Re: View updating in practice?
Date: 13 Nov 2002 09:59:33 +0100
"Bob Badour" <bbadour_at_golden.net> writes:
> "Jens Lechtenbörger" <lechtej_at_uni-muenster.de> wrote in message
> > "Bob Badour" <bbadour_at_golden.net> writes:
> > > "Jens Lechtenbörger" <lechtej_at_uni-muenster.de> wrote in
> > > message news:m265v87zud.fsf_at_pcwi1068.uni-muenster.de...
> > > > Daniel Morgan <dmorgan_at_exesolutions.com> writes:
> > > >
> > > [snip]
> > > > The question is the following: How dangerous are clueless
> > > > users? If view updates are triggered from applications,
> > > > then the application designer hopefully guarantees that the
> > > > right things happen. If users access the database via SQL,
> > > > they might delete valuable data.
> > >
> > > How dangerous? Very. However, I do not see the difference
> > > between a clueless user deleting valuable data from a base
> > > table and a clueless user deleting valuable data from a
> > > view. I see this as an issue for the dbms' security function.
> > My point is the following: With views, even users with a clue
> > might not have a chance to understand their actions.
> You are ignoring the role of the data modeller. Do you likewise
> wish to prohibit cascaded deletes?
No. But my advise is to be very careful to grant delete permissions to someone who does not have select permissions.
Jens Received on Wed Nov 13 2002 - 09:59:33 CET