Re: Row-level security?
From: Bob Badour <bbadour_at_pei.sympatico.ca>
Date: Mon, 01 Jun 2009 13:20:50 -0300
Message-ID: <4a23ff6f$0$23757$9a566e8b_at_news.aliant.net>
>
> Yes, this does assume that. Are there other ways of doing this?
>
> I'm not asking "How do I do that in the setup I currently have", but
> rather "What [is|are] the way[s] this is done?"
>
> If you didn't have a separate dbms username for each user for whom you
> want to implement row-level security, it seems to me that it can't be
> done in SQL alone, for MySQL. In other words, in MySQL, you couldn't
> create a row-level security system just with tables, queries and views
> alone. You have to use users.
Date: Mon, 01 Jun 2009 13:20:50 -0300
Message-ID: <4a23ff6f$0$23757$9a566e8b_at_news.aliant.net>
lawpoop wrote:
> On May 29, 3:27 pm, Bob Badour <bbad..._at_pei.sympatico.ca> wrote:
>
>>>What one would need to do, then, is create a table of user permissions >>>that has a column of the MySQL username and the client_id, or whatever >>>column you would want to use in restricting on the query. Then create >>>a view that in some place references a join to that table, and puts >>>WHERE username = USER() or whatever in the view's where clause. >> >>>Correct? >> >>This assumes you connect to the dbms with a different user name for each >>client. Do you do that?
>
> Yes, this does assume that. Are there other ways of doing this?
>
> I'm not asking "How do I do that in the setup I currently have", but
> rather "What [is|are] the way[s] this is done?"
>
> If you didn't have a separate dbms username for each user for whom you
> want to implement row-level security, it seems to me that it can't be
> done in SQL alone, for MySQL. In other words, in MySQL, you couldn't
> create a row-level security system just with tables, queries and views
> alone. You have to use users.
Users exist for the security function. What other purpose do they serve? Received on Mon Jun 01 2009 - 18:20:50 CEST