I'm developing an application and trying to figure out a good way to restrict a user's access to data based on the content of particular fields. I'm sure there must be a standard way of doing this, but I don't know what it is.
An example might be, in the canonical CD database, having a user who can only see results where cd.genre = 'Folk', or where song.length < 10. My first thought was to have a table 'restrictions' with the userID and some element of a WHERE clause, e.g. "cd.genre = 'Folk'" hard-coded in it, and then when anyone issues a query, I grab everything matching their userID from the restrictions table, join it together, and stick it on to the end of the existing WHERE clause. But I'm worried that this will be vastly problematic if the structure of the tables change, or if I issue a query that turns out not to involve one of the tables (e.g. even if I usually expect queries to involve all the tables, I'll be stuck if I'm only querying the titles from the cd table and try to stick a 'song.length < 10' to the WHERE clause when I'm not querying from the song table). Is there some standard way of doing this? It doesn't necessarily have to be neat, in that I'm the only one in charge of the database and I'm willing to do something in a manner that's somewhat of a pain to work with. But I also don't want to do something that will be impossible to maintain or convert to a better way. I'm using Perl, if that matters. Thanks for any ideas, sql query. Jesse Sheidlower --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
