Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Fine grained access control - SYS user

Re: Fine grained access control - SYS user

From: Connor McDonald <connor_mcdonald_at_yahoo.com>
Date: Tue, 23 Apr 2002 18:13:42 +0100
Message-ID: <3CC59646.26AE@yahoo.com> 





Thomas Hesse wrote:


> 

> Hi,

> 

> is it correct that the SYS user is not using any of the predicates ?

> 

> e.g. when I am using something like this:

> 

> CREATE OR REPLACE FUNCTION context_flag

>                           (obj_schema VARCHAR2, obj_name VARCHAR2)

>                     RETURN VARCHAR2 IS d_predicate VARCHAR2(2000);

> 

> BEGIN


>   d_predicate := 'flag = ''Y''';

>   RETURN d_predicate;

> END context_flag;

> 

> The users are only getting rows with flag='Y', but as SYS users I got

> all.

> 

> Is there a way to change this ?

> 

> Cheers

> Thomas




Not really...even if it did, if SYS got compromised, they would just
remove/change/etc the fgac functions/policy etc.



hth


connor


-- 
==============================
Connor McDonald

http://www.oracledba.co.uk

"Some days you're the pigeon, some days you're the statue..."


Received on Tue Apr 23 2002 - 12:13:42 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US