Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Usenet -> c.d.o.server -> Re: tough choices

Re: tough choices

From: Mark Townsend <>
Date: Sat, 26 Jun 2004 14:37:48 GMT
Message-ID: <0TfDc.158242$3x.121327@attbi_s54>

Larry wrote:
> Mark,
> Thank you for being honest in your answer.
> One of the reasons that I asked is because frankly, I really didn't know
> the answer (I only have a base of experience with a very specific set of
> customers ... although over about 13 years now).

Hmm - your specific question was "how many customers need to control acces to data down to the level of which IP the query is coming from. The answer is very few. However, many people (as can be seen from answers from people on this thread) use row level security

> The other is that earlier in this thread, a claim was made that DB2
> relied on Tivoli to provide "even the most basic security". Now ... I
> know we've beaten it to death already ... and I don't want to continue
> to do so. But ... as so frequently happens in the IT world, this boils
> down to semantics. I propose that DB2 UDB (without Tivoli) does have
> much in the way of "basic" rdbms security authorization and
> authentication support. It may be a different implementation than
> Oracle. But it's there. And I also submit that "basic" covers the
> security needs of the vast majority of users and companies (if not more
> than that). I also know that when a requirement is brought forward to
> IBM, and it is a frequently requested requirement ... it will likely
> find its way into the product ... sooner rather than later if the market
> deems it important enough (as I'm sure is the case with Oracle also).

There have been a few requests for this to date in DB2 land that I can see

Many of the initial "sponsors" at Oracle for the row level security stuff were the non-name customers alluded to earlier, and they tend not to post to newsgroups ;-)
> Larry Edelstein
> Mark Townsend wrote:

>> Larry wrote:
>>> Question though. How many customers in reality have security 
>>> requirements that are this granular and that need to be met based on 
>>> only an IP address coming in?
>> At that level of granularity, just a few. And in fact, some of them 
>> don't even exist :-)
>> "As I was going down the stair, I saw a man who wasn't there. He 
>> wasn't there again today; He must be from the ..."
>> However, many companies have policies over what data can and cannot be 
>> accessed when on a wireless network or internet via dial up or VPN (as 
>> opposed to the intranet). I know Oracle does for some of the more 
>> significant IP.

Received on Sat Jun 26 2004 - 09:37:48 CDT

Original text of this message