Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: 9iR2, grant select on a column (without using views) using RLS

Re: 9iR2, grant select on a column (without using views) using RLS

From: Yechiel Adar <adar76_at_inter.net.il>
Date: Sun, 24 Aug 2003 01:54:32 -0800
Message-ID: <F001.005CCC79.20030824015432@fatcity.com> 





Have you thought about encrypting those  sensitive columns?



The user will need select decrypt(balance) to see the content.



Then you grant execute on decrypt only to privileged users.



Yechiel Adar


Mehish


----- Original Message -----


To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
Sent: Saturday, August 23, 2003 8:34 AM




> list, i'm ikn the process of designing security for a highly sensitive

> schema for a bank,

>

> plan:

> have multiple oracle users, and use roles, and grant minimum required

> privs, all the user/role/privs management coded in the application (with

in


> turn would create the db role and user etc)

>

> probolem:

> i cannot do a "grant select(col1)on tabname to role1", as select grant on

a


> column level is not supported, to workaround this i must

>

> 1) use views and include all the columns granted seleted privs for a user,

> then give grant select on this view to user.

>

> 2) somehow use RLS ??

>

> TIA


>

> -Rahul

>

> --

> Please see the official ORACLE-L FAQ: http://www.orafaq.net

> --

> Author: rahul

>   INET: rahul_at_infotech.co.id

>

> Fat City Network Services    -- 858-538-5051 http://www.fatcity.com

> San Diego, California        -- Mailing list and web hosting services

> ---------------------------------------------------------------------

> To REMOVE yourself from this mailing list, send an E-Mail message

> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in

> the message BODY, include a line containing: UNSUB ORACLE-L

> (or the name of mailing list you want to be removed from).  You may

> also send the HELP command for other information (like subscribing).



-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Yechiel Adar
  INET: adar76_at_inter.net.il

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Sun Aug 24 2003 - 04:54:32 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US