Subject Re: [Firebird-Architect] Re: User name SYSDBA
Author Jim Starkey
johnson_dave2003 wrote:

>In short, you cannot implement effective enterprise security at the
>database object level.
>In the past, the workaround has been to grant authorization to the
>application at the object level, and then handle the rest in the
>application. If I understand him correctly, Jim wants to take this
>out of the application layer and put it right in the DBMS, because
>the application authority is efectively no security at all.
>To achieve his goal, every row fetch must include a lookaside to the
>security module to see if the row and columns requested are allowed.
>In Java terms, the lookaside can be implemented as a Map attached to
>the session.
There are better ways to handle this. One that I have discuss earlier
is a filterset, a set of table names and respective booleans that are
automatically appended to all selection criteria. There are probably
other suitable efficient mechanisms as well.