RFC: Security and Impersonation

A very useful feature in some database systems is the ability to restrict who can run certain external or stored procedures, and to grant extra access rights to users when they do run those procedures.

The usefulness of this may not be imediately obvious, but it is a very powerful feature, especially for preserving integrity and security:

Simple uses include:

1. Make all tables 'read-only', then all updates must happen through procedures. The procedures can make data-based security checks, and can ensure integrity.

2. Make some tables unreadable, then data can only be retrieved via procedures. Once again, data-based security can be achieved.

The way this is implemented it to specify that when a procedure is run by *any* user, the procedure runs with the access rights of another user/group/entity.

Procedures must also have security associated with them: it is necessary to grant 'execute' access on procedures to the users who need to execute them.

Since this *seems* like it is not likely to get too far into the internals of the optimizer, and seems to be an area that is not under active development by others, and since I am looking for a way to contribute to development, I would be interested in comments that:

1. Tell me if this is much bigger than I think it is.
2. Tell me if it sounds useful.
3. Is a good learning excercise.
4. If it is stepping on other people's toes.
5. How to do it 8-}

I look forward to comments and suggestions...I think.

----------------------------------------------------------------
Philip Warner | __---_____
Albatross Consulting Pty. Ltd. |----/ - \
(A.C.N. 008 659 498) | /(@) ______---_
Tel: +61-03-5367 7422 | _________ \
Fax: +61-03-5367 7430 | ___________ |
Http://www.rhyme.com.au | / \|
| --________--
PGP key available upon request, | /
and from pgp5.ai.mit.edu:11371 |/