Re: Q: Oracle7 & Row level security...
Date: 1995/05/11
Message-ID: <1995May11.123746.22544_at_wmdhh.wmd.de>#1/1
Brian Graham (GrahamB_at_psac.com) wrote:
: In article <3ono2j$4tv_at_ttis.thomtech.com>, Dave H <dheissner_at_thomtech.com> says:
: >
: >Hi,
: >I am curious to know what approaches people are using to implement
: >row level security on an Oracle7 table without spliting the table
: >into separte tables with the same structure.
: >
: >Thanks in advance!
: >
: >Dave H. - dheissner_at_thomtech.com
: >
Hi netters!
I've got a similar problem, i.e. shielding certain rows of a table
from access by a group of users. In my case this group are developers
which are not allowd to work on the hot stuff.
Our application has evolved too far to go the view approach.
original: stuff_table
for developers: create view d_stuff_table_view ( a, b) as
select a, b from stuff_table where b <> 'hot'; This would mean to dynamically change the accessed tables/views depending on the user-group.
One solution is to have a second database. Cons are the additional adminstration efforts and needed resources.
Therefore am trying to go the following way: create a trigger which fires on updating, inserting and deleting (selecting everything is always allowed) and provoke an SQL-Error e.g. select stuff_allowed from customers where username = :username;
if ( stuff_allowed <> stuff_table.b ) then
select invalid_data from invalid_table;
end if;
(not syntactically correct, but I hope you get the sense)
Any hints or different options greatly appreciated
Axel
-- Axel Rose - Hamburg, Germany "Ich bin der Geist, der stets verneint! e-mail: rose_at_wmdhh.wmd.de Und das mit Recht; denn alles, was entsteht, phone : +49-40-58958-236 Ist wert, dass es zugrunde geht; fax : +49-40-58958-199 Drum besser waer's, dass nichts entstuende."Received on Thu May 11 1995 - 00:00:00 CEST