Date: Thu, 28 May 2009 07:30:10 -0700 (PDT)
How does one implement row-level security?
For instance, say you have an internal database for billing. You have a table Clients, a child table Invoices related by client_id to Clients.id, and a child LineItems related to Invoices.id by LineItems.invoice_id. You want to create a web app so that your clients can log on and see the invoices you've sent them. Of course, you only want the clients to see *their own* invoices, and not anyone else's. One way to handle this is in code, so that queries constructed always have "WHERE client_id = x". But is there a way in relational theory to provide different permissions to rows?Received on Thu May 28 2009 - 16:30:10 CEST