Good evening,

I have used Hibernate 2.1 in Java and am really excited by the availability of NHibernate. Thanks Sergey and team!

I would like to ask about strategies in existence for implementing solid row level access. E.g. I have a set of domain objects which require additional criteria in the 'WHERE' clause and/or joins in order to restrict the returned rows according to the logged-in user's privileges. E.g. a helpdesk ticket can always be modifiable by the submitter; or in a multi-tenancy system, a user can only access data in his company; etc.

I don't see a good programmatic way (unfortunately the Filter API is in Hib 3+ only) to do this. I don't want to filter on the app server, as illustrated by an old Hibernate/JAAS example; and I don't really want to pull apart HQL/criteria queries and modify them in a higher level insted. But I want to free application developers from having to always remember the dreaded row level access clauses to avoid them making mistakes.

Any pointers on a good way to do this?

Thanks all.

NAC


Hibernate version: 1.0.2

Name and version of the database you are using: SQL Server 2k