473,322 Members | 1,806 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,322 software developers and data experts.

FGAC and EMP_BASE_TABLE

have been reading up on FGAC and would prefer this to an app. code
approach. one issue is this:

in Mr. Kyte's article, the section Example 2.... , there is this
excerpt:

"Our solution is to create a view that all applications will use
(the EMP view) and enforce our security on that view. The original
EMP_BASE_TABLE will be used by our security policy to enforce the
rules. ... The application and end users will never use the
EMP_BASE_TABLE - only the security policy will."

my question: the application i'm working with is, while it uses
Oracle as database (and DB2 sometimes, but that's another episode),
wrapped by a very odd 4GL, which generates SQL kind of on-the-fly
(kind of, because i've not yet determined how much of our 4GL gets
saved as SQL, etc.). i don't have the option to create tables and
views (near as i can see, there are none of the latter). so, would
this approach work if the opposite is true: the users see the base
tables (because mountains of code exist referencing them), while the
security policy sees the views, which can be created and the app. code
is none the wiser.

thanks,
robert
Jul 19 '05 #1
2 3460
That view he created was for a "self-referencing table" problem if
you'd notice. If you won't encounter this kind of predicament then you
won't need to create 'em views.

Seen asktom's article? Someone asked that same question:

http://asktom.oracle.com/pls/ask/f?p...:4632007035731,

gn*****@rcn.com (robert) wrote in message news:<da**************************@posting.google. com>...
have been reading up on FGAC and would prefer this to an app. code
approach. one issue is this:

in Mr. Kyte's article, the section Example 2.... , there is this
excerpt:

"Our solution is to create a view that all applications will use
(the EMP view) and enforce our security on that view. The original
EMP_BASE_TABLE will be used by our security policy to enforce the
rules. ... The application and end users will never use the
EMP_BASE_TABLE - only the security policy will."

my question: the application i'm working with is, while it uses
Oracle as database (and DB2 sometimes, but that's another episode),
wrapped by a very odd 4GL, which generates SQL kind of on-the-fly
(kind of, because i've not yet determined how much of our 4GL gets
saved as SQL, etc.). i don't have the option to create tables and
views (near as i can see, there are none of the latter). so, would
this approach work if the opposite is true: the users see the base
tables (because mountains of code exist referencing them), while the
security policy sees the views, which can be created and the app. code
is none the wiser.

thanks,
robert

Jul 19 '05 #2
ro******@hotmail.com (Romeo Olympia) wrote in message news:<42**************************@posting.google. com>...
That view he created was for a "self-referencing table" problem if
you'd notice.
i did notice. the issue is that i need now to secure such a table,
but changing lots-o-code is not an option. dropping and re-creating
the table/view pair is an option, but that would make one client the
odd man out, and given turnover and such, would cause confusion.

being able to use tables and views interchangably in this paradigm
would be better.

robert.

If you won't encounter this kind of predicament then you won't need to create 'em views.

Seen asktom's article? Someone asked that same question:

http://asktom.oracle.com/pls/ask/f?p...:4632007035731,

gn*****@rcn.com (robert) wrote in message news:<da**************************@posting.google. com>...
have been reading up on FGAC and would prefer this to an app. code
approach. one issue is this:

in Mr. Kyte's article, the section Example 2.... , there is this
excerpt:

"Our solution is to create a view that all applications will use
(the EMP view) and enforce our security on that view. The original
EMP_BASE_TABLE will be used by our security policy to enforce the
rules. ... The application and end users will never use the
EMP_BASE_TABLE - only the security policy will."

my question: the application i'm working with is, while it uses
Oracle as database (and DB2 sometimes, but that's another episode),
wrapped by a very odd 4GL, which generates SQL kind of on-the-fly
(kind of, because i've not yet determined how much of our 4GL gets
saved as SQL, etc.). i don't have the option to create tables and
views (near as i can see, there are none of the latter). so, would
this approach work if the opposite is true: the users see the base
tables (because mountains of code exist referencing them), while the
security policy sees the views, which can be created and the app. code
is none the wiser.

thanks,
robert

Jul 19 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: robert | last post by:
this block is from a (successful) implementation of FGAC. that is a good thing. IF l_context <> 'FOOBAR' THEN retval := 'user_id = '' ' || USER || ''''; ELSE retval := '1 = 1'; END IF; ...
1
by: robert | last post by:
got a nice security set up in my test schema. updated the text to reference the next level up in the schema hierarchy. installed through SQL*Plus as i always did with the test schema. ran the...
125
by: Rhino | last post by:
One of my friends, Scott, is a consultant who doesn't currently have newsgroup access so I am asking these questions for him. I'll be telling him how to monitor the answers via Google Newsgroup...
198
by: Sy Borg | last post by:
Hello: We are designing two multi-user client server applications that performs large number of transactions on database servers. On an average Application A has a 50% mix of select and...
2
by: robert | last post by:
have been reading up on FGAC and would prefer this to an app. code approach. one issue is this: in Mr. Kyte's article, the section Example 2.... , there is this excerpt: "Our solution is to...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.