New Posts New Posts RSS Feed: Row-level security
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

Row-level security
 Post Reply Post Reply
Author
  Share Topic Share Topic  Topic Search Topic Search  Topic Options Topic Options
jeremy.wiebe View Drop Down
Newbie
Newbie
Avatar

Joined: 02-Apr-2008
Location: Canada
Posts: 2 		Post Options Post Options   Quote jeremy.wiebe Quote  Post ReplyReply Direct Link To This Post Topic: Row-level security
    Posted: 02-Apr-2008 at 10:06am
I'm in the process of evaluating DevForce and have a question regarding security.   Is it possible, through the DevForce framework, to implement Row-level security.  What I'm after is being able to pass the identity down with a query and then filter the data so that only the data that the identity has access to is returned.

Are there hooks in the BOS to customize the query (either the SQL or "object query)?

Thanks.
Back to Top
GregD View Drop Down
IdeaBlade
IdeaBlade
Avatar

Joined: 09-May-2007
Posts: 374 		Post Options Post Options   Quote GregD Quote  Post ReplyReply Direct Link To This Post Posted: 02-Apr-2008 at 1:49pm
>>
I'm in the process of evaluating DevForce and have a question regarding security.   Is it possible, through the DevForce framework, to implement Row-level security.  What I'm after is being able to pass the identity down with a query and then filter the data so that only the data that the identity has access to is returned.

Are there hooks in the BOS to customize the query (either the SQL or "object query)?
<<
 
DevForce provides a QuerySecurityCheck() method which, when overridden on an Entity type (e.g., Customer), acts as an interception point in the submission of a query. It runs server-side and has access to the EntityQuery object that defines the query. It can add a clause to that query before it is ever turned into SQL and submitted to the database.
 
A similar operation can be performed client-side with a handler for the PersistenceManager.Fetching event. 
 
For situations where the filtering is too complicated to express as a query clause, a handler for the client-side PersistenceManager.Fetched event can iterate through the returned entities and eliminate any it needs to, so that they do not end up in the client-side cache.
 
Greg Dunn
IdeaBlade
 
 
Back to Top
jeremy.wiebe View Drop Down
Newbie
Newbie
Avatar

Joined: 02-Apr-2008
Location: Canada
Posts: 2 		Post Options Post Options   Quote jeremy.wiebe Quote  Post ReplyReply Direct Link To This Post Posted: 03-Apr-2008 at 7:35am
Thanks.   That's what I was looking for!  Smile
Back to Top
alipoland View Drop Down
Newbie
Newbie
Avatar

Joined: 06-Mar-2009
Location: Poland
Posts: 19 		Post Options Post Options   Quote alipoland Quote  Post ReplyReply Direct Link To This Post Posted: 07-Mar-2009 at 1:33pm
and how about field-kevel security please?
Back to Top
GregD View Drop Down
IdeaBlade
IdeaBlade
Avatar

Joined: 09-May-2007
Posts: 374 		Post Options Post Options   Quote GregD Quote  Post ReplyReply Direct Link To This Post Posted: 10-Mar-2009 at 2:26pm
Originally posted by alipoland

and how about field-kevel security please?


You can write get and set property interceptors to check IsInRole() on the current Principal (System.Threading.Thread.CurrentPrincipal) and intervene as desired in the value returned from the get or received by the set.
Back to Top
alipoland View Drop Down
Newbie
Newbie
Avatar

Joined: 06-Mar-2009
Location: Poland
Posts: 19 		Post Options Post Options   Quote alipoland Quote  Post ReplyReply Direct Link To This Post Posted: 10-Mar-2009 at 11:45pm
Thanks Gregs, Does or will Ideablade have a module that implements admin-confingurable security? It seems very generic requirement that many would need similar to StartaFrame Role-based Security tool.
Back to Top
GregD View Drop Down
IdeaBlade
IdeaBlade
Avatar

Joined: 09-May-2007
Posts: 374 		Post Options Post Options   Quote GregD Quote  Post ReplyReply Direct Link To This Post Posted: 11-Mar-2009 at 3:58pm
Originally posted by alipoland

Thanks Gregs, Does or will Ideablade have a module that implements admin-confingurable security? It seems very generic requirement that many would need similar to StartaFrame Role-based Security tool.


We currently have no active plans for such a module, though we have talked about it. It just hasn't bubbled up the priority tree quite high enough yet.
Back to Top
alipoland View Drop Down
Newbie
Newbie
Avatar

Joined: 06-Mar-2009
Location: Poland
Posts: 19 		Post Options Post Options   Quote alipoland Quote  Post ReplyReply Direct Link To This Post Posted: 13-Mar-2009 at 12:02am

Thanks Greg for your honest and direct reply and maybe its time for a vote from the community for such built-in functionality :)

In all cases I see DevForce as a true ORM with full object-graphs while the both StrataFrame and Mere Mortals .NET are simple 1-1 table-to-class mappers with no relationship modelling at all. Their apprach indeed performs faster than DevForce but it leaves lots of plumming for the developer to do manually.

For a better-of-both-worlds solution, I'd choose your Classic version over the EF or the upcoming Silverlight one providing it offers a painless migration path to EF/SL3 in the future.
 
Any thoughts on how easy/difficult this migration might be, Greg?
 
Thanks once again for allowing me to share my direct comparisons with the community rather than all the marketing hypes :)
 
 
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down