Re: hiding Tables

From: Neil.W.James <>
Date: Mon, 15 Sep 2008 14:55:25 +0200
Message-ID: <48ce5b3c$0$855$>

Mass wrote:

> On Sep 12, 4:25 pm, Mark D Powell <> wrote:

>> On Sep 12, 9:14 am, "" <> wrote:
>>> On Sep 12, 3:30 am, Mass <> wrote:
>>>> Dear All,
>>>> I have a data base on oracle 10g i want to hiding some tables but i
>>>> didn't know the steps to do that and How i will show it later?
>>>> Thanks a lot
>>> What, exactly, do you mean by 'hiding some tables'? There are ways to
>>> restrict access to certain data to certain users, but that's not
>>> called 'hiding tables'.
>>> David Fitzjarrell
>> Mass, by default if you create a table the only users who can see that
>> table are you and users with the select any table privilege such as
>> DBA's. You have to issue object level privileges: select, insert,
>> update, delete to allow other users to access your table.
>> As David asked, what do you mean by, "hiding some tables". Perhaps
>> you want to look into encryption, views, Virtual Private Database
>> (VPD) also called Fine Grained Access Control (FGAC).
>> encryption - require encoding and decoding of raw data so it can
>> be seen in clear form only via an authorized application
>> view - restricts columns and rows returned via a predefined query
>> VPD - Prior to 10g applies a policy rule to filter rows returned
>> based on how rule applies to querying user. With 10g+ can also be
>> used to nullify column value returned.
>> HTH -- Mark D Powell --
> let me explain , i have table called ( user) it containt  username and
> password this table in  same my data base (there are many users can
> login in this data base and can access to (user ) ),so i need to hid
> this table from my data base  to avoid any access to this table
> Thanks
> Mass

Create this table in a different schema that your end-users cannot read. You can/should encrypt/hash the password field in some way, ideally one-way. This is for general audit reasons.

Create a program package/procedure in that schema (using the default definer's rights) that accepts the user name and the entered password, apply any encryption/hashing to the entered password. This procedure can read the table and see whether the entered data matches or not.

Give the users execute access to the package and use it to determine access.

In this way the end-users can never directly see the table or data within.

The procedure can also include limiting the number of attempts per session and can invoke an increasing delay after incorrect sign-ons, etc.

Neil Received on Mon Sep 15 2008 - 07:55:25 CDT

Original text of this message