MySQL:如何做到行级安全(如Oracle的虚拟专用数据库)?
假设我有销售各种产品的供应商。因此,在基本层面上,我将有以下表格:vendor、product、vendor_product。
如果供应商 1 将 Widget 1 添加到 product 表中,我只希望供应商 1 能够看到该信息(因为该信息由供应商 1“拥有”)。供应商 2 也是如此。假设供应商 2 添加了 Widget 2,则只有供应商 2 应该看到该信息。
如果供应商 1 尝试添加供应商 2 已输入的 Widget 2,则不应在 product< 中为 Widget 2 创建重复条目/代码>表。这意味着,不知何故,我需要知道供应商 2 现在也“拥有”Widget 2。
一条信息拥有多个“所有者”的问题是如何处理所有者编辑/删除数据的问题。也许供应商 1 不再希望 Widget 2 对他/她可用,但这不一定适用于供应商 2。
最后,我希望能够将某些记录标记为“是的,我已经查看了这些数据并且它是正确的”,以便所有供应商都可以使用它。假设我将 Widget 1 标记为良好数据,那么所有供应商现在都应该可以看到该产品。
看来解决方案是行级安全性。问题是我不太熟悉它的概念或如何在 MySQL 中实现它。非常感谢任何帮助。谢谢。
注意:这个问题在这里有所讨论:数据库设计:使用复合密钥作为FK,标记数据进行共享?。当我问这个问题时,我不知道如何很好地表达这个问题。希望这次我能更好地解释我的问题。
Say that I have vendors selling various products. So, at a basic level, I will have the following tables: vendor, product, vendor_product.
If vendor-1 adds Widget 1 to the product table, I want only vendor-1 to see that information (because that information is "owned" by vendor-1). Same goes for vendor-2. Say vendor-2 adds Widget 2, only vendor-2 should see that information.
If vendor-1 tries to add Widget 2, which was already entered by vendor-2, a duplicate entry for Widget 2 should not be made in the product table. This means that, somehow, I need to know that vendor-2 now also "owns" Widget 2.
A problem with having multiple "owners" of a piece of information is how to deal owners editing/deleting the data. Perhaps vendor-1 no longer wants Widget 2 to be available to him/her, but that doesn't necessarily apply for vendor-2.
Finally, I want the ability to flag(?) certain records as "yes, I have reviewed this data and it is correct" such that it then becomes available to all the vendors. Say I flag Widget 1 as good data, that product should now be seen by all vendors.
It seems that the solution is row level security. The problem is that I'm not too familiar with its concepts or how to implement it in MySQL. Any help is highly appreciated. Thanks.
NOTE: this problem is somewhat discussed here: Database Design: use composite key as FK, flag data for sharing?. When I asked the question, I wasn't sure how to phrase the question very well. Hopefully, I explained my problem better this time.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
Mysql 本身不支持表的行级安全性。但是,您可以使用视图来实现它。因此,只需在表上创建一个视图,仅公开您希望给定客户端看到的行。然后,仅向客户端提供对这些视图的访问,而不是对基础表的访问。
请参阅http://www.sqlmaestro.com/resources/all/row_level_security_mysql/
Mysql doesn't natively support row level security on tables. However, you can sort of implement it with views. So, just create a view on your table that exposes only the rows you want a given client to see. Then, only provide that client access to those views, and not the underlying tables.
See http://www.sqlmaestro.com/resources/all/row_level_security_mysql/
您已经建议了供应商、产品和供应商_产品映射表。您希望供应商共享相同的产品(如果他们都想使用该产品),但您不希望出现重复的产品。正确的?
如果是这样,则在标识产品(产品名称?)的自然键上定义唯一索引/约束。
如果供应商添加了产品,但该产品不存在,请将其插入产品表中,并通过vendor_product 表将其映射到该供应商。
如果产品已存在,但映射到另一个供应商,则不要在产品表中插入任何内容,并添加另一个映射行,将新供应商映射到现有产品(以便现在该产品映射到两个供应商)。
最后,当供应商删除产品时,只需删除映射两者的vendor_product 引用即可,而不是实际删除它。最后,如果没有其他供应商仍在引用某个产品,您可以删除该产品。或者,您可以定期运行一个脚本来删除不再有供应商引用的所有产品。
最后,在产品表上有一个标志,表明您已经查看了该产品,然后使用类似的内容来查询给定供应商(我们会说供应商 ID 7)可查看的产品:
最后,如果产品是如果由多个供应商拥有,那么您可以禁止编辑,或者当其中一个拥有供应商尝试编辑该产品时,您可以将单个产品“拆分”为新的独特产品,并允许他们编辑自己的产品副本。不过,他们可能需要修改产品名称,除非您想出一些其他自然键来作为您独特约束的基础。
You already suggested a vendor, product and vendor_product mapping table. You want vendors to share the same product if they both want to use it, but you don't want duplicate products. Right?
If so, then define a unique index/constraint on the natural key that identifies a product (product name?).
If a vendor adds a product, and it doesn't exist, insert it into the product table, and map it to that vendor via the vendor_product table.
If the product already exists, but is mapped to another vendor, do not insert anything into the product table, and add another mapping row mapping the new vendor to the existing product (so that now the product is mapped to two vendors).
Finally, when a vendor removes a product, instead of actually removing it, just delete the vendor_product reference mapping the two. Finally, if no other vendors are still referencing a product, you can remove the product. Alternatively, you could run a script periodically that deletes all products that no longer have vendors referencing them.
Finally, have a flag on the product table that says that you've reviewed the product, and then use something like this to query for products viewable by a given vendor (we'll say vendor id 7):
Finally, if a product is owned by multiple vendors, then you can either disallow edits or perhaps "split" the single product into a new unique product when one of the owning vendors tries to edit it, and allow them to edit their own copy of the product. They would likely need to modify the product name though, unless you come up with some other natural key to base your unique constraint on.
在我看来,您想要标准化您的数据。您拥有的是一对多(供应商)的关系。我想说的是,大多数情况下关系是 1:1,而对于某些情况只有 1:n 并不重要 - 一般来说,它仍然是 1:n,因此您应该以这种方式设计数据库。基本布局可能是这样的:
更新:谁可以做什么是一个业务问题,因此您需要制定所有规则。在上面的结构中,您可以标记哪个供应商创建了该小部件。在所有权中,您可以标记所有权的状态,例如
您必须根据业务规则组成标记,然后相应地设计业务逻辑和数据访问部分。
This sounds to me that you want to normalize your data. What you have is a 1 (product) to many (vendors) relationship. That the relationship is 1:1 for most cases and only 1:n for some doesn't really matter I would say - in general terms it's still 1:n and therefor you should design your database this way. The basic layout would probably be this:
Update: The question of who is allowed to do what is a business problem so you need to have all the rules laid out. In the above structure you can flag which vendor created the widget. And in the ownership you can flag what the status of the ownership is, for example
You would have to make up the flags based on your business rules and then design the business logic and data access part accordingly.