Re: Can you trigger an automatic WHERE-clause on any statement on a table?

Charlton Purvis wrote:

> Hi, Jacob:
>
> I'm much in the same boat as you are, but we're in the beginnings of
> the development cycle: wrapping up requirements and specifications.
> Forms are nothing new to our company, neither are large Oracle
> databases, but Forms Server 6i and 8i's row-level security are. I'd be
> very interested to know your expected user-base, and what types of
> pitfalls you have overcome in terms of high bandwidth requirements
> Forms may require, e.g. have you found multiple small forms favorable
> to few large forms? did you have to cut back on anything w/ web
> distribution?
>
> Our system whose prototype will be released to the state in February is
> a case management software solution that will have approximately 300
> maximum concurrent users all accessing the app server over secure
> Internet connections, certificates, and pseudo-VPN. (A WAN/VPN may be
> in the making, but that certainly won't materialize by February.) We
> emphasize the word prototype since Forms and Reports Server is
> something new to us, and although it's comfortable and quick as a
> development tool, if it is clumsy and too slow for our end-user, we
> will go back to sqare 2 and re-think our implementation.
>
> But RLS and app contexts will be part of the system, regardless. With
> state-wide political, scope, and confidentiality issues all playing a
> large role in security design, I am toying w/ the idea of using RLS and
> app contexts to put UNIX filesystem-like permission columns on each row
> of all tables. I'm concerned w/ performance issues if we're constantly
> checking a user's app context w/ whatever row they are requesting, but
> it still seems to me that other posts and research I have read fall
> short when they consider minimal rls/app_contexts plus a user-specific
> views and synonyms as a complete solution. Am I wrong in thinking that
> user-views and synonyms won't completely cover all the bases if a user
> is also going to be allowed to access the system via ODBC? (I know
> that's a completely separate security issue, but the question still
> stands.)
>
> Bottom line . . . Is it unpracitcal to associate file system-like
> permissions on every row of every table to limit a user's scope and
> permissions?

That is promised in 9i

> If we get it right from square one, I don't think it will
> be an administrative headache, but I'm still concerned about
> performance issues.
>
> And how far along are you in Forms 6i land? How did you reach Forms as
> your software solution? Is this for a LAN or WAN?
>
> We are currently doing our own tests of the bandwith requirements of
> Forms using a UNIX sniffer (I don't completely trust nor understand
> Oracle's data specs.)
>
> Would love the opportunity for a two-way information exchange.
>
> Look forward to a response.
>
> Charlton Purvis
>
> In article <0y4E5.18745$Ly1.252129_at_news5.giganews.com>,
> "Jacob" <jacmads_at_hotmail.com> wrote:
> > Hi all
> >
> > We are currently in the process of migrating a previous single-user
> > application to a multi-user application running on the web using Forms
> > Server 6i on Oracle8i 8.1.6 on Windows NT.
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.

--
Gtrz,

Frank van Bortel