Have you thought about encrypting those sensitive columns? The user will need select decrypt(balance) to see the content.
Then you grant execute on decrypt only to privileged users. Yechiel Adar Mehish ----- Original Message ----- To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]> Sent: Saturday, August 23, 2003 8:34 AM > list, i'm ikn the process of designing security for a highly sensitive > schema for a bank, > > plan: > have multiple oracle users, and use roles, and grant minimum required > privs, all the user/role/privs management coded in the application (with in > turn would create the db role and user etc) > > probolem: > i cannot do a "grant select(col1)on tabname to role1", as select grant on a > column level is not supported, to workaround this i must > > 1) use views and include all the columns granted seleted privs for a user, > then give grant select on this view to user. > > 2) somehow use RLS ?? > > TIA > > -Rahul > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: rahul > INET: [EMAIL PROTECTED] > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > San Diego, California -- Mailing list and web hosting services > --------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Yechiel Adar INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
