Re: Q: Oracle7 & Row level security...

From: Axel Rose <rose_at_wmdhh.wmd.de>
Date: 1995/05/11
Message-ID: <1995May11.123746.22544_at_wmdhh.wmd.de>#1/1


Brian Graham (GrahamB_at_psac.com) wrote:

: In article <3ono2j$4tv_at_ttis.thomtech.com>, Dave H <dheissner_at_thomtech.com> says:

: >
: >Hi,
: >I am curious to know what approaches people are using to implement
: >row level security on an Oracle7 table without spliting the table
: >into separte tables with the same structure.
: >
: >Thanks in advance!
: >
: >Dave H. - dheissner_at_thomtech.com
: >

Hi netters!

I've got a similar problem, i.e. shielding certain rows of a table from access by a group of users. In my case this group are developers which are not allowd to work on the hot stuff. Our application has evolved too far to go the view approach. original: stuff_table
for developers: create view d_stuff_table_view ( a, b) as

        select a, b from stuff_table where b <> 'hot'; This would mean to dynamically change the accessed tables/views depending on the user-group.

One solution is to have a second database. Cons are the additional adminstration efforts and needed resources.

Therefore am trying to go the following way: create a trigger which fires on updating, inserting and deleting (selecting everything is always allowed) and provoke an SQL-Error e.g. select stuff_allowed from customers where username = :username;

     if ( stuff_allowed <> stuff_table.b ) then
	select invalid_data from invalid_table;
     end if;

(not syntactically correct, but I hope you get the sense)

Any hints or different options greatly appreciated

Axel

--
Axel Rose - Hamburg, Germany     "Ich bin der Geist, der stets verneint!
e-mail: rose_at_wmdhh.wmd.de         Und das mit Recht; denn alles, was entsteht,
phone : +49-40-58958-236          Ist wert, dass es zugrunde geht;
fax   : +49-40-58958-199          Drum besser waer's, dass nichts entstuende."
Received on Thu May 11 1995 - 00:00:00 CEST

Original text of this message