Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.misc -> Re: Is this Roles?
In article <b9319429.0410040253.661ffb1c_at_posting.google.com>, Craig Morea wrote:
> Hi,
>
> I am a non-technical manager who needs to understand technical issues
> concerning database management (probably mostly Oracle) well enough to
> know what the tech-guys are talking about. If I can understand how it
> all works at the flowchart model level, it is not necessary that I
> understand how to code it. I apologize if this question is in the
> wrong place and would accept redirection if that is appropriate.
>
> The main issue I need to understand is a variation on roles-based
> access. There is quite a bit of information available on how systems
> use roles to grant or limit permissions, but I have not found what I
> am looking for. Since many examples focus on hospitals, I will make
> my example along the same lines:
>
> The general assumption seems to be that Doctors have more permissions
> than Nurses. This is fine. But both Doctors and Nurses always seem
> to have access to all the records in the hospital. I want to be able
> to restrict their access to the records of patients specifically
> assigned to them.
>
> Also, I'd like to be able to grant access to personnel data on
> employees, to the employee's supervisor, and also to his supervisor's
> supervisor, all the way up the chain, but not to anyone outside the
> chain. This appears to be partly a role issue, since supervisors can
> only see certain data, but it is also beyond roles, because the
> question is "who is supervisor of who?," and it gets worse when you
> want to add supervisor's supervisor, etc.
>
> So...I'm not looking for solutions (unless you happen to have one
> handy). But an assessment of whether these things are even possible
> and an explanation of where to start looking to tackle this kind of
> thing would be appreciated.
>
> Thanks,
>
> Craig
Craig,
See http://www.adp-gmbh.ch/ora/security/vpd/index.html for an example of Virtual Private Databases (also known under Fine Grained Access Control, or FGAC). This seems to be what you want.
hth
Rene
-- Rene Nyffenegger http://www.adp-gmbh.ch/Received on Mon Oct 04 2004 - 10:13:09 CDT