> > @ Massimo, column-value-based permission would be very useful in > situations like a data-mart where different users share same table but > should not be allowed to see each other's data. Access control in > auth_permission would only need to be in one place, but if done through the > controller it introduces more opportunity for programmer error to expose > sensitive data in many places if there are many controller functions for > various purposes accessing the table throughout the app. Think of a police > or intelligence app where all persons are in one table but only want secret > operatives revealed to restricted group. Or state licensing boards sharing > same data but should not be allowed to view each other's licensee SSNs and > investigative data. >
Note, you can handle that with a common filter on the table: http://web2py.com/books/default/chapter/29/06/the-database-abstraction-layer#Common-filters. You can define the common filter based on the user's roles and/or permissions. Anthony -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.