Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Is this Roles?

Re: Is this Roles?

From: Rene Nyffenegger <rene.nyffenegger_at_gmx.ch>
Date: 4 Oct 2004 15:13:09 GMT
Message-ID: <slrncm2q2g.328.rene.nyffenegger@zhnt60m34.netarchitects.com> 





In article <b9319429.0410040253.661ffb1c_at_posting.google.com>, Craig Morea wrote:


> Hi,

> 

> I am a non-technical manager who needs to understand technical issues

> concerning database management (probably mostly Oracle) well enough to

> know what the tech-guys are talking about.  If I can understand how it

> all works at the flowchart model level, it is not necessary that I

> understand how to code it.  I apologize if this question is in the

> wrong place and would accept redirection if that is appropriate.

> 

> The main issue I need to understand is a variation on roles-based

> access.  There is quite a bit of information available on how systems

> use roles to grant or limit permissions, but I have not found what I

> am looking for.  Since many examples focus on hospitals, I will make

> my example along the same lines:

> 

> The general assumption seems to be that Doctors have more permissions

> than Nurses.  This is fine.  But both Doctors and Nurses always seem

> to have access to all the records in the hospital.  I want to be able

> to restrict their access to the records of patients specifically

> assigned to them.

> 

> Also, I'd like to be able to grant access to personnel data on

> employees, to the employee's supervisor, and also to his supervisor's

> supervisor, all the way up the chain, but not to anyone outside the

> chain.  This appears to be partly a role issue, since supervisors can

> only see certain data, but it is also beyond roles, because the

> question is "who is supervisor of who?," and it gets worse when you

> want to add supervisor's supervisor, etc.

> 

> So...I'm not looking for solutions (unless you happen to have one

> handy).  But an assessment of whether these things are even possible

> and an explanation of where to start looking to tackle this kind of

> thing would be appreciated.

> 

> Thanks,

> 

> Craig




Craig,



See http://www.adp-gmbh.ch/ora/security/vpd/index.html for an example
of Virtual Private Databases (also known under Fine Grained Access Control,
or FGAC). This seems to be what you want.




hth


Rene


-- 
  Rene Nyffenegger
  http://www.adp-gmbh.ch/


Received on Mon Oct 04 2004 - 10:13:09 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US