If this specific connection is used, you
cannot restrict the user??™s view of the records on the remote host. However, if a connected user
link is used, and a view is created on the remote host using the USER pseudo-column, then only
that user??™s data would be returned from the remote host. A sample database link and view of this
type is shown in the following listing:
-- In the local database:
--
create public database link HR_LINK
connect to current_user
using 'hq';
create view REMOTE_EMP as
select * from EMPLOYEES@HR_LINK
where login_id=USER;
Either way, the data being retrieved can be restricted. The difference is that when a connected
user link is used, the data can be restricted based on the username in the remote database; if a
fixed connection is used, the data can be restricted after it has been returned to the local database.
The connected user link reduces the amount of network traffic needed to resolve the query and
adds an additional level of location transparency to the data.
Chapter 17: Managing Distributed Databases 607
NOTE
If you are using the Virtual Private Database features of the Oracle
Database, you can restrict access to rows and columns without
maintaining views for this purpose. See Chapter 9 for details on
Virtual Private Database options.
Connected user database links raise a different set of maintenance issues. The tnsnames.ora
file must be synchronized across the servers (which in turn drives the adoption of an LDAP
solution such as OID), and the username/password combinations in multiple databases must be
synchronized.
Pages:
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890