Another possibility for ensuring data level access control is to implement
it on the db level using views and triggers. The beans pass user info to the
database (could be just user name if user is already authenticated). The
views can then filter the data so that one can only see the rows that their
user or group is allowed to see. The triggers can assure that only those
rows which the user has permission to update get updated, etc. Granted this
approach isn't particularly sexy, it does however have its benefits.
padraic hannon
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
