Received: (qmail 19710 invoked from network); 20 Oct 2009 11:11:59 -0500 Received: from freelists-180.iquest.net (HELO turing.freelists.org) (206.53.239.180) by static-ip-85-25-126-90.inaddr.intergenia.de with SMTP; 20 Oct 2009 11:11:27 -0500 Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 8EEE9CB4A54; Tue, 20 Oct 2009 12:11:17 -0400 (EDT) X-Virus-Scanned: Debian amavisd-new at localhost.localdomain Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lM-RmuPFApd0; Tue, 20 Oct 2009 12:11:17 -0400 (EDT) Received: from turing.freelists.org (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id D776ACB4A5B; Tue, 20 Oct 2009 12:10:38 -0400 (EDT) Received: with ECARTIS (v1.0.0; list oracle-l); Tue, 20 Oct 2009 12:09:57 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 49EF4CB489A for ; Tue, 20 Oct 2009 12:09:57 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id McnaQ5y8AC1c for ; Tue, 20 Oct 2009 12:09:57 -0400 (EDT) Received: from mail-fx0-f211.google.com (mail-fx0-f211.google.com [209.85.220.211]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 5F90DCB3EBD for ; Tue, 20 Oct 2009 12:09:56 -0400 (EDT) Received: by fxm7 with SMTP id 7so6254515fxm.34 for ; Tue, 20 Oct 2009 09:09:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:references :in-reply-to:subject:date:message-id:mime-version:content-type :x-mailer:thread-index:content-language; bh=0OHMgY5L7k9nuKsTAhEsrU75l5Qi7Meh4q6lw88EorQ=; b=E3W4Q4qetOqJxSgTgaPp8bCoE6mSiLhOROdoFfHe/dPjAQCnSzYC++wq+A6ofV5VWa +8yIvgldiQVFIBp4JqOTGNwmidFypMqANpu9S7ub44WrVZI/UJyw6eaO/9EOdS1v3tP8 4P7uKClCJCKuSxP6Ccm+JecYBNanbSerAnJlg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:references:in-reply-to:subject:date:message-id:mime-version :content-type:x-mailer:thread-index:content-language; b=vu5BSbk0OnbJgQZDaDoZ2njuznaZbLYmFAyKBcVNyYcLUj0YqmjRZoSY1nvY5ItUkK JZiAiuXQoNlq4izqgNaKqfirpaUwigLOIKdaKU0yJAK6XuQElP5rd3uXKPcZ6uAEyqrs j4QYa2IUah2Papp7kJSMEpyPKzQaakacuryhc= Received: by 10.204.160.90 with SMTP id m26mr6642043bkx.63.1256054994542; Tue, 20 Oct 2009 09:09:54 -0700 (PDT) Received: from KenPC (211.sub-75-237-8.myvzw.com [75.237.8.211]) by mx.google.com with ESMTPS id l19sm158170fgb.16.2009.10.20.09.09.52 (version=SSLv3 cipher=RC4-MD5); Tue, 20 Oct 2009 09:09:53 -0700 (PDT) From: "Kenneth Naim" To: , References: In-Reply-To: Subject: RE: VPD with column masking Date: Tue, 20 Oct 2009 12:09:49 -0400 Message-ID: <01e901ca519f$c1e4fce0$45aef6a0$@com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_01EA_01CA517E.3AD35CE0" Content-Language: en-us X-archive-position: 21772 X-ecartis-version: Ecartis v1.0.0 Sender: oracle-l-bounce@freelists.org Errors-to: oracle-l-bounce@freelists.org X-original-sender: kennaim@gmail.com Precedence: normal Reply-to: kennaim@gmail.com List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: oracle-l X-List-ID: oracle-l List-subscribe: List-owner: List-post: List-archive: X-list: oracle-l ------=_NextPart_000_01EA_01CA517E.3AD35CE0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Yes it can be done. The function will be run by every user selecting from the table, so execute on the function should be granted to public. Within the function you can check for a list of hard coded users, or have it lookup the data in a table (which should be protected against changes using fga) or you can use a db role that can be granted to users, and check dba/all_role_privs. Ken From: oracle-l-bounce@freelists.org [mailto:oracle-l-bounce@freelists.org] On Behalf Of J. Dex Sent: Tuesday, October 20, 2009 11:10 AM To: oracle-l@freelists.org Subject: VPD with column masking Using VPD with column masking, is it possible to set up a function/policy so it only applies to a small percentage of the users in the database? I have a main schema with all the tables under that schema. I want a few of the users (not everyone) to only be able to look at some of the data that resides in those tables under that main schema. Is it possible to apply a function and policy to work that way? What is the best way to do that? _____ Hotmail: Free, trusted and rich email service. Get it now. ------=_NextPart_000_01EA_01CA517E.3AD35CE0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Yes it can be done. The function will be run by every = user selecting from the table, so execute on the function should be granted = to public. Within the function you can check for a list of hard coded = users, or have it lookup the data in a table (which should be protected against = changes using fga) or you can use a db role that can be granted to users, and = check dba/all_role_privs.

 

Ken

 

 

 

From:= oracle-l-bounce@freelists.org [mailto:oracle-l-bounce@freelists.org] = On Behalf Of J. Dex
Sent: Tuesday, October 20, 2009 11:10 AM
To: oracle-l@freelists.org
Subject: VPD with column masking

 

Using VPD with column masking, is it possible to set up a function/policy so it only applies to a small = percentage of the users in the database?  
 
I have a main schema with all the tables under that schema.  I want = a few of the users (not everyone) to only be able to look at some of the data = that resides in those tables under that main schema.   Is it = possible to apply a function and policy to work that way?   What is the = best way to do that?

Hotmail: Free, trusted and rich email service. Get it now.

------=_NextPart_000_01EA_01CA517E.3AD35CE0-- -- http://www.freelists.org/webpage/oracle-l