[ic] Hierarchical catalogs

Chris Keane chris.keane at zzgi.com
Tue Aug 17 00:38:07 UTC 2010


Hey all,

We're looking at solving an interesting problem and I wanted to share it 
with you to see if anyone has a brainwave about a better way than the 
one we're currently pursuing.

We're building a system for an organization that has many subsidiaries. 
The organization wants visibility into the operation of all subsidiaries 
(or generally, the entire organization) but wants to compartmentalize 
the subsidiaries so that they can't see each  other.

Userdb is shared across all subsidiaries but only users who have 
actually logged in at a subsidiary are visible to that subsidiary. 
Similar with orders, etc.

We use Postgres.

We're currently planning to solve this using schemas, views and triggers.

Each subsidiary will be set up with their own catalog, all using a 
common database. Each catalog will be set to use a catalog-specific 
schema using DatabaseAuto, which contains a view of each table in the 
master database that basically adds condition to the select,
e.g. instead of

select blah from thing

selecting directly from a table we'll end up with a view called thing 
that implements something like (simplified)

select blah from masterdb.thing a, masterdb.permissions b
where a.key = b.key and
           b.subsidiary = 'this subsidiary' and
           b.perm = 'read';

We'll have insert, delete and update triggers on the view that similar 
check permission then apply the update to the masterdb.

Of course, all the views and triggers adds a whole new level of 
complexity that can add problems down the line, so we're looking at it 
every which way to make sure this is how we really want to do it.

Any thoughts about an easier way to accomplish compartmentalization 
while still allowing overall access?

Of course, then we need to figure out multi-master async replication! We 
love bucardo which is what we use now for 1 master/1 remote, but now 
we're talking multiple remotes for the single master... ugh.

Chris.




More information about the interchange-users mailing list