Re: FGAC and EMP_BASE_TABLE

From: robert <gnuoytr_at_rcn.com>
Date: 2 Jun 2004 05:03:22 -0700
Message-ID: <da3c2186.0406020403.4624ab1f_at_posting.google.com>


rolympia_at_hotmail.com (Romeo Olympia) wrote in message news:<42fc55dc.0406011744.3e85e195_at_posting.google.com>...
> That view he created was for a "self-referencing table" problem if
> you'd notice.

i did notice. the issue is that i need now to secure such a table, but changing lots-o-code is not an option. dropping and re-creating the table/view pair is an option, but that would make one client the odd man out, and given turnover and such, would cause confusion.

being able to use tables and views interchangably in this paradigm would be better.

robert.

If you won't encounter this kind of predicament then you
> won't need to create 'em views.
>
> Seen asktom's article? Someone asked that same question:
>
> http://asktom.oracle.com/pls/ask/f?p=4950:8:16292656294869254490::NO::F4950_P8_DISPLAYID,F4950_P8_CRITERIA:4632007035731,
>
> gnuoytr_at_rcn.com (robert) wrote in message news:<da3c2186.0406010630.328f4801_at_posting.google.com>...
> > have been reading up on FGAC and would prefer this to an app. code
> > approach. one issue is this:
> >
> > in Mr. Kyte's article, the section Example 2.... , there is this
> > excerpt:
> >
> > "Our solution is to create a view that all applications will use
> > (the EMP view) and enforce our security on that view. The original
> > EMP_BASE_TABLE will be used by our security policy to enforce the
> > rules. ... The application and end users will never use the
> > EMP_BASE_TABLE - only the security policy will."
> >
> > my question: the application i'm working with is, while it uses
> > Oracle as database (and DB2 sometimes, but that's another episode),
> > wrapped by a very odd 4GL, which generates SQL kind of on-the-fly
> > (kind of, because i've not yet determined how much of our 4GL gets
> > saved as SQL, etc.). i don't have the option to create tables and
> > views (near as i can see, there are none of the latter). so, would
> > this approach work if the opposite is true: the users see the base
> > tables (because mountains of code exist referencing them), while the
> > security policy sees the views, which can be created and the app. code
> > is none the wiser.
> >
> > thanks,
> > robert
Received on Wed Jun 02 2004 - 14:03:22 CEST

Original text of this message