Martijn Tonies wrote:

>The current ROLE mechanism works according to the SQL
>standard. A bit strange, true, but standard.
>
>Perhaps, when security gets renewed, a GROUP would be
>better. Any (server or database)user can be a member of
>one or more groups. Each group can have rights granted to
>it.
>
>
>

The SQL standard for roles is next to useless for three tiered
architectures. I think it makes a great deal more sense to design a
security model that contains the standard as a proper subset. While I
have great respect for standards to set minimal, consistent behavior, I
have no sympathy whatsoever for standards that impede extension.

The problem is that in any modern application, the database connection
is used to both authenticate the user and do work on his behalf. Any
system that doesn't let the application change the security policy
within a session is a decade out of date.

But gosh, if the SQL standards committee ever recognized that databases
are used to drive web applications, it might dawn on them that
multi-table free form text search is the foundation of the world wide web.

--

Jim Starkey
Netfrastructure, Inc.
978 526-1376