Home Projects Jobs Clientele Contact


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: UU Database

The requirement to verify the stored procs integrity is very
important. If the server doesn't support such checks - it's pretty
difficult to enforce. Such checks normally should cut-off the
debugging time, making some errors to popup during the procedure
creation (instead of run-time). The alternative is - to write a
minimal test that should run one proc or a small group of the procs
after any changes in stored procedures. That should be doable, even if
I didn't do that before.

The role in traditional databases is a set of access rights. It allows
to work with few roles 3..15, normally, instead of people, and really
simplifies the access maintenance. Instead of working with teachers
John, Ben, and Alex, and admins Dick, Jane, and Bob - we just grant
the access to DB objects to teacher and/or admin roles, and grant
these roles to the people. If server doesn't support it, it would be a

BTW, if server doesn't support both procs integrity and roles - may be
we are using the wrong server.

2006/4/12, Ilya A. Volynets-Evenbakh <ilya@total-knowledge.com>:
> Hi All!
> HSquirrel started database design page
> (http://www.total-knowledge.com/wiki/index.php/UU_Database).
> Please review and comment.
> From my side, I like the policies set in there, and agree to most
> of them. I especially like access logging part, as for me it would
> have only been an afterthought, which would be pain to implement
> if it were added in the end. Only thing that I have my doubts about
> is requirement for stored procedure language to have integrity
> check. I suspect PostgreSQL doesn't support any such language.
> We might end up writing our own validation tool eventually
> instead.
> Only only really questionable point is the last one - access roles.
> What is meant  by that? The way I saw the secrity ACLs was just
> separate access lists for each specific object, with whatever
> rights granularity we want (i.e. - someone might have "read, comment"
> rithgts, while someone else "read,solve" rights, etc...)
> Role in this scenario could be just standart set of rights, for ease
> of management. Is this what you meant, or is it something
> different?
> --
> Ilya A. Volynets-Evenbakh
> Total Knowledge. CTO
> http://www.total-knowledge.com

Alexey Parshin,

Authoright © Total Knowledge: 2001-2008