Hello,
I would like to use NHibernate Filters to hide some rows from users, according to different permission sets.
Can I call a stored procedure from the filter?
Are there any scenarios in which a filter won't filter records, or will cause an error?
Thanks!
No you can't. The filter is translated into part of the WHERE clause of a SQL statement.
Not sure what you mean - if the filter is correct and is applied it will work, it's not a half-baked feature...
David M already answered the question but I would like to add one thing:
You don't specify your database, but since you mention "stored procedure" I'm going to assume it's SQL Server. In which case, Views are a more reliable tool for solving this problem.
It's up to you of course, but the way I see it is - why use a fragile security model at the app level (oops, forgot to enable the filter here) when you can use strong security at the database level? If you set specific permissions on specific views then it's virtually impossible for a bug to lead to a security hole.