At 10:51 23/07/99 -0400, you wrote:
>
>We have some of this, I think, from ACLs on tables and views. But
>as far as I know there is not a notion of a "suid view", one with
>different privileges from its caller. It sounds like a good thing
>to work on. Is there any standard in the area?
>
I'll look through the SQL3 stuff, and see what I can find.
I've now done this,and it's in the SQL3 standard. It is implemented via
Modules. The idea being that all routines (procedures and functions) apear
in a module, and that the module can have a 'Module Authorization
Identifier'. The syntax is:
Create Module MY_MODULE Language SQLAuthorization SOME_ID
Procedure Some_Procedure....
...etc
End Module;
If the auth. ID is specified, then (quoting from the standard p. 95):
"... that <module authorization identifier> is used as the current <authorization identifier> for
theexecution of all <routine>s in the <module>. If the <module authorization identifier> is not specified, then
theSQL-session <authorization identifier> is used as the current <authorization identifier> for the
executionof each <routine> in the <module>.
Let me know if you want to know more. The relevant standard can be found at:
ftp://gatekeeper.dec.com/pub/standards/sql/sql-foundation-aug94.txt
----------------------------------------------------------------
Philip Warner | __---_____
Albatross Consulting Pty. Ltd. |----/ - \
(A.C.N. 008 659 498) | /(@) ______---_
Tel: +61-03-5367 7422 | _________ \
Fax: +61-03-5367 7430 | ___________ |
Http://www.rhyme.com.au | / \| | --________--
PGP key available upon request, | /
and from pgp5.ai.mit.edu:11371 |/
