Re: Q: Column Level Security

From: Morgan Skinner <morgan_at_odo.fisons-lims.com>
Date: 24 Feb 95 15:22:48 GMT
Message-ID: <3iktk8$9kp_at_alterdial.UU.NET>

jpadilla_at_epix.net wrote:

>
> Hola!
>
> I am working in a application in which we need to be able to enforce column
> level security dynamically. What I mean by dynamically is that we will be
> having a pool of modules that we need to assign to users depending on the
> user position, etc. The problem we have is due to the use of ODBC in some
> of our clients. We need to be able to restrict in some way access to the server
> or allow users to see just a selected information in the database. We need
> this because of some business rules that are enforced with our application.
>
> etc...
>

I'm not sure if I get the question correctly, but what I think you are asking is 'Is it possible for user A to see all rows in a table, and user B see only a subset'. If so the following is a possible solution...

(1) Create a user_group table. The records in this table would be

ADMIN, SALES etc or whatever business groups you desire.

(2) Create a user_groups table that for a selected user has a

number of entries - the groups that that user may access

(3) For each table that you want to restrict access to, add a link

to the user_group table

(4) Create a view for each table that uses the user_group entries

to limit access to the data.

The tables/views are as follows...

CREATE TABLE USER_GROUP
  (IDENTITY VARCHAR2(20),
   DESCRIPTION VARCHAR2(255)); CREATE TABLE USER_GROUPS
  (USER_GROUP VARCHAR2(20),
   USERNAME VARCHAR2(30),
   CONSTRAINT PK_USER_GROUPS PRIMARY KEY (USER_GROUP,USERNAME),    CONSTRAINT FK_USER_GROUPS_GROUP FOREIGN KEY (USER_GROUP)      REFERENCES USER_GROUP (IDENTITY)); ALTER TABLE whatever
  ADD USER_GROUP VARCHAR2(20)
  ADD CONSTRAINT FK_whatever_USER_GROUP FOREIGN KEY (USER_GROUP)     REFERENCES USER_GROUP(IDENTITY); And finally the view

CREATE OR REPLACE
  VIEW whatever_VIEW AS
  SELECT * FROM whatever
    WHERE ((USER_GROUP IS NULL) OR

           (USER_GROUP IN (SELECT USER_GROUP FROM USER_GROUPS
                             WHERE USERNAME = USER)));

Now whenever you select from the view, the group security will take effect. Note that if you want all users to access a particular row, simply set the USER_GROUP value to NULL.

Hope this clears up your question. Received on Fri Feb 24 1995 - 16:22:48 CET

This message: [ Message body ]
Next message: Richard D Holowczak: "Re: Personal Oracle 7 & SQL*lus 3.1"
Previous message: Polyphase: "Re: update pk referenced by fk"
In reply to jpadilla_at_epix.net: "Q: Column Level Security"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message