| |
 |
|
Oracle Tips by Burleson |
Chapter 2 Introducti
on
to Oracle Security
create or
replace view
claim_record
as
select
c.claim_id,
claim_amount,
p.description as procedure_description
from
claims c, procedures p
SEE CODE
DEPOT FOR FULL SCRIPT
(
select member_id
from allowed_members
SEE
CODE DEPOT FOR FULL SCRIPT
)
and
p.proc_code = c.proc_code;
The user is then granted SELECT privileges on
the view claim_record, not the claims table itself. When the user
selects from the claim_records view, he or she, in effect, executes
the query the view is defined on, and sees all the records he or she
is allowed to see. When the user attempts to select from the claims
table, he or she gets an error message “Object does not exist.”
meaning he or she does not have any privileges on the table. However
selecting the data from the view succeeds, because he or she does
have select access to it.
Let's examine the benefits of the view in this
context.
Object
Independence
– Since the user simply has to know the view
name, not the underlying tables and how
The above text is
an excerpt from:
Oracle Privacy Security Auditing
The
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only
$39.95
and has an
immediate download of working security scripts:
|
