[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnumed-devel] database abstraction
|
From: |
Karsten Hilbert |
|
Subject: |
Re: [Gnumed-devel] database abstraction |
|
Date: |
Thu, 24 Oct 2002 23:31:16 +0200 |
|
User-agent: |
Mutt/1.3.22.1i |
> views are entirely transparent - from the client side perspective they are
> just another table. On the server side you need to write some rules to allow
> views to be updateable in the same way as a table, but that's all.
> This would be my preferred first step of implementing abstraction.
This is also the lowest level of where we inject user-specific
content-aware access control.
a) "all" tables, rules and views are owned by gmdb-owner
b) certain groups are granted certain rights to certain
*views*, where "_agroup" has update/insert/delete while
"agroup" only has select rights
c) "user" belongs to "agroup" while "_user" belongs to
"_agroup", too
d) connections with write access are only established if
explicitely requested, and they use the pseudo name "_user"
which protects normal "user" connections from accidentally
stomping on data
Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346
- [Gnumed-devel] database abstraction, Horst Herb, 2002/10/23
- Re: [Gnumed-devel] database abstraction, Hilmar Berger, 2002/10/23
- Re: [Gnumed-devel] database abstraction, Karsten Hilbert, 2002/10/24
- Re: [Gnumed-devel] database abstraction, Horst Herb, 2002/10/24
- Re: [Gnumed-devel] database abstraction, Karsten Hilbert, 2002/10/24
- Re: [Gnumed-devel] database abstraction, Hilmar Berger, 2002/10/24
- Re: [Gnumed-devel] database abstraction, Horst Herb, 2002/10/24
- Re: [Gnumed-devel] database abstraction,
Karsten Hilbert <=
- Re: [Gnumed-devel] database abstraction, Hilmar Berger, 2002/10/25
- Re: [Gnumed-devel] database abstraction, Horst Herb, 2002/10/25
Re: [Gnumed-devel] database abstraction, Hilmar Berger, 2002/10/24