Re: implementing row level security
Date: Fri, 30 Apr 2004 18:58:42 -0700
Message-ID: <1083376717.759773_at_yasure>
Jan wrote:
> I had similar dilema, our model was quite complex (tree structure with
> some child tables) and we had to solve security on the node level.
> All the data were accessed through stored procedure (Insert, Update,
> Delete, Select). We started with Oracle RLS but after we decided to
> use our own solution
> - one simple table with the node privileges and procedure for checking
> those rights.
> We just put this checking procedure into our
> Insert/Update/Delete/Select procedures - that was the only way how to
> access the data. No grants on tables and schema locked.
>
> jan
And your solution will work right up until the moment when someone accesses the database with something other than the approved tool.
The minute they do ... you have zero security.
Want to take bets on 'when' it will happen? It would be unfair to wager on 'if'.
-- Daniel Morgan http://www.outreach.washington.edu/ext/certificates/oad/oad_crs.asp http://www.outreach.washington.edu/ext/certificates/aoa/aoa_crs.asp damorgan_at_x.washington.edu (replace 'x' with a 'u' to reply)Received on Sat May 01 2004 - 03:58:42 CEST