Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: 9i Partitioned Fine Grain Access Control ?
FGAC works by establishing a policy on a table (if you are a salesman, add a
'where salesrepno=X', for example, of 'if you are a customer, add a 'where
custcode=Y'). If you had multiple policies, then they were 'AND'ed
together. Which meant that if you wanted your sales people AND your
customers to access your orders table, you were in deep doo-doo. You had to
construct a single complicated policy that could weed out one bunch of
people from the other, and do the appropriate thing.
Partitioned FGAC means that you can have multiple independent policies on the table. From your details, determined at log on, we work out which policy should apply to you, and set a context for you accordingly. All queries are then executed within that context, and only the relevant where predicate is appended. No "AND'ing, no complicated single policies.
It's not a fundamental change, just a subtle one that makes FGAC much more usable and configurable.
Regards
HJR
-- ------------------------------------------ Resources for Oracle : www.hjrdba.com ============================ "Alan" <alainrtv_at_yahoo.com> wrote in message news:fbee32ac.0203301234.5d2b63b6_at_posting.google.com...Received on Sat Mar 30 2002 - 15:24:42 CST
> Hi,
>
> I did some reading:
>
http://download-west.oracle.com/otndoc/oracle9i/901_doc/server.901/a88856/c2 4privs.htm#4525
> (Oracle9i Database Concepts ch 25)
>
>
http://download-west.oracle.com/otndoc/oracle9i/901_doc/network.901/a90148/g alsystematic.htm#1021956
> (Oracle9i Security Overview ch 9)
>
>
http://206.204.21.139/otndoc/oracle9i/901_doc/server.901/a90120/ch2_feat.htm #50751
> (Oracle9i Database New Features ch 2)
>
> A new 9i feature is:
> Partitioned Fine Grain Access Control
>
> Q: How is 'Partitioned Fine Grain Access Control'
> different than 'Fine Grain Access Control'?
>
> Alan