Re: Dynamic Default Roles ?

From: <james.lawrence_at_EPAMAIL.EPA.GOV>
Date: 1995/06/20
Message-ID: <james.lawrence.63.000EEE74_at_EPAMAIL.EPA.GOV>#1/1

In article <1995Jun15.002155.20394_at_nosc.mil> dbrewer_at_nosc.mil (Dennis Brewer) writes:
>From: dbrewer_at_nosc.mil (Dennis Brewer)
>Subject: Re: Dynamic Default Roles ?
>Date: Wed, 14 Jun 1995 21:21:19 GMT

>joe_at_access4.digex.net (Joe Nardone) wrote:
>>Dennis Brewer (dbrewer_at_nosc.mil) wrote:
>>: Fact1: Every user that logs in is assigned a defult role.
>>: Fact2: Some users wear different hats when logging onto the database. This requires
>>: different role assignments bases on the current application and session.
>>: Fact3: Each time a user logs on a session is started with an entry in the v$session table.

>>: Question1: Does it put an entry in the v$session table, before the default role is enabled?
>>: Question2: Can a trigger be placed on the v$session table?
>>
>>[snip]
>>
>>Why couldn't the users be assigned all the roles they need as their
>>default role? I don't quite understand the dilemma here.
>>
>>Joe Nardone
>>
>>
>>
>>--
>>
>>=------------------------------------------------------------------------=

>Joe
> Look again at fact 2: In our organization I can log in using an application as the head
>of my division. Now as the head of my division I have access to many more attributes
>than say a lowly clerk. In this case I would have a default role that would reflect my
>grants and priviledges. One hour later I can again log on using a different application.
>This application is using data from another division, now I am a lowly clerk as far
>as this other division is concerned. My default role at this time should be highly
>restricted.
>This is a Military Base, and as such not all users are created equal. However a user
>could be granted many different roles based on the applications in use at the moment.
>Many key individuals have applications that cross over into other areas of data. This is
>the reason that the default role should be dynamic.

You're thinking that there can only be one default role for a user. Thats not true. You can grant super_hr_user and lowly_ap_clerk to the same user. The 'default' only means it is enabled when the user logs in. Check out the user_role_privs table.

Lawrence..... Received on Tue Jun 20 1995 - 00:00:00 CEST

This message: [ Message body ]
Next message: james.lawrence_at_EPAMAIL.EPA.GOV: "Re: Q: Trying to update a table using ROWID"
Previous message: Kurtis D. Rader: "Re: Warning about null and open question to Oracle"
Maybe in reply to: Dennis Brewer: "Dynamic Default Roles ?"
Next in thread: james.lawrence_at_EPAMAIL.EPA.GOV: "Re: Q: Trying to update a table using ROWID"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message