On Fri, Jul 02, 2004 at 17:32:07 +0200,
Michal Taborsky <michal@taborsky.cz> wrote:
> Doug McNaught wrote:
> >But why not create a "products_restricted" view that uses the
> >CURRENT_USER function to see who's running it?
> >
> >CREATE VIEW products_restricted AS
> >SELECT * FROM products WHERE Producer_ID = get_producer_id(CURRENT_USER);
> >
> >[CURRENT_USER returns a string, so you would need to map it to your
> >producer_id somehow.]
>
> This would work only for this case (limiting single producer to one
> user). But we want to have a bit more flexible system, so we'd be able
> define the restrictions freely (like "only producers 1 and 5 and price
> less than 100"). I'm sorry I did not mention this.
Then you can create a group table matching up producers and authorized users.
The view should join the base table with the group table on producer and
limit the results to users matching the "current_user". With appropiate
indexes this should be fast.
