| Subject | Re: [firebird-support] Re: how to determine User role |
|---|---|
| Author | Nando Dessena |
| Post date | 2008-03-31T08:17Z |
Milan,
M> Imagine being able to change the role at any time. What would the
M> uses cases for such application look like? When you have separate
M> roles, you can easily design the application by using typical use
M> cases (roles) and you can easily design security for each use case
M> (role). If user would be able to change the role in the middle, it
M> would break the flow, and make the application design much harder.
not really. For one, it would make it SQL-2003 compliant ;-), and in
addition it wouldn't break antything: ability to change the current
role in the middle of a session doesn't add any problem in flow
control vs having to detach an reattach, IMHO.
M> IMHO, the way roles work is perfect.
With a <set current role> statement they would be even more perfect.
;-)
But Anderson is asking for a different thing: AFAIU he would like to
have all roles automatically and simultaneously "current", which IMHO
defeats the purpose and design of SQL roles (IOW here I agree with
you).
Ciao
--
Nando Dessena
======================================================
I support Firebird, I am a Firebird Foundation member!
Join today at http://www.firebirdsql.org/ff/foundation
======================================================
M> Imagine being able to change the role at any time. What would the
M> uses cases for such application look like? When you have separate
M> roles, you can easily design the application by using typical use
M> cases (roles) and you can easily design security for each use case
M> (role). If user would be able to change the role in the middle, it
M> would break the flow, and make the application design much harder.
not really. For one, it would make it SQL-2003 compliant ;-), and in
addition it wouldn't break antything: ability to change the current
role in the middle of a session doesn't add any problem in flow
control vs having to detach an reattach, IMHO.
M> IMHO, the way roles work is perfect.
With a <set current role> statement they would be even more perfect.
;-)
But Anderson is asking for a different thing: AFAIU he would like to
have all roles automatically and simultaneously "current", which IMHO
defeats the purpose and design of SQL roles (IOW here I agree with
you).
Ciao
--
Nando Dessena
======================================================
I support Firebird, I am a Firebird Foundation member!
Join today at http://www.firebirdsql.org/ff/foundation
======================================================