You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@openjpa.apache.org by Mansour Al Akeel <ma...@gmail.com> on 2012/02/28 00:14:58 UTC
Virtual Private Database
Hello all,
I read on this page
http://en.wikibooks.org/wiki/Java_Persistence/Advanced_Topics#Filters, some
thing about filters. My understanding is that it creates multiple view for
the database.
I need to implement row level security depending on the user reading the
data. I know this can be in done in the DAOs. But since this is going to be
done in many places I am searching for a better option. Another option is
to do it in Aspect Oriented way. For a moment I though about extending the
EntityManager, and do what I need there.
Still I believe using filters the way it's described, is a cleaner approach
for what I am doing and if I understand it correctly.
Another option is http://jpasecurity.sourceforge.net/.
My first question is, does openjpa has something similar ?
The second question, I didn't find anything about these data filters in the
specs. Which makes me conclude that it can not be done in a vendor neutral
way. Am I missing something ?
If anyone had experience with similar situation, please share.
Thank you.
Re: Virtual Private Database
Posted by Mansour Al Akeel <ma...@gmail.com>.
Ok, I am not sure if this approach is popular. In my opinion, it's not
portable to another RDBMs.
I don't think with JPA I should work with the DB directly.
Further more, it's not scalable, because each user has to has an open
connection to the DB.
On Tue, Feb 28, 2012 at 12:56 PM, Mario Ds Briggs
<ma...@in.ibm.com>wrote:
> I am referring to the scenario where a user is allowed to open a SQL prompt
> and directly access the table using say 'select * from TBLNAME'. Or another
> application also accesses the table
>
> Mario
>
>
>
> From: Mansour Al Akeel <ma...@gmail.com>
> To: users@openjpa.apache.org
> Date: 02/28/2012 10:39 PM
> Subject: Re: Virtual Private Database
>
>
>
> Mario,
> I don't understand what you mean by "one would need
> implement this at the database level".
>
> I know there are many ways to achieve what I want, but I don't understand
> your option.
> Can you please kindly, elaborate ?
>
>
>
> On Tue, Feb 28, 2012 at 12:07 AM, Mario Ds Briggs
> <ma...@in.ibm.com>wrote:
>
> > >>
> > Which makes me conclude that it can not be done in a vendor neutral
> > way. Am I missing something ?
> > <<
> >
> > Often the common requirement is that all/any/direct SQL access to
> database
> > should obey the security/access control rules. Therefore one would need
> > implement this at the database level, so that all SQL access is now
> > controlled rather than at the app level (and if you have done it at the
> > DB, you dont need to bother at the app). Of course if you are not
> bothered
> > about direct SQL access and only your app's access, then maybe u do what
> u
> > are trying
> >
> > Just my 2 cents
> >
> > Mario
> >
> >
> >
> > From: Mansour Al Akeel <ma...@gmail.com>
> > To: users@openjpa.apache.org
> > Date: 02/28/2012 04:45 AM
> > Subject: Virtual Private Database
> >
> >
> >
> > Hello all,
> >
> > I read on this page
> > http://en.wikibooks.org/wiki/Java_Persistence/Advanced_Topics#Filters,
> > some
> > thing about filters. My understanding is that it creates multiple view
> for
> > the database.
> > I need to implement row level security depending on the user reading the
> > data. I know this can be in done in the DAOs. But since this is going to
> be
> > done in many places I am searching for a better option. Another option is
> > to do it in Aspect Oriented way. For a moment I though about extending
> the
> > EntityManager, and do what I need there.
> > Still I believe using filters the way it's described, is a cleaner
> approach
> > for what I am doing and if I understand it correctly.
> >
> > Another option is http://jpasecurity.sourceforge.net/.
> >
> > My first question is, does openjpa has something similar ?
> > The second question, I didn't find anything about these data filters in
> the
> > specs. Which makes me conclude that it can not be done in a vendor
> neutral
> > way. Am I missing something ?
> >
> > If anyone had experience with similar situation, please share.
> >
> >
> > Thank you.
> >
> >
> >
>
>
>
Re: Virtual Private Database
Posted by Mario Ds Briggs <ma...@in.ibm.com>.
I am referring to the scenario where a user is allowed to open a SQL prompt
and directly access the table using say 'select * from TBLNAME'. Or another
application also accesses the table
Mario
From: Mansour Al Akeel <ma...@gmail.com>
To: users@openjpa.apache.org
Date: 02/28/2012 10:39 PM
Subject: Re: Virtual Private Database
Mario,
I don't understand what you mean by "one would need
implement this at the database level".
I know there are many ways to achieve what I want, but I don't understand
your option.
Can you please kindly, elaborate ?
On Tue, Feb 28, 2012 at 12:07 AM, Mario Ds Briggs
<ma...@in.ibm.com>wrote:
> >>
> Which makes me conclude that it can not be done in a vendor neutral
> way. Am I missing something ?
