Comment 1964 added to page tutorial-views.html of version 7.4

Author: Chris Gough <chris(at)goughcorp(dot)com>
----
Consider the heuristic "Never let your users query your data directly from the tables, only ever through views", and it's companion "Never let your users manilulate your data directly, only ever via stored procedures".

If you follow this advice, then you will have all the benefits of data encapsulation. These include the simplified query composition and interfaces consistency mentioned above, as well as creating a natural choke point which facilitates security. I advocate creating a second tier of views over the 'encapsulating' one (i.e. over the stable API) for enforcing security policies, but in simple cases it is often easier to "do your grants" on the API. I find manageing the definition of a views more versatile way to implement access control than making (and keeping track of) lots of fine grained GRANTS, which is why I like the second tier of views.

Deviation from abstrattion leads to complication, so apply these heuristics consistently and completely, if at all.
----
Manual page: http://wwwmaster.postgresql.org/docs/7.4/interactive/tutorial-views.html
Reject: http://wwwmaster.postgresql.org/admin/comments.php?action=reject&id=1964
Edit: http://wwwmaster.postgresql.org/admin/comment-edit.php?id=1964
Delete: http://wwwmaster.postgresql.org/admin/comments.php?action=delete&id=1964