Hi there, In the company I work for, we've recently got some new security requirements regarding the querying of data. As we operate with sensitive data (banking) we'll have soon some regulations to prevent someone seeing data he shouldn't. To implement this, one proposed solution (SQL Server only environment) was, to deny select access to tables/views and to provide instead table-valued functions for each table/view to select data from witch would be filtered. As example:
instead of: SELECT * FROM CustomerDataView WHERE .... returning: Id Name Desc ------------------------------ 1 Test FooBar 2 Tset RabOoF 3 XXX YYYY you'd had: SELECT * FROM dbo.FuncFilterCustomerDataView(someParameterToFilterBy) WHERE ... Returning: Id Name Desc ------------------------------ 1 Test FooBar 3 XXX YYYY the 'someParameterToFilterBy' couldnt be used as a where clause, as it might be some sophisticated lookup thing. It would be some kind of security token unique to a user that has to be setup by the application that connects the database. Now, how could this be solved in NHibernate? Probably I could use 'dbo.FuncFilterCustomerDataView' as select source for NHibernate and use custom insert/update/deletes (haven't tried it yet) but, where would 'someParameterToFilterBy' come from? Could it be predefined somehow in the session? Do I have to use a custom naming implementation? Any other ways? Or do we have another possibility? Or should we altogether abandon this approach and do the filtering on the client/middle tier? Any help welcome! Regards, Dominik --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "nhusers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/nhusers?hl=en -~----------~----~----~----~------~----~------~--~---
