oracledba宝典12资源-CSDN文库

oracle

dba宝典oracle

3星 · 超过75%的资源需积分: 3 173 浏览量 2009-10-27 12:42:26 上传评论 1 收藏 120KB PDF 举报

资源推荐

资源详情

资源评论

Using Fine-

Grained Access

Control

n exciting new Oracle8i feature is the ability to implement

row-level security within the database. Oracle refers to

this as fine-grained access control. It addresses a problem that

has plagued application developers and security administrators

ever since client/server computing came into vogue. The

problem is that an impedance mismatch has existed between

the typical relational database’s implementation of security

at the object level, and the application developer’s need for

security to be implemented at the row level. For a long time

now, we have been able to define access rights to objects

such as tables or views at the database level, but row-level

security has almost always been forced down into the

application. Oracle8i changes all this by implementing features

that support fine-grained access control at the |database level.

Using Application Security

Application security is loosely defined as the enforcement of

limits on what a particular user can do using a given application.

Take a payroll application, for example. Any payroll application

is capable of adding new employees to the payroll, changing pay

rates, and so forth. Even though all these features are available,

you certainly don’t want all users to avail themselves of them.

Instead, you have a limited number of users who are allowed to

see and change sensitive data such as an employee’s pay rate.

You might have a larger pool of users with “look only” access.

You may have further restrictions; for instance, a manager

is allowed to see only his or her own employees. All of these

restrictions are typically enforced through some type of

row-level security.

CHAPTER

✦ ✦ ✦ ✦

In This Chapter

Using application

security

Understanding

application security

contexts

Writing security

policies

Using pre-8i

alternatives

✦ ✦ ✦ ✦

4623-6 ch12.f.qc 1/28/00 12:29 PM Page 327

331

Chapter 12 ✦ Using Fine-Grained Access Control

Understanding Application Security Contexts

An application security context functions as a glorified scratchpad. It is an area in

memory where you can store information that you may need occasionally during

a session. You define the information that you need to store in terms of attributes.

Each attribute in a context has a name and a value. Both the name and the value

are text strings that you supply when you create the attribute.

Creating and dropping a context

You manage contexts using the CREATE CONTEXT and DROP CONTEXT commands.

The

CREATE command creates; the DROP command deletes. There is no ALTER

CONTEXT

command.

Creating a Context

Before creating a context, you must think up a name. The name can be anything

you like, as long as it conforms to Oracle’s naming rules for objects. Try to give

the context a name that reflects the application that it is associated with. The

syntax for the

CREATE CONTEXT command looks like this:

CREATE [OR REPLACE] CONTEXT context_name

USING [schema.]package;

The package name that you supply when you create a context identifies the PL/SQL

package that is allowed to create and set attributes within the context. The package

doesn’t need to exist when you create the context. You can create it afterwards.

Creating a context doesn’t really create anything in the sense that creating a table

does. When you create a context, all that really happens is that you get a new entry

in the data dictionary. Contexts never use disk space, and they use memory only

when attributes are set.

You must have the CREATE ANY CONTEXT system privilege to create a context.

Because contexts aren’t created often, and because they are global to the entire

database, you may want to do all the context creating yourself, rather than grant

this role to a user.

Dropping a Context

You use the DROP CONTEXT command to remove a context. The syntax is simple,

and it looks like this:

DROP CONTEXT context_name;

When you drop a context, its entry is removed from the data dictionary, and you

can no longer define attributes for that context. However, users who currently have

attributes set for the context will retain those attributes until they disconnect.

Note

4623-6 ch12.f.qc 1/28/00 12:29 PM Page 331

剩余23页未读，继续阅读

评论收藏

内容反馈

huzibaba

2014-05-22

只是其中一章，没有看下去

bananaxzw

粉丝: 1
资源: 31

oracle dba宝典12

最新资源

oracle dba宝典12

oracle dba宝典6

oracle dba宝典8

oracle dba宝典5

oracle dba宝典9

oracle dba宝典3

Oracle DBA宝典

oracle DBA宝典和教程.rar

oracle dba宝典11

oracle dba宝典14

oracle dba宝典13

ORACLE DBA 宝典

Oracle 8i dba宝典

Oracle DBA基础知识

Oracle 宝典 DBA全攻略pdf

Oracle.v10g.DBA.宝典

DBA必读宝典：Oracle.11g权威指南（第2版）.谷长勇.扫描版

Oracle_10g_DBA宝典

Ora8i DBA宝典

ORACle_DBA手册

数据库系统概念（原书第七版）习题答案

oci.dll 12版本全部

数据库系统概念（原书第七版）课后作业题

Kingbase KCA题库

win64-11gR2-client.zip

fineReport课后10题答案.zip

Oracle19c-Windows客户端

Oracle11安装依赖包，11.2.0.4.0版本

oracle 12c windows 安装包下载

Oracle19c(19.3)数据库驱动ojdbc.jar

最新资源