> <<
>
> Often the common requirement is that all/any/direct SQL access to
database
> should obey the security/access control rules. Therefore one would need
> implement this at the database level, so that all SQL access is now
> controlled rather than at the app level (and if you have done it at the
> DB, you dont need to bother at the app). Of course if you are not
bothered
> about direct SQL access and only your app's access, then maybe u do what
u
> are trying
>
> Just my 2 cents
>
> Mario
>
>
>
> From: Mansour Al Akeel <ma...@gmail.com>
> To: users@openjpa.apache.org
> Date: 02/28/2012 04:45 AM
> Subject: Virtual Private Database
>
>
>
> Hello all,
>
> I read on this page
> http://en.wikibooks.org/wiki/Java_Persistence/Advanced_Topics#Filters,
> some
> thing about filters. My understanding is that it creates multiple view
for
> the database.
> I need to implement row level security depending on the user reading the
> data. I know this can be in done in the DAOs. But since this is going to
be
> done in many places I am searching for a better option. Another option is
> to do it in Aspect Oriented way. For a moment I though about extending
the
> EntityManager, and do what I need there.
> Still I believe using filters the way it's described, is a cleaner
approach
> for what I am doing and if I understand it correctly.
>
> Another option is http://jpasecurity.sourceforge.net/.
>
> My first question is, does openjpa has something similar ?
> The second question, I didn't find anything about these data filters in
the
> specs. Which makes me conclude that it can not be done in a vendor
neutral
> way. Am I missing something ?
>
> If anyone had experience with similar situation, please share.
>
>
> Thank you.
>
>
>
Re: Virtual Private Database
Posted by Mansour Al Akeel <ma...@gmail.com>.
Mario,
I don't understand what you mean by "one would need
implement this at the database level".
I know there are many ways to achieve what I want, but I don't understand
your option.
Can you please kindly, elaborate ?
On Tue, Feb 28, 2012 at 12:07 AM, Mario Ds Briggs
<ma...@in.ibm.com>wrote:
> >>
> Which makes me conclude that it can not be done in a vendor neutral
> way. Am I missing something ?
> <<
>
> Often the common requirement is that all/any/direct SQL access to database
> should obey the security/access control rules. Therefore one would need
> implement this at the database level, so that all SQL access is now
> controlled rather than at the app level (and if you have done it at the
> DB, you dont need to bother at the app). Of course if you are not bothered
> about direct SQL access and only your app's access, then maybe u do what u
> are trying
>
> Just my 2 cents
>
> Mario
>
>
>
> From: Mansour Al Akeel <ma...@gmail.com>
> To: users@openjpa.apache.org
> Date: 02/28/2012 04:45 AM
> Subject: Virtual Private Database
>
>
>
> Hello all,
>
> I read on this page
> http://en.wikibooks.org/wiki/Java_Persistence/Advanced_Topics#Filters,
> some
> thing about filters. My understanding is that it creates multiple view for
> the database.
> I need to implement row level security depending on the user reading the
> data. I know this can be in done in the DAOs. But since this is going to be
> done in many places I am searching for a better option. Another option is
> to do it in Aspect Oriented way. For a moment I though about extending the
> EntityManager, and do what I need there.
> Still I believe using filters the way it's described, is a cleaner approach
> for what I am doing and if I understand it correctly.
>
> Another option is http://jpasecurity.sourceforge.net/.
>
> My first question is, does openjpa has something similar ?
> The second question, I didn't find anything about these data filters in the
> specs. Which makes me conclude that it can not be done in a vendor neutral
> way. Am I missing something ?
>
> If anyone had experience with similar situation, please share.
>
>
> Thank you.
>
>
>
Re: Virtual Private Database
Posted by Mario Ds Briggs <ma...@in.ibm.com>.
>>
Which makes me conclude that it can not be done in a vendor neutral
way. Am I missing something ?
<<
Often the common requirement is that all/any/direct SQL access to database
should obey the security/access control rules. Therefore one would need
implement this at the database level, so that all SQL access is now
controlled rather than at the app level (and if you have done it at the
DB, you dont need to bother at the app). Of course if you are not bothered
about direct SQL access and only your app's access, then maybe u do what u
are trying
Just my 2 cents
Mario
From: Mansour Al Akeel <ma...@gmail.com>
To: users@openjpa.apache.org
Date: 02/28/2012 04:45 AM
Subject: Virtual Private Database
Hello all,
I read on this page
http://en.wikibooks.org/wiki/Java_Persistence/Advanced_Topics#Filters, some
thing about filters. My understanding is that it creates multiple view for
the database.
I need to implement row level security depending on the user reading the
data. I know this can be in done in the DAOs. But since this is going to be
done in many places I am searching for a better option. Another option is
to do it in Aspect Oriented way. For a moment I though about extending the
EntityManager, and do what I need there.
Still I believe using filters the way it's described, is a cleaner approach
for what I am doing and if I understand it correctly.
Another option is http://jpasecurity.sourceforge.net/.
My first question is, does openjpa has something similar ?
The second question, I didn't find anything about these data filters in the
specs. Which makes me conclude that it can not be done in a vendor neutral
way. Am I missing something ?
If anyone had experience with similar situation, please share.
Thank you.