Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: RAC 10G for different companies with one shared database and label security

RE: RAC 10G for different companies with one shared database and label security

From: Christian Antognini <Christian.Antognini_at_trivadis.com>
Date: Fri, 4 May 2007 11:13:39 +0200
Message-ID: <F2C9CCA71510B442AF71446CAE8AEBAFB2324F@MSXVS04.trivadis.com> 





Hi Joop



> In the new situation it will be be 1 or 2 10G release 2

> RAC Clusters with each one " shared" database. Oracle Label

> security must assure that on row level the different companies

> can not use each other's data.




Interesting. I'm helping a customer doing something very similar. The
differences are that they use VPD instead of Label Security and at the
moment no RAC is involved.



To comment on the question other asked, i.e. why not multiple schemas,
this is because they want to have only *one* support team that is able
to see data from several customers at the same time. And that, of
course, without completely rewriting the current application that
supports a single customer in one schema. 



> is Oracle Label Security an absolute, garantueed, method that

> different companies using the same database/schema, not can see

> each others data? 




If correctly setup only users having the system privilege EXEMPT ACCESS
POLICY are able to see all data. I.e. users will see only the data you
provide them through the user/data labels... If you want to avoid that,
only Database Vault can help you.



> is there any argument for two clusters above one clusters

> with 2/3/4/n instances?




Nothing that I can think of is specific to Label Security. As always is
matter of giving more importance to flexibility or efficiency.



> can i use the the "services" concept in 10G RAC to  force a bit

> of a flexible way of loadbalancing (company A and B uses instance

> 1, coampany C and D uses instance 2, company Eand F uses instance

> 3, etc.. and flexible, that i can change that when company C uses

> more resources at moment x...




I don't see why it should not work. But, be careful, since data is
stored in the very same blocks, cache fusion will probably very busy
shipping blocks between instances... Therefore, I would suggest
investigating if it is not possible to do a load balancing based on the
data utilization, i.e. modules mainly using the same tables should be
served by one instance, modules mainly using other tables should be
served by another one...




HTH



Chris

--
http://www.freelists.org/webpage/oracle-l


Received on Fri May 04 2007 - 04:13:39 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US