| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Label Security issue with Materialized Views
On May 8, 3:07 pm, Sal <salmansyed2..._at_gmail.com> wrote:
> Hello,
>
> I am trying to create a materialized view that is governed by a label
> security policy. Here is a summary of the issue:
>
> 1. I created a materialized view under sgadmin schema. The table
> references a table under the sgapp schema.
>
> 2. The table in the sgapp schema has a label policy applied to it with
> an unhidden labelcol which stores the label value
>
> 3. The sgadmin schema has full rights to the entire table.
>
> 4. After creating the materialized view, I applied the same label
> policy to the materialized view as was applied to the master table.
>
> 5. This works and when sgapp schema queries the sgadmin materialized
> view, only the data corresponding to the current label setting is
> show.
>
> 6. However, when I try to issue an update statement on the master
> table, I get ORA-30372.
>
> Does anyone know what this is all about? Thanks a lot for your help.
>
> Sal
30372, 00000, "fine grain access policy conflicts with materialized
view"
// *Cause: A fine grain access control procedure has applied a non-
null policy
// to the query for the materialized view. // // *Action: In order for the materialized view to work correctly, any fine // grain access control procedure in effect for the query must // return a null policy when the materialized view is being // created or refreshed. This may be done by ensuring that the // usernames for the creator, owner, and invoker of refresh // procedures for the materialized view all receive a null policy // by the user-written fine grain access control procedures.
In other words, refreshing the materialized view is outside the policy and requires a more global viewpoint. This is supposed to be explained in the application developers guide, but do they?
jg
-- @home.com is bogus. "'Tonight we eat Chinese!' mother exclaimed. But we never did. Mother was funny that way." - Congress of WondersReceived on Tue May 08 2007 - 17:39:57 CDT
 |
 |