi1068.uni-muenster.de...
> > > Daniel Morgan <dmorgan_at_exesolutions.com> writes:
> > >
> > [snip]
> > > The question is the following: How dangerous are clueless users? If
> > > view updates are triggered from applications, then the application
> > > designer hopefully guarantees that the right things happen. If
> > > users access the database via SQL, they might delete valuable data.
> >
> > How dangerous? Very. However, I do not see the difference between a clueless
> > user deleting valuable data from a base table and a clueless user deleting
> > valuable data from a view. I see this as an issue for the dbms' security
> > function.
>
> My point is the following: With views, even users with a clue might
> not have a chance to understand their actions.
>
> Jens

I strongly disagree. Your assumption that a user knows the difference between a table, a view, and a synonym is ill-founded. To an end use data is data is data.

If you have a problem with dangerous users solve it by one of the following means:

  1. Escort them to the door
  2. Train them adequately
  3. Write an AFTER-UPDATE AFTER-DELETE trigger to create an audit trail.
  4. Combined 2 and 3, above.

Daniel Morgan Received on Mon Nov 11 2002 - 10:38:16 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US