Comments on: Role-based access control in SQL, part 2 http://www.xaprb.com/blog/2006/08/18/role-based-access-control-in-sql-part-2/ Stay curious! Thu, 09 Feb 2012 09:56:43 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Dennis Gearon http://www.xaprb.com/blog/2006/08/18/role-based-access-control-in-sql-part-2/#comment-19508 Dennis Gearon Mon, 25 Jul 2011 03:09:27 +0000 http://www.xaprb.com/blog/?p=215#comment-19508 Mesa, Just reread article, both pages. Xarpb talks about maybe putting the unix perms in with the other perms. If you do so, let us know. Danny, I like the idea of stored procedures as well. It would REALLY interfere with an ORM/Framework like Symfony, CakePHP, Spring-Roo-Hibernate, which expect to run just standard queries against the database. Actually, I'm not sure how to combine them. I'll probably have to implement it as a separate authorization 'service' that gets consulted prior to any action on objects/tables. This doesn't prevent coders from making mistakes, wich is a key design point in any good system. I THINK there is a way to partition between the ORM and the dbase layer that may allow a 'separation of concerns' in Java. I'll see eventually. And I'll post it. Mesa,
Just reread article, both pages. Xarpb talks about maybe putting the unix perms in with the other perms. If you do so, let us know.

Danny,
I like the idea of stored procedures as well. It would REALLY interfere with an ORM/Framework like Symfony, CakePHP, Spring-Roo-Hibernate, which expect to run just standard queries against the database. Actually, I’m not sure how to combine them. I’ll probably have to implement it as a separate authorization ‘service’ that gets consulted prior to any action on objects/tables. This doesn’t prevent coders from making mistakes, wich is a key design point in any good system.

I THINK there is a way to partition between the ORM and the dbase layer that may allow a ‘separation of concerns’ in Java. I’ll see eventually. And I’ll post it.

]]> By: Mesa http://www.xaprb.com/blog/2006/08/18/role-based-access-control-in-sql-part-2/#comment-19504 Mesa Thu, 21 Jul 2011 15:22:55 +0000 http://www.xaprb.com/blog/?p=215#comment-19504 Dennis I like the unixperms very much as I think they would probably handle most cases, but I also kinda like the way the extra permissions are handled, and thought I would like to make everything consistent. That is handle all the permissions the way they are done in part 2. I am determined to implement this, and am fiddling. Dennis I like the unixperms very much as I think they would probably handle most cases, but I also kinda like the way the extra permissions are handled, and thought I would like to make everything consistent. That is handle all the permissions the way they are done in part 2.

I am determined to implement this, and am fiddling.

]]> By: Dennis Gearon http://www.xaprb.com/blog/2006/08/18/role-based-access-control-in-sql-part-2/#comment-19501 Dennis Gearon Wed, 20 Jul 2011 03:37:57 +0000 http://www.xaprb.com/blog/?p=215#comment-19501 When I've done more with it, I will add to this blog to help everyone. Give me till the end of the year, though ;-) When I’ve done more with it, I will add to this blog to help everyone. Give me till the end of the year, though ;-)

]]> By: Xaprb http://www.xaprb.com/blog/2006/08/18/role-based-access-control-in-sql-part-2/#comment-19500 Xaprb Tue, 19 Jul 2011 20:01:13 +0000 http://www.xaprb.com/blog/?p=215#comment-19500 I have grown accustomed to reading responses to this post, but the system is complex enough that I don't truly remember it anymore, and would need to study again to provide meaningful answers. So I apologize for my lack of replies. But I'm likely not to find time to dig into this again, and hope that what I've posted is a helpful starting point to people searching for a solution. I have grown accustomed to reading responses to this post, but the system is complex enough that I don’t truly remember it anymore, and would need to study again to provide meaningful answers. So I apologize for my lack of replies. But I’m likely not to find time to dig into this again, and hope that what I’ve posted is a helpful starting point to people searching for a solution.

]]> By: Dennis Gearon http://www.xaprb.com/blog/2006/08/18/role-based-access-control-in-sql-part-2/#comment-19499 Dennis Gearon Tue, 19 Jul 2011 00:56:37 +0000 http://www.xaprb.com/blog/?p=215#comment-19499 From what I've seen, this page is no longer paid attention to by the owner. I haven't implemented it yet. I will be doing it with a JAVA front end. About the unix perms. I don't know specifically, but I think having the hybrid nature of this, unix_perms + ACL(?) is what makes it so fast and versatile. You get off the ground with the unix perms, run most queries with that, and then get your corner/edge permission-object-user conditions as needed. From what I’ve seen, this page is no longer paid attention to by the owner.

I haven’t implemented it yet. I will be doing it with a JAVA front end.

About the unix perms. I don’t know specifically, but I think having the hybrid nature of this, unix_perms + ACL(?) is what makes it so fast and versatile. You get off the ground with the unix perms, run most queries with that, and then get your corner/edge permission-object-user conditions as needed.

]]>