Hi,

I am new to NHibernate and thinking of using it in one of my projects. One of the problem i found is that NHibernate requires direct delete and update access to the tables. I don't want to grant permissions on tables for everyone. With the stored proc approach, we can set the user accesses on queries to avoid unauthosized access to the tables. How can i do it in NHibernate?

Thanks for your help.

You can use custom sql statements for update/delete:

http://nhforge.org/doc/nh/en/index.html#querysql-cud

Why do you need to grant permissions for everyone? Can't you just grant permissions for the user you are using to access the Database?

I agree with this solution. In addition, it's usefull to create your own user/roles/permissions managemnt on the application level.

Keep in mind that your users will deal with application objects (which are not always just a reflection of database's counterparts), not database objects, so sooner or later you will have very complicated security management if you don't handle permissions in the right place.

[quote="wolli"]You can use custom sql statements for update/delete:

[url]http://nhforge.org/doc/nh/en/index.html#querysql-cud[/url][/quote]

Hi, thanks for your reply. Can you please give me more details on how to do this?

[quote="megacan"]Why do you need to grant permissions for everyone? Can't you just grant permissions for the user you are using to access the Database?[/quote]

Sorry for not making it clear. I don't want to grant update and delete permissions directly on tables. [/quote]

Hi minocan,

hjave a look at the link to the documentation in my posting, it's all there. I haven't used sp's myself with hibernate, so I can't give you more. But you can search the forum or the nhusers group at google.