Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Implementing Data-level Security
jared_at_hwai.com (Jared Hecker) wrote:
>There is no good reason a view must correspond to a table; this is a
>security decsision.
>My suggestion would be to make denormalized view showing all the
>information you want - that way, if the app hits against the view yo uwill
>get everything you need in one query; app security should be able to take
>care of only letting the salesman see what you want to see - e.g., have the
>salesman put in his ID as part of sign-in, rather than as part of the
>query, then just give him a list of queries (which would be automatically
>parameterized for the ID he entered at signon).
My original post did not give my requirements clearly. I want the users to SELECT as well as INSERT/UPDATE/DELETE from the views. Therefore, this approach too may not work.
Anup.
Anup Computers Tel : 91-22-364 7992 33, Shankar Sagar Fax : 91-22-363 6176 Sophia College Road Bombay 400 026 email : anupcomp_at_giasbm01.vsnl.net.inINDIA