RE: 9iR2, grant select on a column (without using views) using RL

Sat, 23 Aug 2003 19:29:32 +0000

Title: RE: 9iR2, grant select on a column (without using views) using RLS

Use RLS ...

Raj
--------------------------------------------------------------------------------
Rajendra dot Jamadagni at nospamespn dot com
All Views expressed in this email are strictly personal.
QOTD: Any clod can have facts, having an opinion is an art !


-----Original Message-----
From: rahul [mailto:[EMAIL PROTECTED]]
Sent: Saturday, August 23, 2003 2:34 AM
To: Multiple recipients of list ORACLE-L
Subject: 9iR2, grant select on a column (without using views) using RLS


list, i'm ikn the process of designing security for a highly sensitive
schema for a bank,

plan:
have multiple oracle users, and use roles, and grant minimum required
privs, all the user/role/privs management coded in the application (with in
turn would create the db role and user etc)

probolem:
i cannot do a "grant select(col1)on tabname to role1", as select grant on a
column level is not supported, to workaround this i must

1) use views and include all the columns granted seleted privs for a user,
then give grant select on this view to user.

2) somehow use RLS ??

TIA

-Rahul

--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: rahul
  INET: [EMAIL PROTECTED]

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing). 

********************************************************************This e-mail 
message is confidential, intended only for the named recipient(s) above and may 
contain information that is privileged, attorney work product or exempt from 
disclosure under applicable law. If you have received this message in error, or are 
not the named recipient(s), please immediately notify corporate MIS at (860) 766-2000 
and delete this e-mail message from your computer, Thank 
you.*********************************************************************2

Reply via email to