[
Lists Home |
Date Index |
Thread Index
]
It does add some overhead, but it also pays off in terms of affording rich
functionality. Our software is explicitly designed to support a vendor's
extranet for partners. The models for what privileges vendors wish to accord
to specific partners can get fairly complex, and would be unmanageable IMO
with a straightforward ACL model. The sort of business functionality
requires the sort of flexibilty that our model affords. The field level
security is accomplished by integrating it with our data access layer and
keeping developers from hitting the database directly. So the overhead is
largely just a matter of interpreting and reformulating SQL DML statements
(based on customizable business rules) rather than just passing them blindly
on through to the database.
> -----Original Message-----
> From: Bullard, Claude L (Len) [mailto:clbullar@ingr.com]
> Sent: Wednesday, February 20, 2002 1:40 PM
> To: 'Michael Brennan'; xml-dev@lists.xml.org
> Subject: RE: [xml-dev] SOAP-RPC and REST and security
>
>
> What is the impact on performance of implementing
> field level security? Module or record level, I
> can understand, but field level seems to be prohibitively
> expensive.
>
> len
>
> -----Original Message-----
> From: Michael Brennan [mailto:Michael_Brennan@Allegis.com]
>
> Beyond that, many systems need security models that go beyond
> simple ACLs. We have
> field-level security in our system, and ACLs don't cut it for
> that. I think
> that it is increasingly common for enterprise systems to use
> more dynamic,
> rule-based security systems, and evaluating the rules
> properly requires
> intimate knowledge of the internals of the system.
>
|