Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Is this a valid use of Fine Grained Access Control (row level security)?

Re: Is this a valid use of Fine Grained Access Control (row level security)?

From: Richard Kuhler <noone_at_nowhere.com>
Date: Mon, 28 Jul 2003 23:46:39 GMT
Message-ID: <zBiVa.9973$Hr.441338@twister.socal.rr.com> 





hourman wrote:


<snip>



> We have 2 options:

> 1 - edit 100 pages and add where clause each time ELECT table is referenced 

> passing year selected on login. (we estimate 11 days to complete)

> 

> 2 - use fine grained access control.  We create a policy on ELECT table that 

> limits on year.  We create an app context and procedure.  when users login and 

> select a year we change the predicate so that ELECT table now just has year 

> selected (hiding all other years).  Since we kept old key and just added year 

> to create compond key, relationships with other tables is maintained.(we have 

> code altready).

> 

> Is this valid?  Am i asking for trouble.  Is it an invalid or wierd use of 

> FGAC?



You should be aware that Option 2 may have a significant impact on 
performance.  FGAC has to execute a PL/SQL function, modify the query 
and parse every time you query that table now.  Option 1 would avoid 
that.  In some situations, I've since FGAC add 30% overhead to an 
application.



Good Luck,


Richard Kuhler
Received on Mon Jul 28 2003 - 18:46:39 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US