Author: Chris Gough <chris@goughcorp.com>
----
Consider the heuristic "Never let your users query your data directly from the tables, only ever through views", and
it'scompanion "Never let your users manilulate your data directly, only ever via stored procedures".
If you follow this advice, then you will have all the benefits of data encapsulation. These include the simplified
querycomposition and interfaces consistency mentioned above, as well as creating a natural choke point which
facilitatessecurity. I advocate creating a second tier of views over the 'encapsulating' one (i.e. over the stable API)
forenforcing security policies, but in simple cases it is often easier to "do your grants" on the API. I find manageing
thedefinition of a views more versatile way to implement access control than making (and keeping track of) lots of fine
grainedGRANTS, which is why I like the second tier of views.
Deviation from abstrattion leads to complication, so apply these heuristics consistently and completely, if at all.
----
Manual page: http://wwwmaster.postgresql.org/docs/7.4/interactive/tutorial-views.html
Reject: http://wwwmaster.postgresql.org/admin/comments.php?action=reject&id=1964
Edit: http://wwwmaster.postgresql.org/admin/comment-edit.php?id=1964
Delete: http://wwwmaster.postgresql.org/admin/comments.php?action=delete&id=1964
