Re: Can these constraint be implemented in an RDBMS ?

On Tue, 2 Mar 2004 15:19:07 +0100, "ben brugman" <ben_at_niethier.nl> wrote:

>Again thanks for your solution,
>now another question pops up.
>
>How about constraints who can access which data.
>
>In real live we have a outside the "RDBMS" routine
>which does the checking if a person is allowed to
>access certain type of data.

Using views and the security mechanism.

See the chapter about the security mechanism of "Intro"

>Rules like :
>If he belongs to a 'certain' department het can access
>any dossier which was on that department in the last three
>weeks.

var XXX view dossiers where today() - date > 21;

authority YYY grant retrieve on XXX to DepartmentX;

>Or if he has an appointment in the comming three weeks
>with a customer, he can access the customers data.
>(Except sometimes for a certain part).

var xxx view (customers join appointments) where worker = user() and date between today() and today() + 21;

>We could build this into views, but then allready complex views
>would get a lot of extra tables added to the view, like the appointment
>table, the table which describes to which department a person has
>access etc. etc.

I don't think they are very complex views.

> This makes the views far more complex and probably
>very slow because the access has to be evaluated for each row.
>(Over and over again).

They would not be slow with a decent RDBMS.

>Do you have a solutions for this type of problem within your 'RDBMS' ?

I still have not implemented that :( I don't have a lot of time. Although it is rather easy to implement.

>Is access control part of a 'RDBMS' ?

It should be.

Regards
  Alfredo Received on Tue Mar 02 2004 - 16:22:28 CET