Here you??™re faced with a situation in which you might have to
define a view for every HR representative, which might mean many, many different
views, views that would have to change every time an HR representative left or
joined the company. And if youwant to grant write access for a representative??™s own
employees and read access for other employees, the situation gets even more complex.
The smaller the scope, or grain, of the access control youdesire, the more work
is involved in creating and maintaining the security privileges.
Security | 145
Oracle offers a type of security that you can use to grant this type of fine-grained
access control (FGAC). Security policies implemented as PL/SQL functions can be
associated with tables or views enabling creation of a virtual private database (VPD).
A security policy returns a condition that??™s dynamically associated with a particular
SQL statement, which transparently limits the data that??™s returned. In the HR example,
suppose that each representative supports employees with a last name in a
particular alphabetic range, such as A through G.
Pages:
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327