| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Object privilege at row level?
Quarkman <quarkman_at_myrealbox.com> wrote in message news:<oprsumbjf1r9lm4d_at_haydn>...
> On Fri, 25 Jul 2003 00:03:38 +0200, Sybrand Bakker
> <postbus_at_sybrandb.demon.nl> wrote:
>
> >
> > "Rick Denoire" <100.17706_at_germanynet.de> wrote in message
> > news:22l0iv0tp71jjl3vs908ng5gc625qj0vf8_at_4ax.com...
> >> Is there a way (using Oracle 9.2.0) to control access to rows of a
> >> table? (Instead of granting access to the whole table)
> >>
> >> Can one at least monitor access to certain rows of a table?
> >> That is, is it possible to protocol who and when accessed certain
> >> rows?
> >>
> >> Thanks
> >> Rick Denoire
> >
> > Yes, using Fine Grained Access Control, Row Level Security, Virtual
> > Private
> > Database, or whatever the most recent marketing term is. Available in EE
> > only.
> > FGAC comes with Fine Grained Auditing.
>
> Eh?
>
> FGAC has absolutely nothing to do with FGA. Nothing. As much as a pea has
> to do with a carrot.
>
> The fact that both come with 9i is mere incidental.
>
> So does automatic undo and automatic PGA, but I bet you wouldn't join those
> two in the same sentence.
>
> FGAC uses dbms_rls, and fine-grained auditing uses dbms_fga. And the
> relationship between these two packages would be....??
>
> Here's a clue: Row-Level Security works even if you haven't the faintest
> idea what VPD is, and have never even thought of implementing it.
>
> Before you slag off 1.1 billion people, Sybrand (ie, the Indians you abused
> the other day)... how about learning the basics for yourself?
>
> God preserve us from Senior DBAs who think they're the bees-knees, but
> actually are just sad old bastards who haven't a clue (or, probably more
> accurately, had a lot of clue in 7.2, but who have been becoming steadily
> more and more out-of-date since then, and steadily more and more grumpy as
> a result).
>
> ~QM
is the term 'VPD' and FGAC just for marketing purposes? Seems to me that if I want to implement row level security, I can create a policy and follow those procedures for doing it.
what am I missing? Received on Fri Jul 25 2003 - 07:58:41 CDT
 |
 |