Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Fooling with roles

Re: Fooling with roles

From: Ron Rogers <RROGERS_at_galottery.org>
Date: Mon, 14 Aug 2000 09:49:47 -0400
Message-Id: <10589.114493@fatcity.com> 





You can create the roles you need role1,role2,role3,etc and assigh =
different privileges to each role and then grant the roles to each other =
up the chain.


As example;


grant select any table to role1,


grant delete any table to role2.


grant role1 to role2.


role1 can select but not delete and role2 can select and delete.
Hope this helps.


Ron Rogers


DBA OCP



Atl.GA



>>> ismgr_at_pctc.com 08/11/00 08:01PM >>>



I'm starting to paper-design our security layout for some new software. =
Our


plan is to assign people levels of security, like AP(1-9), ISSUING(1-9),
RECEIVABLES(1-9), HR(1-9), etc etc. There's nothing special about the =
range


1-9, just seems intuitive.


Each level will be a superset of the one below it, i.e. each level =
includes


all the privileges of all levels below. People will have multiple
clearances (because we're a small company), so someone might be an HR-2, =
an


AR-4, an AP-1, etc.



I'm planning to create a ROLE for each level of each security type. I have
the following questions and concerns...



    
  
  1.   Can I explicitly include a lower role in a higher role? For instance,
can I define AR-2 as AR-1 + some new privileges? I don't mean conceptually,=






I mean can I actually define AR-2 in Oracle as AR-1 + some more stuff, =
such


that if I add a privilege to AR-1, it automatically propagates up the =
chain?



2) If not, I'll have to either explicitly assign increasingly larger sets
of privileges to higher roles, or I'll have to assign a given role plus =
all


below it to each user. Which way is more efficient? Or more to the point,
which one is *less* efficient?


---
Dennis Taylor
---
The opinions expressed herein are mine. Get your own opinions!
---
--=20
Author: Dennis Taylor
  INET: ismgr_at_pctc.com=20

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Mon Aug 14 2000 - 08:49:47 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US