I am referring to the scenario where a user is allowed to open a SQL prompt and directly access the table using say 'select * from TBLNAME'. Or another application also accesses the table
Mario From: Mansour Al Akeel <mansour.alak...@gmail.com> To: users@openjpa.apache.org Date: 02/28/2012 10:39 PM Subject: Re: Virtual Private Database Mario, I don't understand what you mean by "one would need implement this at the database level". I know there are many ways to achieve what I want, but I don't understand your option. Can you please kindly, elaborate ? On Tue, Feb 28, 2012 at 12:07 AM, Mario Ds Briggs <mario.bri...@in.ibm.com>wrote: > >> > Which makes me conclude that it can not be done in a vendor neutral > way. Am I missing something ? > << > > Often the common requirement is that all/any/direct SQL access to database > should obey the security/access control rules. Therefore one would need > implement this at the database level, so that all SQL access is now > controlled rather than at the app level (and if you have done it at the > DB, you dont need to bother at the app). Of course if you are not bothered > about direct SQL access and only your app's access, then maybe u do what u > are trying > > Just my 2 cents > > Mario > > > > From: Mansour Al Akeel <mansour.alak...@gmail.com> > To: users@openjpa.apache.org > Date: 02/28/2012 04:45 AM > Subject: Virtual Private Database > > > > Hello all, > > I read on this page > http://en.wikibooks.org/wiki/Java_Persistence/Advanced_Topics#Filters, > some > thing about filters. My understanding is that it creates multiple view for > the database. > I need to implement row level security depending on the user reading the > data. I know this can be in done in the DAOs. But since this is going to be > done in many places I am searching for a better option. Another option is > to do it in Aspect Oriented way. For a moment I though about extending the > EntityManager, and do what I need there. > Still I believe using filters the way it's described, is a cleaner approach > for what I am doing and if I understand it correctly. > > Another option is http://jpasecurity.sourceforge.net/. > > My first question is, does openjpa has something similar ? > The second question, I didn't find anything about these data filters in the > specs. Which makes me conclude that it can not be done in a vendor neutral > way. Am I missing something ? > > If anyone had experience with similar situation, please share. > > > Thank you. > > >
