Re: Looking for Info on Value-Based Security
Date: 4 Aug 1994 19:47:56 -0600
Message-ID: <31s5oc$edp_at_u.cc.utah.edu>
In article <31rds0$2vv_at_coranto.ucs.mun.ca>,
Jamie Morry <jmorry_at_morgan.ucs.mun.ca> wrote:
>Does anyone know of any good references that deal with the efficient
>implementation of value-based security in relational systems? An example
>of value-based security for our purposes would be limiting employee access to a
>departmental table to only those rows that match the employee's
>department.
It is easy to do read-only access security in Oracle by using creating views that have joins with a pair of system catalog tables that have the operating system user ID in it.
Example:
Create view payroll_data as Select A.*
from payroll_table A, emp_table B, system_view C where A.dept = B.dept AND B.user_id = C.user_id;
Write-access control could be done in software on the client side, or possibly with triggers on the database server side.
- Mark.