Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.tools -> Re: Can you trigger an automatic WHERE-clause on any statement on a table?

Re: Can you trigger an automatic WHERE-clause on any statement on a table?

From: Charlton Purvis <purvis_at_sc.edu>
Date: Wed, 01 Nov 2000 17:06:23 GMT
Message-ID: <8tpii8$60c$1@nnrp1.deja.com>

Hi, Jacob:

I'm much in the same boat as you are, but we're in the beginnings of the development cycle: wrapping up requirements and specifications. Forms are nothing new to our company, neither are large Oracle databases, but Forms Server 6i and 8i's row-level security are. I'd be very interested to know your expected user-base, and what types of pitfalls you have overcome in terms of high bandwidth requirements Forms may require, e.g. have you found multiple small forms favorable to few large forms? did you have to cut back on anything w/ web distribution?

Our system whose prototype will be released to the state in February is a case management software solution that will have approximately 300 maximum concurrent users all accessing the app server over secure Internet connections, certificates, and pseudo-VPN. (A WAN/VPN may be in the making, but that certainly won't materialize by February.) We emphasize the word prototype since Forms and Reports Server is something new to us, and although it's comfortable and quick as a development tool, if it is clumsy and too slow for our end-user, we will go back to sqare 2 and re-think our implementation.

But RLS and app contexts will be part of the system, regardless. With state-wide political, scope, and confidentiality issues all playing a large role in security design, I am toying w/ the idea of using RLS and app contexts to put UNIX filesystem-like permission columns on each row of all tables. I'm concerned w/ performance issues if we're constantly checking a user's app context w/ whatever row they are requesting, but it still seems to me that other posts and research I have read fall short when they consider minimal rls/app_contexts plus a user-specific views and synonyms as a complete solution. Am I wrong in thinking that user-views and synonyms won't completely cover all the bases if a user is also going to be allowed to access the system via ODBC? (I know that's a completely separate security issue, but the question still stands.)

Bottom line . . . Is it unpracitcal to associate file system-like permissions on every row of every table to limit a user's scope and permissions? If we get it right from square one, I don't think it will be an administrative headache, but I'm still concerned about performance issues.

And how far along are you in Forms 6i land? How did you reach Forms as your software solution? Is this for a LAN or WAN?

We are currently doing our own tests of the bandwith requirements of Forms using a UNIX sniffer (I don't completely trust nor understand Oracle's data specs.)

Would love the opportunity for a two-way information exchange.

Look forward to a response.

Charlton Purvis

In article <0y4E5.18745$Ly1.252129_at_news5.giganews.com>,   "Jacob" <jacmads_at_hotmail.com> wrote:
> Hi all
>
> We are currently in the process of migrating a previous single-user
> application to a multi-user application running on the web using Forms
> Server 6i on Oracle8i 8.1.6 on Windows NT.

Sent via Deja.com http://www.deja.com/
Before you buy. Received on Wed Nov 01 2000 - 11:06:23 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US