Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

how to grant access to subsets of tables updateable

Status
Not open for further replies.
bookouri

bookouri

IS-IT--Management
Feb 23, 2000
1,464
US
I have been asked to provide access to a table to two different groups of people. I have not had to do anything like this before and need someone to point me in the right direction. I have an employee table for example. In the employee table there is a column for dept. I need to be able to grant dept A users select, update access to all records where the dept col = A, and dept B users select, update access to all records where dept col = B. I want both A and B to be able to select each other's records but not update them. I would like to do this at the table level rather than have to code security into the forms themselves.

any suggestions would be appreciated.
 
Sort by date Sort by votes
This sounds a bit like a coursework question, but I'll give you the benefit of the doubt. You need to create a view on the EMP table which restricts the rows returned to deptno = 'A'. You can then grant access to the view rather than the underlying table. You would also need to specify "with check option" when creating the view to ensure that users can't insert or update anything outside their assigned department.
 
Upvote 0 Downvote
I can do an updateable view within certain restrictions. But what I create the form, I'd like to have both groups of users use the same form. When I create the form the first thing Ill do is select a table or view for the datablock used by the form. If I have to have a view for group a and a view for group b then I'll have to have two different forms. Im hoping that somebody has a trick I dont know for giving both groups access through the same form but with different levels of access to the underlying table/view. I expect it probably cant be done easily, but I was hoping somebody might have a trick to make it work.


 
Upvote 0 Downvote
Your users could simply have private synonyms for the main EMP table which point them towards the appropriate view. The code for the form would then be identical.
 
Upvote 0 Downvote
This certainly looks like a candidate for fine grained access control. Take a look at the dbms_rls package for details. Dagon's suggestion also looks as if it would work.
 
Upvote 0 Downvote
thanks, ill take a look at both those options.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Livia8
  • Locked
  • Question
How to forcibly logout users 2
Replies
17
Views
1K
carp
carp
sqlPower
  • Locked
  • Question
Help with Integer to Char to Datetime stamp
Replies
2
Views
736
SkipVought
S
Chopstik
  • Locked
  • Question
How to identify a package based on a code snippet 1
Replies
1
Views
684
Andrzejek
Andrzejek
Livia8
  • Locked
  • Question
Alternative to "locate" command
Replies
0
Views
690
Livia8
Livia8
TheLazyPig
  • Locked
  • Question
Inserting Text Decimal to Table Error
Replies
4
Views
758
carp
carp

Part and Inventory Search

Sponsor

Back
Top