Re: 9i Partitioned Fine Grain Access Control ?

FGAC works by establishing a policy on a table (if you are a salesman, add a 'where salesrepno=X', for example, of 'if you are a customer, add a 'where custcode=Y'). If you had multiple policies, then they were 'AND'ed together. Which meant that if you wanted your sales people AND your customers to access your orders table, you were in deep doo-doo. You had to construct a single complicated policy that could weed out one bunch of people from the other, and do the appropriate thing.

Partitioned FGAC means that you can have multiple independent policies on the table. From your details, determined at log on, we work out which policy should apply to you, and set a context for you accordingly. All queries are then executed within that context, and only the relevant where predicate is appended. No "AND'ing, no complicated single policies.

It's not a fundamental change, just a subtle one that makes FGAC much more usable and configurable.

Regards
HJR

--
------------------------------------------
Resources for Oracle : www.hjrdba.com
============================

"Alan" <alainrtv_at_yahoo.com> wrote in message
news:fbee32ac.0203301234.5d2b63b6_at_posting.google.com...


> Hi,

>

> I did some reading:

>

http://download-west.oracle.com/otndoc/oracle9i/901_doc/server.901/a88856/c2
4privs.htm#4525


> (Oracle9i Database Concepts ch 25)

>

>

http://download-west.oracle.com/otndoc/oracle9i/901_doc/network.901/a90148/g
alsystematic.htm#1021956


> (Oracle9i Security Overview ch 9)

>

>

http://206.204.21.139/otndoc/oracle9i/901_doc/server.901/a90120/ch2_feat.htm
#50751


> (Oracle9i Database New Features ch 2)

>

> A new 9i feature is:

> Partitioned Fine Grain Access Control

>

> Q: How is 'Partitioned Fine Grain Access Control'

> different than 'Fine Grain Access Control'?

>

> Alan