Re: Fine Grained Access

A simple-minded solution would be to create a two column User_Campus table - User, Campus (could be ID or Name, whatever works for your situation). Most folks would have one row in that table. The multi-Campus folks would have two or more. Your security predicate would be "Where Campus In (Select Campus from User_Campus Where User = <UserCapturedAt Logon>)".

The key to successful FGAC use is a flexible, table-driven security meta-data model. No hard-coding should ever be needed.

Jack C. Applewhite - Database Administrator Austin (Texas) Independent School District 512.414.9715 (wk) / 512.935.5929 (pager)

  I'm OK, you're OK - in small doses. -- Introverts' Motto

LeRoy Kemnitz <lkemnitz_at_uwsa.edu>
Sent by: oracle-l-bounce_at_freelists.org
04/05/2006 03:19 PM
Please respond to
lkemnitz_at_uwsa.edu

To
oracle-l_at_freelists.org
cc

Subject
Fine Grained Access

I am running 10.1.0.4 on Unix. I work with a university system involving 28 campuses. I am starting to use Fine Grained Access on my db.

I currently use the Predicate to inspect the login name in order to determine what records they see. I limit them to only see their own campus records. Works great. Well, now I have the situation where certain users will be required to administer records from multiple campuses. I could create group and add the users to the group. But that would mean hard coding the username in the functions. Not ideal. Any ideas or workarounds???

--

http://www.freelists.org/webpage/oracle-l

--

http://www.freelists.org/webpage/oracle-l Received on Wed Apr 05 2006 - 15:38:25 CDT