Re: Fine Grained Access
- From: JApplewhite@xxxxxxxxxxxxx
- To: oracle-l@xxxxxxxxxxxxx
- Date: Wed, 5 Apr 2006 15:38:25 -0500
A simple-minded solution would be to create a two column User_Campus table
- User, Campus (could be ID or Name, whatever works for your situation).
Most folks would have one row in that table. The multi-Campus folks would
have two or more. Your security predicate would be "Where Campus In
(Select Campus from User_Campus Where User = <UserCapturedAt Logon>)".
The key to successful FGAC use is a flexible, table-driven security
meta-data model. No hard-coding should ever be needed.
Jack C. Applewhite - Database Administrator
Austin (Texas) Independent School District
512.414.9715 (wk) / 512.935.5929 (pager)
I'm OK, you're OK - in small doses. -- Introverts' Motto
LeRoy Kemnitz <lkemnitz@xxxxxxxx>
Sent by: oracle-l-bounce@xxxxxxxxxxxxx
04/05/2006 03:19 PM
Please respond to
lkemnitz@xxxxxxxx
To
oracle-l@xxxxxxxxxxxxx
cc
Subject
Fine Grained Access
I am running 10.1.0.4 on Unix. I work with a university system
involving 28 campuses. I am starting to use Fine Grained Access on my db.
I currently use the Predicate to inspect the login name in order to
determine what records they see. I limit them to only see their own
campus records. Works great. Well, now I have the situation where
certain users will be required to administer records from multiple
campuses. I could create group and add the users to the group. But
that would mean hard coding the username in the functions. Not ideal.
Any ideas or workarounds???
--
//www.freelists.org/webpage/oracle-l
Other related posts:
