Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: 9iR2, grant select on a column (without using views) using RL

Re: 9iR2, grant select on a column (without using views) using RL

From: Tanel Poder <tanel.poder.003_at_mail.ee>
Date: Sat, 23 Aug 2003 15:24:34 -0800
Message-ID: <F001.005CCB9D.20030823152434@fatcity.com>


RE: 9iR2, grant select on a column (without using views) using RLSHm, I think you can't use RLS to restrict access to columns of returned rows. You only can control which entire rows are returned (based on values of some columns).

You have to use views or application logic to control read access to specific columns.

Tanel.

  Use RLS ...

  Raj



  Rajendra dot Jamadagni at nospamespn dot com   All Views expressed in this email are strictly personal.   QOTD: Any clod can have facts, having an opinion is an art !

  -----Original Message-----
  From: rahul [mailto:rahul_at_infotech.co.id]   Sent: Saturday, August 23, 2003 2:34 AM   To: Multiple recipients of list ORACLE-L   Subject: 9iR2, grant select on a column (without using views) using RLS

  list, i'm ikn the process of designing security for a highly sensitive   schema for a bank,

  plan:
  have multiple oracle users, and use roles, and grant minimum required   privs, all the user/role/privs management coded in the application (with in   turn would create the db role and user etc)

  probolem:
  i cannot do a "grant select(col1)on tabname to role1", as select grant on a   column level is not supported, to workaround this i must

  1. use views and include all the columns granted seleted privs for a user, then give grant select on this view to user.
  2. somehow use RLS ??

  TIA   -Rahul

  --
  Please see the official ORACLE-L FAQ: http://www.orafaq.net   --
  Author: rahul
    INET: rahul_at_infotech.co.id

  Fat City Network Services    -- 858-538-5051 http://www.fatcity.com 
  San Diego, California        -- Mailing list and web hosting services 
  --------------------------------------------------------------------- 
  To REMOVE yourself from this mailing list, send an E-Mail message   to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in   the message BODY, include a line containing: UNSUB ORACLE-L   (or the name of mailing list you want to be removed from). You may   also send the HELP command for other information (like subscribing).

--

Please see the official ORACLE-L FAQ: http://www.orafaq.net
--

Author: Tanel Poder
  INET: tanel.poder.003_at_mail.ee

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Sat Aug 23 2003 - 18:24:34 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US