Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Is this Roles?

Re: Is this Roles?

From: Jim Kennedy <kennedy-downwithspammersfamily_at_attbi.net>
Date: Tue, 05 Oct 2004 02:44:03 GMT
Message-ID: <TTn8d.122408$wV.5351@attbi_s54> 






"Craig Morea" <rmorea_at_satx.rr.com> wrote in message
news:b9319429.0410040253.661ffb1c_at_posting.google.com...


> Hi,

>

> I am a non-technical manager who needs to understand technical issues

> concerning database management (probably mostly Oracle) well enough to

> know what the tech-guys are talking about.  If I can understand how it

> all works at the flowchart model level, it is not necessary that I

> understand how to code it.  I apologize if this question is in the

> wrong place and would accept redirection if that is appropriate.

>

> The main issue I need to understand is a variation on roles-based

> access.  There is quite a bit of information available on how systems

> use roles to grant or limit permissions, but I have not found what I

> am looking for.  Since many examples focus on hospitals, I will make

> my example along the same lines:

>

> The general assumption seems to be that Doctors have more permissions

> than Nurses.  This is fine.  But both Doctors and Nurses always seem

> to have access to all the records in the hospital.  I want to be able

> to restrict their access to the records of patients specifically

> assigned to them.

>

> Also, I'd like to be able to grant access to personnel data on

> employees, to the employee's supervisor, and also to his supervisor's

> supervisor, all the way up the chain, but not to anyone outside the

> chain.  This appears to be partly a role issue, since supervisors can

> only see certain data, but it is also beyond roles, because the

> question is "who is supervisor of who?," and it gets worse when you

> want to add supervisor's supervisor, etc.

>

> So...I'm not looking for solutions (unless you happen to have one

> handy).  But an assessment of whether these things are even possible

> and an explanation of where to start looking to tackle this kind of

> thing would be appreciated.

>

> Thanks,

>

> Craig




Others have answered as to how to do it so I won't repeat their suggestions.
One suggestion I do have is that you consider allowing Nurses or Dr.'s to
"break the glass" and log the glass breaking.  If in fact you are talking
about a medical application then there are instances where you do NOT want
to restrict the information because to do so would endanger a patient's
life.  By breaking the glass I mean that the Nurse or Dr could view a chart
(in its entirety, or the confidential parts) and the access is logged.  As
long as Dr.s and Nurses know that their access is logged then it is less
likely that they will "break the glass" without a very good reason.
Jim
Received on Mon Oct 04 2004 - 21:44:03 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US