Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Fooling with roles
You can create the roles you need role1,role2,role3,etc and assigh =
different privileges to each role and then grant the roles to each other =
up the chain.
As example;
grant select any table to role1,
grant delete any table to role2.
grant role1 to role2.
role1 can select but not delete and role2 can select and delete.
Hope this helps.
Ron Rogers
DBA OCP
Atl.GA
>>> ismgr_at_pctc.com 08/11/00 08:01PM >>>
I'm starting to paper-design our security layout for some new software. =
Our
plan is to assign people levels of security, like AP(1-9), ISSUING(1-9),
RECEIVABLES(1-9), HR(1-9), etc etc. There's nothing special about the =
range
1-9, just seems intuitive.
Each level will be a superset of the one below it, i.e. each level =
includes
all the privileges of all levels below. People will have multiple
clearances (because we're a small company), so someone might be an HR-2, =
an
AR-4, an AP-1, etc.
I'm planning to create a ROLE for each level of each security type. I have the following questions and concerns...
I mean can I actually define AR-2 in Oracle as AR-1 + some more stuff, =
such
that if I add a privilege to AR-1, it automatically propagates up the =
chain?
2) If not, I'll have to either explicitly assign increasingly larger sets
of privileges to higher roles, or I'll have to assign a given role plus =
all
below it to each user. Which way is more efficient? Or more to the point,
which one is *less* efficient?
--- Dennis Taylor --- The opinions expressed herein are mine. Get your own opinions! --- --=20 Author: Dennis Taylor INET: ismgr_at_pctc.com=20 Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Mon Aug 14 2000 - 08:49:47 CDT