IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Databases Forum / I found it interesting that Oracle Apps
Post #147,175
by ChrisR
3/19/04 11:15:55 PM
Reply
New I found it interesting that Oracle Apps
also didn't use the database's concept of user for the login to their ERP apps. For the benefits package that I wrote, I also used login and roles tables to define the access limits. I did, however, use stored procedures to enforce the read and write acess limits.

It doesn't really matter where or how you enforce these access rights, but they have to be enforced somewhere. The two most common methods are to either enforce them via stored procedures (or views or triggers), or to create a third tier to enforce them. Using stored procedures to filter all transactions provides the database with it's own defense mechanism. It means that no matter what kind of apps or programs are written to interface with the data, the database has a built in protection mechanism. Essentially it is an environment where the database is set up in an almost adversarial relationship with the users (both software developers and end users in this case). If you make the database just a repository that does not enforce the business rules, it means that you have to enforce them in all the applications that are written for the database (also taking care of killing connections from such sources as Excel and Access, as they will take down a database in nothing flat).

The other reason for using stored procedures has to do with transactional processing. Many of the transactions in a multiuser environment need to be done very fast - you don't want users stepping over each other. Stored Procs may be a pain to write and maintain, but their proximity to the database means that they can be used to write very fine grained transactions.

Of course, the downside is that filtering everything through Stored Procs also becomes a bottleneck for development. Many time you need new functionality, you have to rewrite the attached applications, as well as the SP's. In addition, the three most widely used procedural languages (PL/SQL, T-SQL and whatever it is they call the DB2 languae) are throwbacks to the early days of algol. Stuff you take for granted in most other languages is just not there. Not to mention that once you use a particular vendors procedural language, you've just significantly narrowed your market (at the exclusion of all other db vendor offerings).
Post #147,211
by mmoffitt
3/20/04 8:41:48 AM
Reply
New Well put.
Todd, I don't think I can add much more to what Chris said. Paragraph 2 above is a good explanation of why I do what I do with a database. My view is, and pretty much has always been, that while I cannot control what developers or users do, I can make a best effort to insure that the database has its own line of defense (if I protect the data at the source, my data integrity concerns are not then limited to what developers and/or users do).

bcnu,
Mikem

I don't do third world languages. So no, I don't do Java.
Post #147,217
by deSitter
Picture of deSitter
3/20/04 9:39:42 AM
Reply
New Re: I found it interesting that Oracle Apps
A database should be the ultimate black box. Why in practice does it always turn out so grey?
-drl
Post #147,378
by broomberg
3/21/04 1:22:19 AM
Reply
New Too flexible
A data base is an operating system that optimizes data access.
Will never be a black box.
Post #147,357
by tuberculosis
Picture of tuberculosis
3/20/04 10:41:25 PM
Reply
New Agree about making the db able to defend itself.
I do that primarily through foreign key constraints, delete rules, and triggers. I like those because they are freakin' hard to circumvent - even for a dba. sp's on the other hand could be called - or not - by the dba.

Query, update, and insert are typically handled by OR-mapping software. The developers see an object model in a language they expect and a relatively simple paradigm - edit objects, call save at appropriate places. Each save call results in a transaction.

Just my practice/preference.

The tree of research must from time to time be refreshed with the blood of bean counters.
     -- Alan Kay
     I don't get your rationale - (tuberculosis) - (10) - March 19, 2004, 05:29:42 PM EST
         It's not about untrusted users - (drewk) - (1) - March 19, 2004, 08:41:38 PM EST
             Who deletes? - (tuberculosis) - March 19, 2004, 10:46:02 PM EST
         Protect the data - (ChrisR) - (7) - March 19, 2004, 08:48:08 PM EST
             Logins - (tuberculosis) - (6) - March 19, 2004, 10:49:39 PM EST
                 our app is role based as well - (boxley) - March 19, 2004, 11:08:56 PM EST
                 I found it interesting that Oracle Apps - (ChrisR) - (4) - March 19, 2004, 11:15:55 PM EST
                     Well put. - (mmoffitt) - March 20, 2004, 08:41:48 AM EST
                     Re: I found it interesting that Oracle Apps - (deSitter) - (1) - March 20, 2004, 09:39:42 AM EST
                         Too flexible - (broomberg) - March 21, 2004, 01:22:19 AM EST
                     Agree about making the db able to defend itself. - (tuberculosis) - March 20, 2004, 10:41:25 PM EST

She says, "Hey, I really got to leave!" Dang!
86 ms