On Wed, Sep 24, 2008 at 11:13 PM, Casey Allen Shobe <casey@shobe.info> wrote:
On Sep 15, 2008, at 6:58 AM, David Fetter wrote:
Roles,
We have 'em.
We do NOT have secure application roles or anywhere near the level of configurability in security aspects as Oracle. We've got a great foundation, but we lack a lot of fine-grained granularity (e.g. an Oracle SAR can allow a role to execute a particular function based on the result of another function call or query, which has rather a lot of possibilities
but why would you put part of your business logic into some configuration tables while you could keep it in your own functions
- consider grant connect on database to staff when hour_of_day () between 9 and 6; also consider row-level and column-level and even field-level access controls).
It's complicated in Oracle, but there's a lot of possibilities there that we simply cannot reproduce. But this could be extended one day. :)
I see it as a strong side of PostgreSQL that we have not bloated our code with all this fancy micromanagement that seems too complex to be useful anyway considering that quality of Oracle database management tools :)
Cheers, -- Casey Allen Shobe Database Architect, The Berkeley Electronic Press
