Re: Row-level security?
From: Bob Badour <bbadour_at_pei.sympatico.ca>
Date: Thu, 28 May 2009 18:10:14 -0300
Message-ID: <4a1efda8$0$23786$9a566e8b_at_news.aliant.net>
>
> So basically you'd want to do a view for each client? Or, in general,
> a view for every table for every user where you want row-level access?
Date: Thu, 28 May 2009 18:10:14 -0300
Message-ID: <4a1efda8$0$23786$9a566e8b_at_news.aliant.net>
lawpoop wrote:
> On May 28, 10:48 am, Roy Hann <specia..._at_processed.almost.meat> wrote:
>
>>I don't know if relational theory has a lot to say about permissions >>other than to provide the necessary machinery. What you want is a base >>table to which the user has no access, and a view of that table which is >>restricted to just the rows the user should be able to see. The user >>is then given permission to select only from the view.
>
> So basically you'd want to do a view for each client? Or, in general,
> a view for every table for every user where you want row-level access?
In general, you would restrict the result based on the credentials given to the dbms. If those are application credentials, then the application can see what it is supposed to see. If those are user credentials, then the user can see what he or she is supposed to see.
The system catalog will reflect the credentials given (usually.) Received on Thu May 28 2009 - 23:10:14 CEST