Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Fine Grain Security and select... for update

Re: Fine Grain Security and select... for update

From: Ronnie Yours <ronnie_yours_at_yahoo.com>
Date: Fri, 27 Sep 2002 09:51:47 -0400
Message-ID: <an1nom$q1j$1@nntp-m01.news.aol.com> 





Hi,


This is another reply I got from Oracle



"I got one repsonse from our internal team. It suggest that this is expected
behaviour as the query selects lob locator using select statement. And it is
just updated using this


locator. But if you execute



update lobtab set ind_col=rownum;



It does not update any row.



But if query



select * from lobtab where ind_col = 2;


is executed it selects a row. So using the query the locator is selected and
the selected lob locator


is updated using the locator. I'll create a Note on this in Metalink and
will document the behaviour"



I dont understand why do they have a problem in accepting that its a
Bug/limitation.



Anyways, Jusung I have posted your thoughts regarding this matter in the tar
and will update this post once I get a reply from them.




Thanks


Ronnie Yours




"Jusung Yang" <JusungYang_at_yahoo.com> wrote in message
news:130ba93a.0209261654.42d9c917_at_posting.google.com...


> Nice try from ORACLE support. This workaround does not make much sense

> though. It seems to imply that you need to the put that piece of code

> somewhere in your application to first find out if FGAC exists and

> then let the user do the update - if this user does have the update

> privilege. You just don't implement security that way. The whole point

> of FGAC is that it does not matter what applicaton you use, you are

> always under its ever watchful eyes. It should be totally transparent.

> If you have to depend on one single application for FGAC to work, this

> is not FGAC anymore.

>

>

> "Ronnie Yours" <ronnie_yours_at_yahoo.com> wrote in message

news:<amvktl$rs2$1_at_nntp-m01.news.aol.com>...


> > I have already opened a Tar and gave a similar test case to Oracle. This

is


> > what they have to say.....

> > I hope I am not violating any copyright law here....

> >

> > Oracle's Comment

> > -----------------

> > As far as

> > workaround is concerned

> > I can think of only one way, along with LOB column select one more

column;


> > for eg in the example you

> > have posted change the query as

> >

> > declare

> > mvclob clob;

> > mvar varchar2(100) := 'This is updated by ' || user || ' 2';

> > begin

> > select ind_col, clob_col into mvclob from lobtab where ind_col = 2 for

> > update;

> > update lobtab set ind_col = ind_col where rownum<=1;

> > /* This will just try to update one row to the same value This acts as a

> > check for policies that has been set*/

> > if sql%rowcount>0 then

> > dbms_lob.write(mvclob, length(mvar), 1, mvar);

> > end if

> > end;

> > /

Received on Fri Sep 27 2002 - 08:51:47 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US