Re: Record Level Security
From: Umachandar Jayachandran (please_reply_to_newsgroup_only)
Date: 01/01/03
- Next message: Narayana Vyas Kondreddi: "Re: Record Level Security"
- Previous message: Joubert Nel: "Re: Encryption of Connection String"
- In reply to: Pat Diminico: "Re: Record Level Security"
- Next in thread: John Bell: "Re: Record Level Security"
- Reply: John Bell: "Re: Record Level Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Umachandar Jayachandran" <please_reply_to_newsgroup_only> Date: Wed, 1 Jan 2003 09:02:54 -0800
You don't want to use a UDF for this. There is no reason to do that.
Just define a view with the required filters in place. This is more portable
& easy to use/optimize. Additionally, you can put the WITH CHECK OPTION on
the view that will prevent users without permission to see other data from
updating it. With the UDF, there is a security hole & I can update other
users' data if I have permissions on the tables. With UDFs, you also need to
be careful about how you write it. If you change it to non-inline, then you
will have severe performance problems.
-- Umachandar Jayachandran SQL Resources at http://www.umachandar.com/resources.htm ( Please reply only to newsgroup. )
- Next message: Narayana Vyas Kondreddi: "Re: Record Level Security"
- Previous message: Joubert Nel: "Re: Encryption of Connection String"
- In reply to: Pat Diminico: "Re: Record Level Security"
- Next in thread: John Bell: "Re: Record Level Security"
- Reply: John Bell: "Re: Record Level Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
