Hi all, Jim,

From: "Jim Starkey"

>
> Martijn Tonies wrote:
>
> >The current ROLE mechanism works according to the SQL
> >standard. A bit strange, true, but standard.
> >
> >Perhaps, when security gets renewed, a GROUP would be
> >better. Any (server or database)user can be a member of
> >one or more groups. Each group can have rights granted to
> >it.
> >
> >
> >
> The SQL standard for roles is next to useless for three tiered
> architectures. I think it makes a great deal more sense to design a
> security model that contains the standard as a proper subset. While I
> have great respect for standards to set minimal, consistent behavior, I
> have no sympathy whatsoever for standards that impede extension.
>
> The problem is that in any modern application, the database connection
> is used to both authenticate the user and do work on his behalf. Any
> system that doesn't let the application change the security policy
> within a session is a decade out of date.

Well, in order to overhaul the current authentication, role and
granting system, I guess we should make a list of requirements
and ideas and then reimplement or deprecate ROLEs whatsoever.
There are quite a lot of ideas about database-users, groups, roles
etc etc...

On a server basis, I must admit that I also like the users to be
able to connect from a given set of hosts instead of free for
all etc... (see MySQL, but hey, they were born in web-apps).

> But gosh, if the SQL standards committee ever recognized that databases
> are used to drive web applications, it might dawn on them that
> multi-table free form text search is the foundation of the world wide web.

And what do you propose for this as a standard solution? ;-)

With regards,

Martijn Tonies
Database Workbench - developer tool for InterBase, Firebird, MySQL & MS SQL
Server.
Upscene Productions
http://www.upscene.com