Re: View updating in practice?
Date: Tue, 12 Nov 2002 16:33:59 GMT
Message-ID: <3DD12D26.2010804_at_earthlink.net>
Jens Lechtenbörger wrote:
> "Bob Badour" <bbadour_at_golden.net> writes:
>>"Jens Lechtenbörger" <lechtej_at_uni-muenster.de> wrote:
>>>The question is the following: How dangerous are clueless users? If
>>>view updates are triggered from applications, then the application
>>>designer hopefully guarantees that the right things happen. If
>>>users access the database via SQL, they might delete valuable data.
>>
>>How dangerous? Very. However, I do not see the difference between a clueless
>>user deleting valuable data from a base table and a clueless user deleting
>>valuable data from a view. I see this as an issue for the dbms' security
>>function.
> > My point is the following: With views, even users with a clue might > not have a chance to understand their actions.
If the view cannot be sensibly used by even the cognizant for updates, the creator of the view should prohibit updates via the view using the permissions system. Just because the database server might be willing to do updates via the view does not mean that people have to be permitted to do so.
There's a minor issue in SQL that a table owner cannot prohibit themselves from doing things to an object they own - in contrast to Unix where a file owner cn prohibit themselves from making a change to a file (no write permission). It irritates me, but isn't directly material to the argument.
-- Jonathan Leffler #include <disclaimer.h> Email: jleffler_at_earthlink.net, jleffler_at_us.ibm.com Guardian of DBD::Informix 1.00.PC2 -- http://dbi.perl.org/Received on Tue Nov 12 2002 - 17:33:59 CET