At 10:51 23/07/99 -0400, you wrote:
>
>We have some of this, I think, from ACLs on tables and views. But
>as far as I know there is not a notion of a "suid view", one with
>different privileges from its caller. It sounds like a good thing
>to work on. Is there any standard in the area?
>
I don't know - I'll look into it. The only system I know that implements
this is Dec Rdb, and according to the manuals, is not part of standard SQL.
The way they do it is to define 'modules' with more than one procedure, and
all procedures in the module can have an 'Authorization ID' set, which
means that when the module is run, the access levels of that ID are used.
Moreover, CURRENT_USER returns the Auth. ID, not the actual user, and they
define SESSION_USER which returns the actual user.
My preference is for CURRENT_USER to *always* return the current user, and
to define another name (AUTHORIZATION_USER?) to return the dominant Auth ID.
I'll look through the SQL3 stuff, and see what I can find.
----------------------------------------------------------------
Philip Warner | __---_____
Albatross Consulting Pty. Ltd. |----/ - \
(A.C.N. 008 659 498) | /(@) ______---_
Tel: +61-03-5367 7422 | _________ \
Fax: +61-03-5367 7430 | ___________ |
Http://www.rhyme.com.au | / \| | --________--
PGP key available upon request, | /
and from pgp5.ai.mit.edu:11371 |/
