Thanks for the where clause and to all who respond,
I'll check into fine grained access control
(dbms_rls).
--- "Khedr, Waleed" <[EMAIL PROTECTED]> a écrit :
> Add this to where clause:
>
> group <> decode(user,'typical',380,-100)
>
> Instead of -100 use any number not used by the
> groups.
>
by: cc:
[EMAIL PROTECTED] Subject: RE: SQL question
a
PROTECTED] Subject: RE: SQL question avoiding 2
views and not in
Title: RE: SQL question avoiding 2 views and not in
Has anyone used context and fine-grained security? I seem to remember the performance hit was not minimal when using this functionality.
-Original Message-
From: Khedr, Waleed [SMTP:[EMAIL PROTECTED]]
Sent: Friday
Title: RE: SQL question avoiding 2 views and not in
dbms_rls is cheaper to use ...
Raj
__
Rajendra
Jamadagni
MIS, ESPN Inc.
Rajendra dot Jamadagni at ESPN dot
com
Any opinion expressed here is
personal and doesn't re
Title: RE: SQL question avoiding 2 views and not in
Hi Stephane,
This may be more effort but have you considered having a security table to join to in the one view, instead of two views? Multiple views can really hose the optimizer, as I am sure you know. However adding a table then
Add this to where clause:
group <> decode(user,'typical',380,-100)
Instead of -100 use any number not used by the groups.
Also read about contexts and grain level security.
Waleed
-Original Message-
Sent: Friday, December 13, 2002 2:59 PM
To: Multiple recipients of list ORACLE-L
Hi,
Title: RE: SQL question avoiding 2 views and not in
OLS -- Oracle Label Security... I think that's the key you are looking for.
-Original Message-
From: Stephane Paquette [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 13, 2002 11:59 AM
To: Multiple recipients of list ORA
Hi,
We have a lot of views. Now the users have a new
requirement, only the user 'admin' can see all the
data from the views. The user 'typical' must see all
data except the one from group 380.
A basic solution is to create 2 sets of views with one
set having a group number <> 380.
I'm looking fo