Re: Row-level security?

From: Christopher Browne <cbbrowne_at_acm.org>
Date: Thu, 28 May 2009 23:07:09 -0400
Message-ID: <87eiu8a9pe.fsf_at_wolfe.cbbrowne.com>

Martha Stewart called it a Good Thing when lawpoop <lawpoop_at_gmail.com> wrote:
> On May 28, 12:29�pm, Roy Hann <specia..._at_processed.almost.meat> wrote:
>
>>
>> One can imagine various workarounds for DBMSs that don't know or can't
>> provide the value of USER, but you would still really need only one view
>> for all.
>
> I am only familiar with such databases that can't provide the value
> for USER, so that's why I thought a separate view for each user.

I have found it a handy notion to create a "session" table which allows binding various information about a particular connection to an identifiable tuple.

So, I have a view called "session_info", which pulls all of the "user-smelling" data such as their name, ID, when they connected, and which supplies access to anything else of relevance, and which could correspondingly be joined into other things.

If they don't establish a session_info tuple (or the stuff sitting behind it, at least), then they can't see *any* data.

As long as you can find a way to associate a database connection with a "session" tuple, then something like this would provide a mechanism to do this separation.

-- 
select 'cbbrowne' || '_at_' || 'gmail.com';
http://linuxfinances.info/info/postgresql.html
"What a depressingly stupid machine."
-- Marvin the Paranoid Android

Received on Fri May 29 2009 - 05:07:09 CEST

This message: [ Message body ]
Next message: robur.6_at_gmail.com: "Re: Natural keys vs Aritficial Keys"
Previous message: paul c: "Re: Natural keys vs Aritficial Keys"
Maybe in reply to: lawpoop: "Row-level security?"
In reply to lawpoop: "Re: Row-level security?"
Next in thread: robur.6_at_gmail.com: "Re: Natural keys vs Aritficial Keys"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message