Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> VPD best practice

VPD best practice

From: jbl <jarmo.blomsterN0SPM_at_ccc.fi>
Date: Tue, 18 Apr 2006 07:21:15 GMT
Message-ID: <Lr01g.29$CF4.17@read3.inet.fi> 





Hi,



We have one database instance with seven different companies. These 
companies have now each own schema. Now we need to combine those schemas 
into one schema but their data need to be selectively private. That means 
that in the future they for exaple share their clients but contracts, 
invoicing etc. will be private. The application they use is exactly the same 
(except some parameters are private). The application uses heavily PL/SQL 
and the definer rights is used to secure the data.



RLS (VPD) is the obvious solution to our chalenge. I've made some tests and 
encountered one problem that I like to ask some other opinions how to solve 
that.



I've made own application context that collects the real user login info in 
logon trigger, but this does not help because the policy function is not get 
called when the owner (i.e. the definer) makes the calls.



Is there any other options than turn to invoker rights?



//jarmo 
Received on Tue Apr 18 2006 - 02:21:15 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US