Changes

Securing MINT Domains

1,117 bytes added, 15:47, 23 September 2014
no edit summary
== Row-level security ==__NOEDITSECTION__
=== Use case description ===__NOEDITSECTION__
Let's assume the following:
* A simple domain on the activity (hazard reduction) object in the staging area has been implemented in MINT. An activity, such as a progress report, usually includes information on the organisation that has carried out the activity. An organisation can be a sub-organisation, so it is important to get the name of the parent organisation via a SQL query. Let's assume the derived table containing the parent organisation name is called ''parent_organisation'' and the attribute containing the name of the parent organisation is called ''parent''. Therefore, the full qualifier for this attribute is <pre>parent_organisation.parent</pre>.
* The NMAC staff should be able to access all the data in the domain, i.e. all the activities carried out by all organisations.
* There are two operators who are given access to MINT in general and this domain in particular: ''Operator1'' and ''Operator2''. However, there is the restriction that Operator1 should only see rows of activities carried out by Operator1. Similarly, Operator2 should only see rows of activities carried out by Operator2.
=== Implementation ===__NOEDITSECTION__
The definition of row-level access is implemented on the level of '''users'''.
1,068
edits