Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Puzzle - Hiding Data of some rows in a Table

RE: Puzzle - Hiding Data of some rows in a Table

From: Mark W. Farnham <>
Date: Mon, 16 Oct 2006 10:48:12 -0400
Message-ID: <010401c6f132$1baded80$0c00a8c0@Thing1>

It seems we'll be getting additional operational constraints as proposals are made that otherwise solve the problem.  

Will partitioning be allowed?

Will a one-time reorganization be allowed?

Will data movement when an account is promoted or demoted from VIP status be allowed? (Or is the design allowed to not account for that possibility?)  

If the questions are answered Y, Y, and (Y or Y), then you can probably figure out how to do it using partitioning and views where the pruning will be fast and smart for the view without the VIPs and you just add the restricted rows back in with a union all to an aggregated view of the VIP partition. Without partitioning you'd have to make the OLTP (insert, update, and delete functions) know whether the data is in the VIP or non-VIP table, and grant access to the general staff to only the aggregation views.  

Even this presumes that there are at least two oracle schema, being the "owner" running the programs that possibly change data and the general staff not being able to access unaggregated VIP rows.  


From: [] On Behalf Of VIVEK_SHARMA
Sent: Monday, October 16, 2006 8:25 AM
Subject: RE: Puzzle - Hiding Data of some rows in a Table  


Seems I have NOT communicated properly in the previous e-mail

Puzzle 1 - For a Banking Application, for certain V.I.P. Bank Accounts e.g. of the President of India (translating to respective rows in a set of Tables), a general Staff Official should NOT be able to View the respective Account info. But Bank-wide summation reports e.g. "Income & Expenditure Report of the Bank as a whole" when fired by the "same" person should consider the all the Data including those from the VIP Accounts too.  

General Staff may Number about 10,000 people spread across geographically dispersed Branches of the Bank.  

All Staff currently connect thru a common Oracle user & data is owned by a single (common) schema owner name.  

There is NO column for staff_id (Corresponding to each Bank Staff person) in the Tables currently which probably VPD needs, if I have interpreted VPD correctly.  

NOTE - Application is OLTP in nature with very High performance needs e.g. Current TPS (Trans/second) stands at a few thousand OLTP transactions.

Approx a few Million OLTP Transactions (e.g. Debit or Credit transactions to the Bank Accounts thru respective Staff & thru ATMs) are passed per day.  

Hence Auditing does NOT seem possible.  

Also Bank Staff Numbers keep changing with new inductions & attritions.  

Qs 1 Should the same be achieved thru suitable Application Design & Coding Or using some Database Feature is also an Option?  

Qs 2 Is row-level encrypting available in 10.2 & applicable to this situation?  

Thanks indeed

Received on Mon Oct 16 2006 - 09:48:12 CDT

Original text of this message