Thanks very much for those info.
From what I read, I think Veil will do the trick.
I already use ROLES, but there are a few probems with them :
- first, as I mix the data from different users in the same table, ROLES do not solve the complete problem.
- second, this forces me to use a dedicated postgresql connection for each user, which on a large accessed database, could be a big problem.
If what I read from Veil is exact, it allows determining access rules from SELECT statements, which is what I am currently performing with the "current_user()". A typical view in my system is declared like this :
CREATE VIEW "AgendaCurrentlyDisplayedReadableView" AS
SELECT "AgendaAccessRights"."AgendaID" FROM "AgendaAccessRights" WHERE (("AgendaAccessRights"."ClientID" = (SELECT "Clients"."ID" FROM "Clients" WHERE "Clients"."Login" = "current_user"())) AND ("AgendaAccessRights"."IsDisplayed" = true));
My understanding is that veil will allow me to perform stuff like that, but without using the "current_user()" stuff. And, if I still understand correctly, the Veil serialisation functions will allow me to quickly switch from one user to the other with keeping the same database connection.
Am I right or is there something I did not understood ?
Second question : does Veil has a big impact on database performances ?
Regards,
Brice
