On 3/27/2012 2:41 PM, Mansour Al Akeel wrote:
Thank you Adrian.
I don't think a lot of developers will see an immediate gain. But in
the long run, it will be appreciated.
It allows us to introduce new functionality.
For example, in one of my previous emails, I pointed out the need
for a Record Level Security, like the one offered by Oracle DB and
recently by postgresql. Where the loged in user
have specific access to the data. The same principal, is used in most
NoSQL data bases.
My plan was to have an xml config file next to the entities (ie,
acl.xml), and restrict access based to entities I need.
The whole idea is, to appends some query parameters to calls to DB,
giving the application programmer a nice and
clean way to work with records.
If you want to restrict access to data based on a user login, then the
access control should be configured in the database - not in XML files.
I am not convinced that the type of security you describe should be
handled by the delegator. In most cases, that type of access control is
included in a broader set of business rules - so it should be
implemented in services.
-Adrian
