| Subject | Re: [IBO] Record Level Security |
|---|---|
| Author | Helen Borrie |
| Post date | 2003-05-31T00:40:13Z |
At 11:52 PM 30/05/2003 +0000, you wrote:
include some kind of flag column in the table, that corresponds to a flag
in another table that ties a user to a permission level. For more
flexibility, if you need to make permissions conditional, you can use two
flag columns. As someone else suggested, the most elegant and bombproof
way to engineer this will be to use a stored procedure.
protecting columns.
It would not be a wise idea to provide "free-range" querying facilities for
a database that contains confidential information.
Helen
>I want to have a table of employees and a table of record numbersThe relational model can help you a lot in this respect. You need to
>that they do or don't have access to and when they run a query I
>don't want them to see the records that they shouldn't.
include some kind of flag column in the table, that corresponds to a flag
in another table that ties a user to a permission level. For more
flexibility, if you need to make permissions conditional, you can use two
flag columns. As someone else suggested, the most elegant and bombproof
way to engineer this will be to use a stored procedure.
>Eventually I don't want them to see or be able to update ceartainThis one has quite a view options, including the use of views for
>fields either but for now just the ability to not see ceartain
>records when they run queries.
protecting columns.
It would not be a wise idea to provide "free-range" querying facilities for
a database that contains confidential information.
Helen