Re: Can these constraint be implemented in an RDBMS ?
Date: Tue, 02 Mar 2004 15:22:28 GMT
Message-ID: <4044a2a3.20400314_at_news.wanadoo.es>
On Tue, 2 Mar 2004 15:19:07 +0100, "ben brugman" <ben_at_niethier.nl>
wrote:
>Again thanks for your solution,
>now another question pops up.
>
>How about constraints who can access which data.
>
>In real live we have a outside the "RDBMS" routine
>which does the checking if a person is allowed to
>access certain type of data.
Using views and the security mechanism.
See the chapter about the security mechanism of "Intro"
>Rules like :
>If he belongs to a 'certain' department het can access
>any dossier which was on that department in the last three
>weeks.
var XXX view dossiers where today() - date > 21;
authority YYY grant retrieve on XXX to DepartmentX;
>Or if he has an appointment in the comming three weeks
>with a customer, he can access the customers data.
>(Except sometimes for a certain part).
var xxx view (customers join appointments) where worker = user() and date between today() and today() + 21;
>We could build this into views, but then allready complex views
>would get a lot of extra tables added to the view, like the appointment
>table, the table which describes to which department a person has
>access etc. etc.
I don't think they are very complex views.
> This makes the views far more complex and probably
>very slow because the access has to be evaluated for each row.
>(Over and over again).
They would not be slow with a decent RDBMS.
>Do you have a solutions for this type of problem within your 'RDBMS' ?
I still have not implemented that :( I don't have a lot of time. Although it is rather easy to implement.
>Is access control part of a 'RDBMS' ?
It should be.
Regards
Alfredo
Received on Tue Mar 02 2004 - 16:22:28 CET