On Sat, Jul 9, 2011 at 10:51 PM, Luke
<..hidden..> wrote:
On Sat, 9 Jul 2011, Chris Travers wrote:
> As I am starting into this there are a couple of necessary changes.
>
> The biggest is that rewrite rules are not going to be good ideas here.
> They effectively prevent permissions from being properly enforced on
> the DDL level. Triggers have the same problem. Therefore looking at
> requiring modules to have their own stored procs for inserting file
> attachments.
>
> I am not sure what happens with triggers and inheritance and so not
> going down that road, but using rewrite rules only.....
>
> Feedback on this would be appreciated.
Unfortunately, I at least can't provide any. I do not understand what you
mean by "rewrite rules".
Same here. I assume you mean the CREATE RULE statements, however, I have no experience with them.
All I can suggest, which you've probably already considered, is to push as
much functionality as high as possible, and enforce permissions by shell
procs at the module level. Keep the main logic above that.