FGAC and EMP_BASE_TABLE

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • robert
    #1

    FGAC and EMP_BASE_TABLE

    have been reading up on FGAC and would prefer this to an app. code
    approach. one issue is this:

    in Mr. Kyte's article, the section Example 2.... , there is this
    excerpt:

    "Our solution is to create a view that all applications will use
    (the EMP view) and enforce our security on that view. The original
    EMP_BASE_TABLE will be used by our security policy to enforce the
    rules. ... The application and end users will never use the
    EMP_BASE_TABLE - only the security policy will."

    my question: the application i'm working with is, while it uses
    Oracle as database (and DB2 sometimes, but that's another episode),
    wrapped by a very odd 4GL, which generates SQL kind of on-the-fly
    (kind of, because i've not yet determined how much of our 4GL gets
    saved as SQL, etc.). i don't have the option to create tables and
    views (near as i can see, there are none of the latter). so, would
    this approach work if the opposite is true: the users see the base
    tables (because mountains of code exist referencing them), while the
    security policy sees the views, which can be created and the app. code
    is none the wiser.

    thanks,
    robert
    Tags: None
    • Romeo Olympia
      #2
      Re: FGAC and EMP_BASE_TABLE

      That view he created was for a "self-referencing table" problem if
      you'd notice. If you won't encounter this kind of predicament then you
      won't need to create 'em views.

      Seen asktom's article? Someone asked that same question:

      http://asktom.oracle.com/pls/ask/f?p...:4632007035731,

      gnuoytr@rcn.com (robert) wrote in message news:<da3c2186. 0406010630.328f 4801@posting.go ogle.com>...
      have been reading up on FGAC and would prefer this to an app. code
      approach. one issue is this:
      >
      in Mr. Kyte's article, the section Example 2.... , there is this
      excerpt:
      >
      "Our solution is to create a view that all applications will use
      (the EMP view) and enforce our security on that view. The original
      EMP_BASE_TABLE will be used by our security policy to enforce the
      rules. ... The application and end users will never use the
      EMP_BASE_TABLE - only the security policy will."
      >
      my question: the application i'm working with is, while it uses
      Oracle as database (and DB2 sometimes, but that's another episode),
      wrapped by a very odd 4GL, which generates SQL kind of on-the-fly
      (kind of, because i've not yet determined how much of our 4GL gets
      saved as SQL, etc.). i don't have the option to create tables and
      views (near as i can see, there are none of the latter). so, would
      this approach work if the opposite is true: the users see the base
      tables (because mountains of code exist referencing them), while the
      security policy sees the views, which can be created and the app. code
      is none the wiser.
      >
      thanks,
      robert

        Comment

        • robert
          #3
          Re: FGAC and EMP_BASE_TABLE

          rolympia@hotmai l.com (Romeo Olympia) wrote in message news:<42fc55dc. 0406011744.3e85 e195@posting.go ogle.com>...
          That view he created was for a "self-referencing table" problem if
          you'd notice.
          i did notice. the issue is that i need now to secure such a table,
          but changing lots-o-code is not an option. dropping and re-creating
          the table/view pair is an option, but that would make one client the
          odd man out, and given turnover and such, would cause confusion.

          being able to use tables and views interchangably in this paradigm
          would be better.

          robert.

          If you won't encounter this kind of predicament then you
          won't need to create 'em views.
          >
          Seen asktom's article? Someone asked that same question:
          >
          http://asktom.oracle.com/pls/ask/f?p...:4632007035731,
          >
          gnuoytr@rcn.com (robert) wrote in message news:<da3c2186. 0406010630.328f 4801@posting.go ogle.com>...
          have been reading up on FGAC and would prefer this to an app. code
          approach. one issue is this:

          in Mr. Kyte's article, the section Example 2.... , there is this
          excerpt:

          "Our solution is to create a view that all applications will use
          (the EMP view) and enforce our security on that view. The original
          EMP_BASE_TABLE will be used by our security policy to enforce the
          rules. ... The application and end users will never use the
          EMP_BASE_TABLE - only the security policy will."

          my question: the application i'm working with is, while it uses
          Oracle as database (and DB2 sometimes, but that's another episode),
          wrapped by a very odd 4GL, which generates SQL kind of on-the-fly
          (kind of, because i've not yet determined how much of our 4GL gets
          saved as SQL, etc.). i don't have the option to create tables and
          views (near as i can see, there are none of the latter). so, would
          this approach work if the opposite is true: the users see the base
          tables (because mountains of code exist referencing them), while the
          security policy sees the views, which can be created and the app. code
          is none the wiser.

          thanks,
          robert

            Comment

            Previous template Next
            Working...