Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Fooling with roles

Fooling with roles

From: Dennis Taylor <ismgr_at_pctc.com>
Date: Fri, 11 Aug 2000 15:01:04 -0700
Message-Id: <10586.114424@fatcity.com> 





I'm starting to paper-design our security layout for some new software. Our
plan is to assign people levels of security, like AP(1-9), ISSUING(1-9),
RECEIVABLES(1-9), HR(1-9), etc etc. There's nothing special about the range
1-9, just seems intuitive.


Each level will be a superset of the one below it, i.e. each level includes
all the privileges of all levels below. People will have multiple
clearances (because we're a small company), so someone might be an HR-2, an
AR-4, an AP-1, etc.



I'm planning to create a ROLE for each level of each security type. I have
the following questions and concerns...



    
  
  1.   Can I explicitly include a lower role in a higher role? For instance,
can I define AR-2 as AR-1 + some new privileges? I don't mean conceptually,
I mean can I actually define AR-2 in Oracle as AR-1 + some more stuff, such
that if I add a privilege to AR-1, it automatically propagates up the chain?

  
  2.   If not, I'll have to either explicitly assign increasingly larger sets
of privileges to higher roles, or I'll have to assign a given role plus all
below it to each user. Which way is more efficient? Or more to the point,
which one is *less* efficient?






---



Dennis Taylor


---



The opinions expressed herein are mine. Get your own opinions!
Received on Fri Aug 11 2000 - 17:01:04 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US