469,106 Members | 2,096 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,106 developers. It's quick & easy.

FGAC and EMP_BASE_TABLE

have been reading up on FGAC and would prefer this to an app. code
approach. one issue is this:

in Mr. Kyte's article, the section Example 2.... , there is this
excerpt:

"Our solution is to create a view that all applications will use
(the EMP view) and enforce our security on that view. The original
EMP_BASE_TABLE will be used by our security policy to enforce the
rules. ... The application and end users will never use the
EMP_BASE_TABLE - only the security policy will."

my question: the application i'm working with is, while it uses
Oracle as database (and DB2 sometimes, but that's another episode),
wrapped by a very odd 4GL, which generates SQL kind of on-the-fly
(kind of, because i've not yet determined how much of our 4GL gets
saved as SQL, etc.). i don't have the option to create tables and
views (near as i can see, there are none of the latter). so, would
this approach work if the opposite is true: the users see the base
tables (because mountains of code exist referencing them), while the
security policy sees the views, which can be created and the app. code
is none the wiser.

thanks,
robert
Jul 19 '05 #1
2 3232
That view he created was for a "self-referencing table" problem if
you'd notice. If you won't encounter this kind of predicament then you
won't need to create 'em views.

Seen asktom's article? Someone asked that same question:

http://asktom.oracle.com/pls/ask/f?p...:4632007035731,

gn*****@rcn.com (robert) wrote in message news:<da**************************@posting.google. com>...
have been reading up on FGAC and would prefer this to an app. code
approach. one issue is this:

in Mr. Kyte's article, the section Example 2.... , there is this
excerpt:

"Our solution is to create a view that all applications will use
(the EMP view) and enforce our security on that view. The original
EMP_BASE_TABLE will be used by our security policy to enforce the
rules. ... The application and end users will never use the
EMP_BASE_TABLE - only the security policy will."

my question: the application i'm working with is, while it uses
Oracle as database (and DB2 sometimes, but that's another episode),
wrapped by a very odd 4GL, which generates SQL kind of on-the-fly
(kind of, because i've not yet determined how much of our 4GL gets
saved as SQL, etc.). i don't have the option to create tables and
views (near as i can see, there are none of the latter). so, would
this approach work if the opposite is true: the users see the base
tables (because mountains of code exist referencing them), while the
security policy sees the views, which can be created and the app. code
is none the wiser.

thanks,
robert

Jul 19 '05 #2
ro******@hotmail.com (Romeo Olympia) wrote in message news:<42**************************@posting.google. com>...
That view he created was for a "self-referencing table" problem if
you'd notice.
i did notice. the issue is that i need now to secure such a table,
but changing lots-o-code is not an option. dropping and re-creating
the table/view pair is an option, but that would make one client the
odd man out, and given turnover and such, would cause confusion.

being able to use tables and views interchangably in this paradigm
would be better.

robert.

If you won't encounter this kind of predicament then you won't need to create 'em views.

Seen asktom's article? Someone asked that same question:

http://asktom.oracle.com/pls/ask/f?p...:4632007035731,

gn*****@rcn.com (robert) wrote in message news:<da**************************@posting.google. com>...
have been reading up on FGAC and would prefer this to an app. code
approach. one issue is this:

in Mr. Kyte's article, the section Example 2.... , there is this
excerpt:

"Our solution is to create a view that all applications will use
(the EMP view) and enforce our security on that view. The original
EMP_BASE_TABLE will be used by our security policy to enforce the
rules. ... The application and end users will never use the
EMP_BASE_TABLE - only the security policy will."

my question: the application i'm working with is, while it uses
Oracle as database (and DB2 sometimes, but that's another episode),
wrapped by a very odd 4GL, which generates SQL kind of on-the-fly
(kind of, because i've not yet determined how much of our 4GL gets
saved as SQL, etc.). i don't have the option to create tables and
views (near as i can see, there are none of the latter). so, would
this approach work if the opposite is true: the users see the base
tables (because mountains of code exist referencing them), while the
security policy sees the views, which can be created and the app. code
is none the wiser.

thanks,
robert

Jul 19 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.

By using this site, you agree to our Privacy Policy and Terms of Use.