Row Level Security Benefits?
- From: Charlotte Hammond <charlottejanehammond@xxxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx
- Date: Thu, 26 Apr 2007 09:08:15 -0700 (PDT)
Hi All,
I'm looking at using DBMS_RLS to implement some simple
row level security. For example we have a few tables
with rows which only department managers should be
able to see (they are using a 3-tier Java
application):
I can create a view like this (for example):
SELECT value
FROM my_data md,
department dept,
manager m
WHERE md.dept_no = dept.dept_no
AND dept.manager_no = m.manager_no
AND m.manager_id =
SYS_CONTEXT('USERENV','CLIENT_IDENTIFIER');
And then grant select on the view (rather than the
MY_DATA table).
Is there anything to gain by adding RLS into this mix
instead of using views? It certainly costs $$$s extra
so I only want to use it if I can get a tangible
benefit. Significantly this application is read-only
(well, sort of, assume it is for this discussion!) I
have read through the fine manuals but it all looks
more complex than I really need.
Should I continue with my attempt to create a bunch of
views or is there anything to be gained by using RLS
here?
Any shared experience would be most welcome!
Many thanks
Charlotte
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
//www.freelists.org/webpage/oracle-l
Other related posts:
