Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: tough choices
Buck Nuggets wrote:
> I've got an application that has implemented some very complex
> security policies like this in the application layer and it is a
> maintenance nightmare.
Doing it once in the database reduces this maintenance nightmare.
> Anyhow, in my
> circumstance the vendor hasn't provided the maintenance tools to
> really manage this complexity. Being completely pragmatic here - does
> Oracle have a good grasp on this today? Can you easily determine in a
> proactive fashion:
> - all the users & ip ranges that any given row can be accessed by?
> - all the rows & columns that a given user can access?
> If not, are there tools coming out to help with this?
If you are willing to express your security policies via access labels, then Oracle has a packaged solutiuon, called Oracle Label Security, that will automate the generation and maintenance of your policies for you.
> Of course, that brings up the other potential
> challenge with policies like these - can they be implemented as easily
> on the BI (data warehousing, data mart, olap) side as they are on the
> OLTP side? Or is the best practice implementation for those very high
> security apps that don't ever allow the data out of a single
> centralized repository?
People use this stuff A LOT for Data Warehouses, often to remove the need to proliferate multiple downstream data marts. A classic is a bank that increases the privacy of customer information internally, the more money the customer has. Generally, I guess they would tend to see a secure, single centralized repository as a good thing, not a bad thing. Received on Sat Jun 26 2004 - 09:50:32 CDT