Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Revoke Delete

RE: Revoke Delete

From: Jack C. Applewhite <japplewhite_at_inetprofit.com>
Date: Tue, 27 Nov 2001 15:22:36 -0800
Message-ID: <F001.003CE42F.20011127145518@fatcity.com>

Actually, you can. Use FGAC (Fine-Grained Access Control) and you can put a Policy in place on a table that even the table owner can't bypass - even System can't bypass. Only Sys can bypass FGAC policies - and the owner of the security schema in which you place the Policy functions.

I've used FGAC and Application Context successfully to enforce complex security, but the more I think about it, you could really do some fiendish tricks with it - if you were the fiendish kind. ;-)

Jack



Jack C. Applewhite
Database Administrator/Developer
OCP Oracle8 DBA
iNetProfit, Inc.
Austin, Texas
www.iNetProfit.com
japplewhite_at_inetprofit.com
(512)327-9068

-----Original Message-----
Baumgartel
Sent: Tuesday, November 27, 2001 3:55 PM To: Multiple recipients of list ORACLE-L

You can't revoke the ability to delete from the schema owner. You could revoke CREATE SESSION from the schema owner, but that doesn't solve the problem of DBA-privileged accounts being able to delete.

I'm guessing that this is a perfect opportunity to use an "INSTEAD OF" trigger.


Do You Yahoo!?
Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Paul Baumgartel
  INET: treegarden_at_yahoo.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Jack C. Applewhite
  INET: japplewhite_at_inetprofit.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Tue Nov 27 2001 - 17:22:36 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US