Hi John,
Thanks for suggesting FGAC - that hadn't occurred to me, but I guess I could
simply set up a policy function along the lines of
'sys_context('USERENV','SESSION_USER') != READONLYUSER' and add it for
statement types insert, update and delete on all tables. And then allow a
free-for-all on executing the packages.
I guess this is similar in principle to Mark Bobak's suggestion - to allow the
PL/SQL access but block any actual DML that is attempted, only using DBMS_RLS
instead of triggers. Stephane Faroult is trying to persuade me that the impact
using triggers won't be that great - and I'll believe him! - but I'd be
comfortable using DBMS_RLS as we had it on an other similar system and it
didn't have any noticeable performance hit.
Thanks to everyone who responded, all much appreciated!
- Charlotte
On Thu, 16 Dec 2004 08:45 , John Shaw <John.Shaw@xxxxxxxxxxxxxxxxxxx> sent:
The ever popular fine grain access
[... details snipped ... ]
---------------------------------
Do you Yahoo!?
Yahoo! Mail - Find what you need with new enhanced search. Learn more.
--
http://www.freelists.org/webpage/oracle-l