Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Fine grained access control - SYS user
Thomas Hesse wrote:
>
> Hi,
>
> is it correct that the SYS user is not using any of the predicates ?
>
> e.g. when I am using something like this:
>
> CREATE OR REPLACE FUNCTION context_flag
> (obj_schema VARCHAR2, obj_name VARCHAR2)
> RETURN VARCHAR2 IS d_predicate VARCHAR2(2000);
>
> BEGIN
> d_predicate := 'flag = ''Y''';
> RETURN d_predicate;
> END context_flag;
>
> The users are only getting rows with flag='Y', but as SYS users I got
> all.
>
> Is there a way to change this ?
>
> Cheers
> Thomas
Not really...even if it did, if SYS got compromised, they would just remove/change/etc the fgac functions/policy etc.
hth
connor
-- ============================== Connor McDonald http://www.oracledba.co.uk "Some days you're the pigeon, some days you're the statue..."Received on Tue Apr 23 2002 - 12:13:42 CDT