Re: implementing row level security

He cannot access data, as I already mentioned - no grants, schema locked,
only the way to access data is through stored procedures. Stored Procedures are there not only for security reason, but because of
the complexity of data (tree structure, each node type has different approach of handling etc.) - so it was simpler/faster for us to develop our own RLS functions tailed for our app. then use Oracle one.

Daniel Morgan <damorgan_at_x.washington.edu> wrote in message news:<1083376717.759773_at_yasure>...
> Jan wrote:
>
> > I had similar dilema, our model was quite complex (tree structure with
> > some child tables) and we had to solve security on the node level.
> > All the data were accessed through stored procedure (Insert, Update,
> > Delete, Select). We started with Oracle RLS but after we decided to
> > use our own solution
> > - one simple table with the node privileges and procedure for checking
> > those rights.
> > We just put this checking procedure into our
> > Insert/Update/Delete/Select procedures - that was the only way how to
> > access the data. No grants on tables and schema locked.
> >
> > jan
>
> And your solution will work right up until the moment when someone
> accesses the database with something other than the approved tool.
>
> The minute they do ... you have zero security.
>
> Want to take bets on 'when' it will happen? It would be unfair to
> wager on 'if'.
Received on Tue May 04 2004 - 18:31:11 CEST