Re: Security

stanw_at_bnr.ca (Stan Wolfe) wrote:
>
> I am starting to work on the port of an application from a custom
> Mac-based server to an Oracle server.
>
> Currently, the application handles all of the security (at both the row
> and column levels). If it was just a straight port to Oracle, we could
> retain a lot of the application logic to handle the security, but we want
> to open the data up to other (non-application) users using generic
> (third-party) data access tools. Obviously, we don't want the
> non-application users to get at all of the data. We want to impose a
> similar level of security on these users, as well. The reason for opening
> up the data is to allow ad-hoc queries and drill-down data access and
> analysis which the current application does not provide.
>
> We are currently considering using views to control which rows and columns
> that users can see. However, the number of users will be between 500 and
> 1000 and the number of views could go into the hundreds! Database
> administration will be a nightmare!!
>
> Any suggestions regarding the use of Oracle IDs, views and grants would be
> greatly appreciated.
>
> Stan Wolfe
> stanw_at_bnr.ca

What you might want to consider is:

Come up with various access classes for users and determine which tables and columns does each user class needs access to.

Setup a role for each class of users and grant access to the roles.

This will make the security management easier since changing grants to roles will change security access for each users that has that role.

Ashok Kapur
akapur_at_thomtech.com Received on Mon Aug 14 1995 - 00:00:00 CEST