RE: Disallow access to column of a table

• From: "Powell, Mark D" <mark.powell@xxxxxxx>
• To: "oracle-l-freelists" <oracle-l@xxxxxxxxxxxxx>
• Date: Mon, 5 Oct 2009 16:07:59 -0400

With 10gR2 and probably R1 VPD can be applied at the column level.
 
From Security manual >>
14.1.1.1 Column-Level VPD

Column-level VPD enables you to enforce row-level security when a
security-relevant column is referenced in a query. You can apply
column-level VPD to tables and views, but not to synonyms. By specifying
the security-relevant column name with the sec_relevant_cols parameter
of the DBMS_RLS.ADD_POLICY procedure, the security policy is applied
whenever the column is referenced, explicitly or implicitly, in a query.
<<

For 9.2 and earlier using a view as Mark Boback suggested is about your
only means to limit user access to column data when the use has table
privileges other than doing so in the application logic.


-- Mark D Powell -- 
HP Enterprise Services 
Phone (313) 592-5148 

 


________________________________

        From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Tim Gorman
        Sent: Monday, October 05, 2009 3:53 PM
        To: JBECKSTROM@xxxxxxxxx; oracle-l-freelists; oracle-db-l
        Subject: Re: Disallow access to column of a table
        
        
        Jeff,
         
        You have to use a view to restrict columns.
         
        If permissions or synonyms won't do the job correctly, you can
use VPD to restrict a particular community of users from accessing the
table, and permit them to use the view instead, and vice-versa.
         
        Hope this helps!
         
        -Tim
         

                -----Original Message-----
                From: Jeffrey Beckstrom [mailto:JBECKSTROM@xxxxxxxxx]
                Sent: Monday, October 5, 2009 01:35 PM
                To: 'oracle-l-freelists', 'oracle-db-l'
                Subject: Disallow access to column of a table
                
                
                                We have a requirement to disallow access
to a few columns of a table.  Any suggestions on how to do this?  I was
thinking of Virtual Private Database but that would exclude the entire
row.
                 
                Jeffrey Beckstrom
                Database Administrator
                Greater Cleveland Regional Transit Authority
                1240 W. 6th Street
                Cleveland, Ohio 44113

                        

--
//www.freelists.org/webpage/oracle-l

• References:
  • Re: Disallow access to column of a table
    • From: Tim Gorman

Other related posts:

• » Disallow access to column of a table- Jeffrey Beckstrom
• » RE: Disallow access to column of a table- Bobak, Mark
• » Re: Disallow access to column of a table- Tim Gorman
• » Re: Disallow access to column of a table- Mathias Magnusson
• » RE: Disallow access to column of a table - Powell, Mark D
• » Re: Disallow access to column of a table- Robert Freeman
• » Re: Disallow access to column of a table- chet justice
• » Re: Disallow access to column of a table- Stephen Booth

1. Home
2. oracle-l
3. Archive
4. 10-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---