Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Implementing Data-level Security

Implementing Data-level Security

From: Anup Jalan <anupcomp_at_giasbm01.vsnl.net.in>
Date: 1997/02/10
Message-ID: <1.5.4.32.19970210044748.0066f390@giasbm01.vsnl.net.in>#1/1

jared_at_hwai.com (Jared Hecker) wrote:

>There is no good reason a view must correspond to a table; this is a
>security decsision.
 

>My suggestion would be to make denormalized view showing all the
>information you want - that way, if the app hits against the view yo uwill
>get everything you need in one query; app security should be able to take
>care of only letting the salesman see what you want to see - e.g., have the
>salesman put in his ID as part of sign-in, rather than as part of the
>query, then just give him a list of queries (which would be automatically
>parameterized for the ID he entered at signon).

My original post did not give my requirements clearly. I want the users to SELECT as well as INSERT/UPDATE/DELETE from the views. Therefore, this approach too may not work.

Anup.



Anup Jalan
Anup Computers                                  Tel   : 91-22-364 7992
33, Shankar Sagar                               Fax   : 91-22-363 6176
Sophia College Road
Bombay 400 026                   email : anupcomp_at_giasbm01.vsnl.net.in
INDIA
Received on Mon Feb 10 1997 - 00:00:00 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US