Subject Re: Database Culture and Progress
Author Aleksey Karyakin
""Roman Rokytskyy"" <rrokytskyy@...> wrote in message
> Personally I see the value of the possibility to switch
> roles/users/groups (name it whatever you like) when the security
> context from the application server is promoted to the database. It
> seems to be technically possible and I think would increase the
> overall data security/safety.

Why do you think that? The point of authorization (which roles are
for) is to restrict users of doing thing that they shouldn'd do.
Switching roles seems to be proposed as a voluntary action from the
db client. In other words, the client becomes responsible for
limiting its own abilities. How do you see this model works at all
(from the security p.o.v.)?

I think the most needed and tangible feature is a "single sign on".
However, it is related to authentication (not authorization) and has
nothing to do with roles. Correct me if I wrong.

Aleksey Karyakin