Re: DBMS_RLS and Fine-Grained access control
- From: Mladen Gogala <mladen@xxxxxxxxxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx
- Date: Tue, 16 Mar 2004 15:04:37 -0500
Grouping policies enables you administrative control over policies. You will
group
related policies together. For instance, let's say that you are an HMO and that
you have one large schema, containing 1200+ objects called "PULSE". The "PULSE"
schema contains objects pertaining to the several functional parts: providers,
members, claims and enrollment. For instance, for members you have tables
with the personal information like date of birth, address, contact information,
SSN, primary care phyisician and alike. Furthermore, let's assume that there
is a law called health insurance portability and accountability act of 1996.
which strictly mandates access to that personal information. You would want to
group all policies pertaining to the member information into a single policy
group called "MEMBERS". All those policies would have the same or very similar
policy functions returning predicates that would restrict access to member
information. Those policies would be meaningless for claims, for which one
would need a completely different set of policies, grouped into the "CLAIMS"
group. Policy is always added to an object. Policy consists of the policy
name, policy context and policy function. If you want to have a logical
grouping, you need policy groups. ADD_POLICY adds a policy without any
group connection. ADD_GROUPED_POLICY associates the policy with the policy
groups.
On 03/16/2004 02:31:49 PM, Dan Looby wrote:
> In the March/April 2004 Oracle Magazine there is an article by Arup
> Nanda on setting up VPD that used the DBMS_RLS.ADD_POLICY to add a
> policy. Good starting point. I've got to set up VPD for a schedule
> of classes to restrict which users can insert, update, and/or delete
> what course sections.
>
> My question is: what is the difference between ADD_POLICY versus
> CREATE_POLICY_GROUP and ADD_GROUPED_POLICY?
>
> Dan
> --
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Daniel P. Looby email: dan.looby@xxxxxxxxxxxxxx
> Lead Systems Analyst
> Enterprise Information Systems/OIT A meeting is an event at
> Georgia Institute Of Technology which minutes are kept
> 845 Marietta Street and hours are lost!
> Atlanta, GA 30332-0305
> Office Phone: 404-894-9587
> Fax: 404-894-8945
> ----------------------------------------------------------------
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> ----------------------------------------------------------------
> To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
> put 'unsubscribe' in the subject line.
> --
> Archives are at //www.freelists.org/archives/oracle-l/
> FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
> -----------------------------------------------------------------
>
----------------------------------------------------------------
Please see the official ORACLE-L FAQ: http://www.orafaq.com
----------------------------------------------------------------
To unsubscribe send email to: oracle-l-request@xxxxxxxxxxxxx
put 'unsubscribe' in the subject line.
--
Archives are at //www.freelists.org/archives/oracle-l/
FAQ is at //www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------
Other related posts:
