Re: 9iR2, grant select on a column (without using views) using RL

[Tanel Poder]

Title: RE: 9iR2, grant select on a column (without using views) using RLS

Hm, I think you can't use RLS to restrict access to columns of returned rows. You only can control which entire rows are returned (based on values of some columns).   You have to use views or application logic to control read access to specific columns.   Tanel.   ----- Original Message ----- From: Jamadagni, Rajendra To: Multiple recipients of list ORACLE-L Sent: Saturday, August 23, 2003 11:24 PM Subject: RE: 9iR2, grant select on a column (without using views) using RL Use RLS ... Raj -------------------------------------------------------------------------------- Rajendra dot Jamadagni at nospamespn dot com All Views expressed in this email are strictly personal. QOTD: Any clod can have facts, having an opinion is an art ! -----Original Message----- From: rahul [mailto:[EMAIL PROTECTED]] Sent: Saturday, August 23, 2003 2:34 AM To: Multiple recipients of list ORACLE-L Subject: 9iR2, grant select on a column (without using views) using RLS list, i'm ikn the process of designing security for a highly sensitive schema for a bank, plan: have multiple oracle users, and use roles, and grant minimum required privs, all the user/role/privs management coded in the application (with in turn would create the db role and user etc) probolem: i cannot do a "grant select(col1)on tabname to role1", as select grant on a column level is not supported, to workaround this i must 1) use views and include all the columns granted seleted privs for a user, then give grant select on this view to user. 2) somehow use RLS ?? TIA -Rahul -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: rahul   INET: [EMAIL PROTECTED] Fat City Network Services    -- 858-538-5051 http://www.fatcity.com San Diego, California        -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from).  You may also send the HELP command for other information (like subscribing).