Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Fwd: Re: Security Issue in Oracle 9.2.0.3 DB

Fwd: Re: Security Issue in Oracle 9.2.0.3 DB

From: Charlotte Hammond <charlottejanehammond_at_yahoo.com>
Date: Wed, 20 Oct 2004 02:56:56 -0700 (PDT)
Message-ID: <20041020095656.37056.qmail@web20702.mail.yahoo.com>


Hi,  

Too fast: when I first read this I thought you meant that company A & B used data in the same tables. Reading it again it looks like you have different tables for each customer? If the application is identical then _maybe_ you should combine the data into one version of each table and use FGAC.  

Otherwise if these are structurally different tables (a different application) then you can simply use roles to grant the required privileges. Putting them in different schemas would make it easier to manage / understand.  

I suggest reviewing the "Privileges, Roles and Security" chapter of the Concepts Manual.  

Note: forwarded message attached.                 



Do you Yahoo!?
vote.yahoo.com - Register online to vote today!

Received: from [212.20.232.220] by web20701.mail.yahoo.com via HTTP; Wed, 20 Oct 2004 02:45:50 PDT Date: Wed, 20 Oct 2004 02:45:50 -0700 (PDT) From: Charlotte Hammond <charlottejanehammond_at_yahoo.com> Subject: Re: Security Issue in Oracle 9.2.0.3 DB To: ORACLE-L <oracle-l_at_freelists.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-31696777-1098265550=:62420" Content-Length: 1035

--0-31696777-1098265550=:62420
Content-Type: text/plain; charset=us-ascii

Hi,  

If your application is simple/small enough (and you really only have A & B and this will never grow to include C, D, E etc) then you should be able to do what you need simply using Views and granting security on the Views (use the CHECK option to prevent A updating data belonging to B and vice versa).  

For anything more complex you should look at Fine-Grained Access Control (FGAC) in the manuals. This uses the DBMS_RLS package to define access policies for tables.  

Hope this helps,
- Charlotte  

dear friends
we have one database on oracle9.2.0.3 and we have two compnies (Say A and B) both are using the same database . Now i want that A employess should not able to view or select or update or insert any thing on B releted tables . and vice versa ..
please guide me
With Best Wishes & Prayers,
Abhishek Saxena.
Mail - abhisheks_at_kpitcummins.com
Tel - +91 20 25458277.
Mob - +91 20 33306103.
www.kpitcummins.com
(A SEI CMM Level 5 Company)                 



Do you Yahoo!?
Express yourself with Y! Messenger! Free. Download now. --0-31696777-1098265550=:62420
Content-Type: text/html; charset=us-ascii

<DIV>Hi,</DIV>
<DIV>&nbsp;</DIV>
<DIV>If your application is simple/small enough (and you really only have A &amp; B and this will never grow to include C, D, E etc) then you should be able to do what you need simply using Views and granting security on the Views (use the CHECK option to prevent A updating data belonging to B and vice versa).</DIV>
<DIV>&nbsp;</DIV>
<DIV>For anything more complex you should look at Fine-Grained Access Control (FGAC) in the manuals.&nbsp; This uses the DBMS_RLS package to define access policies for tables.&nbsp;&nbsp;&nbsp; </DIV>
<DIV>&nbsp;</DIV>
<DIV>Hope this helps,</DIV>
<DIV>- Charlotte</DIV>
<DIV>&nbsp;</DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV>dear friends<BR>we have one database on oracle9.2.0.3 and we have two compnies (Say A and B) both are using the same database .<BR>Now i want that A employess should not able to view or select or update or insert any thing on B releted tables .<BR>and vice versa ..<BR>please guide me<BR>With Best Wishes &amp; Prayers,<BR>Abhishek Saxena.<BR>Mail - <A href="mailto:abhisheks@kpitcummins.com">abhisheks@kpitcummins.com</A><BR>Tel - +91 20 25458277.<BR>Mob - +91 20 33306103.<BR><A href="http://www.kpitcummins.com">www.kpitcummins.com</A><BR>(A SEI CMM Level 5 Company)</DIV></BLOCKQUOTE><p>

                <hr size=1>Do you Yahoo!?<br>
Express yourself with Y! Messenger! Free. <a href="http://us.rd.yahoo.com/mail_us/taglines/msgr/evt=26089/*http://messenger.yahoo.com">Download now</a>. --0-31696777-1098265550=:62420--

--
http://www.freelists.org/webpage/oracle-l
Received on Wed Oct 20 2004 - 04:52:33 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US