Yea, but he didn't specify Oracle version.
-Original Message-
To: Multiple recipients of list ORACLE-L
Sent: 11/27/2001 5:55 PM
Actually, you can. Use FGAC (Fine-Grained Access Control) and you can
put a
Policy in place on a table that even the table owner can't bypass - even
System c
[EMAIL PROTECTED]
MohanR@STARS-
SMI.com To: [EMAIL PROTECTED]
Sent by: cc:
root@fatcity.Subject: RE: Revoke Delete
com
11/27/01
>
> SMI.com To:
> [EMAIL PROTECTED]
>
> Sent by: cc:
>
Actually, you can. Use FGAC (Fine-Grained Access Control) and you can put a
Policy in place on a table that even the table owner can't bypass - even
System can't bypass. Only Sys can bypass FGAC policies - and the owner of
the security schema in which you place the Policy functions.
I've used F
: RE: Revoke Delete
com
set what, precisely, through a trigger?
Geez, if you have a DBA and/or a schema owner that can't/shouldn't be
deleting from a table, what you have is NOT a database problem, it's
an HR problem.
sheesh.
yea, how about this? an "BEFORE DELETE" trigger on the table, saving and
repopulating each
You can't revoke the ability to delete from the schema owner. You
could revoke CREATE SESSION from the schema owner, but that doesn't
solve the problem of DBA-privileged accounts being able to delete.
I'm guessing that this is a perfect opportunity to use an "INSTEAD OF"
trigger.
--- Aldi Barc
