Re: Row-level security?

From: paul c <>
Date: Thu, 28 May 2009 16:05:20 GMT
Message-ID: <4DyTl.28365$Db2.12094_at_edtnps83>

lawpoop wrote:
> On May 28, 10:48 am, Roy Hann <specia..._at_processed.almost.meat> wrote:

>> I don't know if relational theory has a lot to say about permissions
>> other than to provide the necessary machinery.  What you want is a base
>> table to which the user has no access, and a view of that table which is
>> restricted to just the rows the user should be able to see.  The user
>> is then given permission to select only from the view.

> So basically you'd want to do a view for each client? Or, in general,
> a view for every table for every user where you want row-level access?

Theory says no. Some products might say otherwise, as Roy H hinted in the 'fly in the ointment' comment that you didn't quote. Those two questions have a connotation that is a very good clue that most products have failed to implement the RM by being far too restrictive and why most of the industry is hot-tied by spurious problems. Received on Thu May 28 2009 - 18:05:20 CEST

Original text of this message