Oracle PL/SQL Programming: Guide to Oracle8i Features

Team-Fly    

 
Oracle PL/SQL Programming Guide to Oracle 8 i Features

By Steven Feuerstein

Table of Contents
Chapter 8.  Deploying Fine-Grained Access Control

8.1 FGAC Components

To take advantage of FGAC, you have to use programs and functionality from a wide variety of sources within Oracle, including the following:

CREATE CONTEXT DDL statement

Allows you to define a system or application context by name , and associate that context with a PL/SQL package. A context is a named set of attribute/value pairs that are global to your session.

DBMS_SESSION.SET_CONTEXT procedure

Allows you to set the value for a specific attribute in a particular context.

SYS_CONTEXT function

Returns the value of a specific attribute of a context. These attributes can be system values, such as the schema name, or they can be application-specific elements that you define.

DBMS_SESSION.LIST_CONTEXT procedure

Returns the value of all attributes and values defined across all contexts in the current session.

DBMS_RLS package

A variety of programs you can use to define security policies and to associate those policies with specific PL/SQL functions that will generate WHERE clause predicates for use in fine-grained access queries. See Chapter 7.

The default database installation does not grant the EXECUTE privilege on the DBMS_RLS package to PUBLIC. Access is granted only to EXECUTE_CATALOG_ROLE, so schemas calling the package must have that role assigned to them.

Oracle discusses each of these topics in a different area of its documentation, making it difficult to pull them all together into a sensible , easy-to-deploy feature. This chapter takes a different approach. I will explain each area of functionality and the standalone steps needed to use them, but then immediately move to an extended example that will show you exactly how to implement FGAC in your own environment.


Team-Fly    
Top

Категории