A Veil2 based relational security implementation
has the following advantages over a more traditional security
implementation:
by implementing data access controls in the database, your data can be protected even in the event of a breach of, or bugs in, your application or its server;
new functionality can be added to your application, without risk of impact to the underlying data security;
if you have multiple applications, the same restrictions can be applied universally, without having multiple implementations;
by building the security into the database relations themselves, access controls can be managed in a more natural way;
fine degrees of access control can be implemented without increasing the complexity of your application;
you will be able to implement a security model that is complete and about which you can reason;
most of the details of the access controls can be hidden from your application developers, potentially making their jobs easier
with Veil2 much of the hard work of dealing
with scopes, contexts, roles and privileges has already been
developed for you;
with Veil2 you have complete control of
your security implementation: you can customize and extend it
in any way you see fit.
Note that even though you no longer have to
implement access controls in your applications, your application
should be written to avoid any access that the database would
prevent. This is simply good practice. You should not allow
Veil2's presence to make your developers lazy.