| |
 |
|
Oracle Tips by Burleson |
Chapter 2 Introducti
on
to Oracle Security
they are defined, what their columns are, etc.,
the designers have more flexibility in the data architecture.
Auto Filtering
– Notice how the
selection from the view automatically initiates the query and thus
filters the records the user is not allowed to see. This filter is
based on the table allowed_members, but the user selecting from the
view does not even have to know the structure of the table or even
its existence. This merely adds to the security.
Object Security
– Since the users are
allowed SELECT access to the view, and not the tables themselves,
security can be strictly controlled. The users are shown all the
columns they need to be shown, but not all the columns. If the
columns contain any PHI (patient health information), such as
procedure codes or social security numbers, HIPAA specifically
prohibits displaying that information to the users who do not need
it. Ordinarily, this may demand the creation of separate tables for
storage of non-PHI data that other users can access. Using a view,
however, allows for control of displayed information.
For instance, take the example of the Procedure
Codes that are tightly controlled, such as HIV, with procedure codes
00123, 00124, 00125 and 00126. All other procedure codes can be
displayed. The view can be constructed like this:
create or
replace view
claim_records
as
select
c.claim_id, claim_amount,
decode(c.proc_code,
The above text is
an excerpt from:
Oracle Privacy Security Auditing
The
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only
$39.95
and has an
immediate download of working security scripts:
|
