Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: FGAC and that 30%

Re: FGAC and that 30%

From: Hans Forbrich <forbrich_at_yahoo.net>
Date: Sat, 17 Jul 2004 02:47:22 GMT
Message-ID: <_q0Kc.48981$Rf.32140@edtnps84> 





Daniel Morgan wrote:



>> One other possibility comes to mind - additional complexity.

>> 

>> A lot of people assume FGAC is a rewrite to select from an additional

>> column, as in "where permission = 'Top Secret'".   FGAC is not limited to

>> that and can involve significant additional overhead if one is not

>> careful. For example, you could use a list (IN,LIKE or BETWEEN

>> processing), or base the selection on calculations.

>> 

>> /Hans


> 
> Good point. My usages have all been 'trivial' additions to the WHERE
> clause.
> 





Very common situation.  



Note that this 'trivial' variant has been further trivialized by automation
through the 'Label Security' option.  That relieves the developer of the
FGAC design burden and places that on the [non-developer] security
administrator's shoulders (where it should be).



Never the less, the only way I can think of to really understand the impact
of FGAC is to do some of Tom's famous benchmarks with and without the
(manually) rewritten clause.
Received on Fri Jul 16 2004 - 21:47:22 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US