This approach would be a total bitch to work with. You CAN make it work, but at that point, you are better off using something like iBatis.NET
A better approach for doing this with NHibernate is to utilize Rhino Security, which adds role, row and column level security integrated into NHibernate. On Wed, Oct 22, 2008 at 12:24 AM, Dominik <[EMAIL PROTECTED]> wrote: > > Hi there, > > In the company I work for, we've recently got some new security > requirements regarding the querying of data. > As we operate with sensitive data (banking) we'll have soon some > regulations to prevent someone seeing data he shouldn't. > To implement this, one proposed solution (SQL Server only environment) > was, to deny select access to tables/views and to provide instead > table-valued functions for each table/view to select data from witch > would be filtered. > As example: > > instead of: SELECT * FROM CustomerDataView WHERE .... > returning: > Id Name Desc > ------------------------------ > 1 Test FooBar > 2 Tset RabOoF > 3 XXX YYYY > > you'd had: SELECT * FROM > dbo.FuncFilterCustomerDataView(someParameterToFilterBy) WHERE ... > Returning: > Id Name Desc > ------------------------------ > 1 Test FooBar > 3 XXX YYYY > > > the 'someParameterToFilterBy' couldnt be used as a where clause, as it > might be some sophisticated lookup thing. It would be some kind of > security token unique to a user that has to be setup by the > application that connects the database. > > Now, how could this be solved in NHibernate? > Probably I could use 'dbo.FuncFilterCustomerDataView' as select source > for NHibernate and use custom insert/update/deletes (haven't tried it > yet) but, where would 'someParameterToFilterBy' come from? Could it be > predefined somehow in the session? Do I have to use a custom naming > implementation? Any other ways? > > Or do we have another possibility? Or should we altogether abandon > this approach and do the filtering on the client/middle tier? > > Any help welcome! > > Regards, > Dominik > > > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "nhusers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/nhusers?hl=en -~----------~----~----~----~------~----~------~--~---
