Compiled Messages: ------------------------------------------------------------ Message no. 616 Posted by Lakshmikar Padmaraju (lpadmaraju) on Tuesday, October 17, 2006 2:58pm Subject: VPD-Row Level Security Hello everybody, Here are a few of the advantages of row level security: --Oracle's row level security provides a great improvement for this type of application where many users must connect to the same data but be segregated based on what parts of that data they are allowed to view and edit. --Maintenance becomes easier as now the business rules and security implementations are done through one PL/SQL procedure per table instead of being spread throughout the applications code. --It should be possible to retro-fit row level security to an existing application due to the fact that it is implemented on the server as close to the actual data as possible. --Because row level security is implemented as close to the data as possible, the loophole of accessing the data with a share account from a tool such as SQL*Plus is solved. --The issue of having to use shared accounts is no longer a problem as application roles / groups of users do not need to be segregated for the purpose of hard coding views onto the data. Row level security can be made to work with shared accounts though, if needed. --Auditing can now be done more easily using Oracles built in features. Security policies can be associated with both database base tables and also database views. --Using row level security makes the application more manageable due to simpler designs and less potential code. --Row level security provides a protection against ad-hoc queries as the tool does not matter anymore; the data is secured for everyone at the source. The above points are retrieved from the well-known oracle security expert Pete Finnigan's article Oracle Row Level Security: Part 1. Very interesting article worth reading it. http://www.securityfocus.com/infocus/1743 Hope you guys like it. Raju. ------------------------------------------------------------ Message no. 617[Branch from no. 616] Posted by Venkat Munagala (vrmunagala) on Tuesday, October 17, 2006 3:13pm Subject: Re: VPD-Row Level Security Raju the link is really worth reading. It clearly explained about the row level security with examples. ------------------------------------------------------------ Message no. 620 Posted by Kelsey Pooley (kjpooley) on Wednesday, October 18, 2006 11:07am Subject: Creating View in Project 7 DBSEC doesn't have privileges to create a view. Are we supposed to grant DBSEC privileges to create a view or are we supposed to create it under our own account? Kelsey ------------------------------------------------------------ Message no. 621[Branch from no. 620] Posted by Kelsey Pooley (kjpooley) on Wednesday, October 18, 2006 11:10am Subject: Re: Creating View in Project 7 I answered my own question. I connected as myself and granted the privilege to dbsec to create the view. Thanks anyway!! Kelsey ------------------------------------------------------------ Message no. 623[Branch from no. 617] Posted by Rhonda Nichols (renichols2) on Wednesday, October 18, 2006 11:19am Subject: Re: VPD-Row Level Security Thanks for the infor Raju! This can be a difficult topic to grasp. -Rhonda ------------------------------------------------------------ Message no. 630[Branch from no. 621] Posted by Paras Pradhan (ppradhan) on Thursday, October 19, 2006 9:00pm Subject: Re: Creating View in Project 7 kesley, did u make dbsec as dba? Paras. ------------------------------------------------------------ Message no. 634[Branch from no. 621] Posted by Sagun Piya (srpiya2) on Thursday, October 19, 2006 10:09pm Subject: Re: Creating View in Project 7 did u grant dbsec every privilege? I mean privilege to create view? Sagun ------------------------------------------------------------ Message no. 636[Branch from no. 634] Posted by Kelsey Pooley (kjpooley) on Thursday, October 19, 2006 11:31pm Subject: Re: Creating View in Project 7 I connected as myself (dba), and entered the command GRANT CREATE VIEW to DBSEC; Then I reconnected as DBSEC to actually create the view. Kelsey ------------------------------------------------------------ Message no. 637[Branch from no. 623] Posted by Ravinder Gaur (rgaur) on Friday, October 20, 2006 12:41am Subject: Re: VPD-Row Level Security Thanks for the link Raju. I'll go over it shortly. - Ravi ------------------------------------------------------------ Message no. 640[Branch from no. 616] Posted by Krishnamurth Ashwini (kashwini) on Friday, October 20, 2006 11:25am Subject: Re: VPD-Row Level Security The information was really good and thanks for the link Ash ------------------------------------------------------------ Message no. 642[Branch from no. 616] Posted by Suresh Methuku (smethuku) on Friday, October 20, 2006 12:16pm Subject: Re: VPD-Row Level Security Thanks for the link raju. It was a good one.. Suresh ------------------------------------------------------------ Message no. 649[Branch from no. 616] Posted by Gnaneshwar Bukka (gbukka) on Saturday, October 21, 2006 12:30pm Subject: Re: VPD-Row Level Security Nice explanation raju, thank you. Gnaneshwar Bukka. ------------------------------------------------------------ Message no. 650[Branch from no. 620] Posted by Gnaneshwar Bukka (gbukka) on Saturday, October 21, 2006 12:31pm Subject: Re: Creating View in Project 7 I granted create view to dbsec too, it should be fine. Gnaneshwar Bukka. ------------------------------------------------------------ Message no. 651 Posted by Anjana Divakar (adivakar) on Saturday, October 21, 2006 7:51pm Subject: redundancy of display In step 8, while displaying data, although only one row is being displayed one below the other, as asked in the question, the field names whose details are already displayed are again being repeated (field names are repeated). Is that correct or is there a better way to do it. thanks, anjana ------------------------------------------------------------ Message no. 656[Branch from no. 651] Posted by Anjana Divakar (adivakar) on Saturday, October 21, 2006 8:08pm Subject: Re: redundancy of display i answered my own q. I think the display format is like that. ------------------------------------------------------------ Message no. 661[Branch from no. 616] Posted by Naziya Shaik (snaziya) on Saturday, October 21, 2006 10:43pm Subject: Re: VPD-Row Level Security Thanks raju for the information. Row level security is really very important to avoid inconsistency of data. Naz ------------------------------------------------------------