Skip to Main Content
Oracle PL/SQL for DBAs
book

Oracle PL/SQL for DBAs

by Arup Nanda, Steven Feuerstein
October 2005
Intermediate to advanced content levelIntermediate to advanced
454 pages
14h 44m
English
O'Reilly Media, Inc.
Content preview from Oracle PL/SQL for DBAs

Application Contexts

In the discussion of row-level security so far, I have assumed a critical fact—that the predicate (i.e., the limiting condition that restricts the rows of the table) is constant, or fixed at the time of login. But what if I have a new requirement: users can now see employee records based not on fixed department numbers but on a list of privileges maintained for that reason. A table named EMP_ACCESS maintains the information about which users can access which employee information.

    SQL> DESC emp_access
     Name              Null?    Type
     ----------------- -------- ------------
     USERNAME                   VARCHAR2(30)
     DEPTNO                     NUMBER

Here is some sample data.

    USERNAME                           DEPTNO
    ------------------------------ ----------
    MARTIN                                 10
    MARTIN                                 20
    KING                                   20
    KING                                   10
    KING                                   30
    KING                                   40

I observe that Martin can see departments 10 and 20, but King can see 10, 20, 30, and 40. If an employee’s name is not present in this table, he cannot see any records. The requirements also state that a user’s privilege can be reassigned dynamically by updating the EMP_ACCESS table. The new privileges must take effect immediately, without requiring the user to log off and then log on again.

Given these requirements, I cannot depend on a LOGON trigger to set all the values needed for use in the policy function.

One possible option to meeting this requirement is to create a package with a variable to hold the predicate and provide the user with a PL/SQL program to assign the value to the variable. The policy function can then use the value ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Oracle PL/SQL Best Practices

Oracle PL/SQL Best Practices

Steven Feuerstein
Expert Oracle PL/SQL

Expert Oracle PL/SQL

Ron Hardman, Michael McLaughlin
Oracle PL/SQL For Dummies

Oracle PL/SQL For Dummies

Michael Rosenblum, Paul Dorsey

Publisher Resources

ISBN: 0596005873Supplemental ContentErrata Page