Hi,

Thanks for sharing this idea.

I'm confused about one point, and have a design question on another.

As for the confusion, it appears that you've disabled the security feature if someone inserts more than one row at a time in the same statement. Example: insert into some_table (col1,col2) select cola,colb from some_other_table.

Did I misunderstand that? If not, why limit the security?

As for the design question, why not create views to do the filtering against the table, and write the applicaitons to use the views, not the tables? The same filtering mechanism, the key table, would work.