Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: tough choices

Re: tough choices

From: Serge Rielau <srielau_at_ca.eye-be-em.com>
Date: Sat, 26 Jun 2004 10:55:03 -0400
Message-ID: <cbk2p3$nad$1@hanover.torolab.ibm.com> 





OK, let me see if I get this straight.


Oracle provides a set of procedures which are used to manage "policies" 
against specific tables (or table like objects)/columns. A policy is 
associated with a function.


the function is user defined and spits out a predicate string which 
Oracle injects into the SQL Statement.


Whatever smarts (policies) there are are in the user written function.
Presumable for column level access control some form of CASE expression 
is used to NULL out the data (?)



The promised value add is:


* in not needing to alter the view, or introduce views for encapsulation 

in the first place.


* The predicate may be injected or not - depending on whatever the 

policy maker pleases (such as time of day, mood of the boss)


* There is some level of encapsulation (i.e. the policy package).




The policy maker is responsible to keep up to date with schema changes 
(or the predicates may break) and to ensure proper indexing exists (or 
else the predicates may bring the query to a grinding halt).



Did I miss anything?


Cheers


Serge

-- 
Serge Rielau
DB2 SQL Compiler Development
IBM Toronto Lab


Received on Sat Jun 26 2004 - 09:55:03 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US