Nice try from ORACLE support. This workaround does not make much sense
though. It seems to imply that you need to the put that piece of code
somewhere in your application to first find out if FGAC exists and
then let the user do the update - if this user does have the update
privilege. You just don't implement security that way. The whole point
of FGAC is that it does not matter what applicaton you use, you are
always under its ever watchful eyes. It should be totally transparent.
If you have to depend on one single application for FGAC to work, this
is not FGAC anymore.
"Ronnie Yours" <ronnie_yours_at_yahoo.com> wrote in message news:<amvktl$rs2$1_at_nntp-m01.news.aol.com>...
> I have already opened a Tar and gave a similar test case to Oracle. This is
> what they have to say.....
> I hope I am not violating any copyright law here....
>
> Oracle's Comment
> -----------------
> As far as
> workaround is concerned
> I can think of only one way, along with LOB column select one more column;
> for eg in the example you
> have posted change the query as
>
> declare
> mvclob clob;
> mvar varchar2(100) := 'This is updated by ' || user || ' 2';
> begin
> select ind_col, clob_col into mvclob from lobtab where ind_col = 2 for
> update;
> update lobtab set ind_col = ind_col where rownum<=1;
> /* This will just try to update one row to the same value This acts as a
> check for policies that has been set*/
> if sql%rowcount>0 then
> dbms_lob.write(mvclob, length(mvar), 1, mvar);
> end if
> end;
> /
Received on Thu Sep 26 2002 - 19:54:15 CDT
