本文介绍了Oracle的细粒度访问控制(FGAC),一种内置在Oracle数据库引擎中的行级安全机制。FGAC允许管理员精确地指定每个用户可以访问的数据元素,并通过自动附加WHERE子句来限制用户访问范围。
导读:
先看一下FGAC:
Oracle's Fine Grained Access Control (FGAC) provides a row-level security mechanism that's built-in to the Oracle database engine. FGAC allows you to granularly specify the exact information elements that each user may access. It works by automatically appending a WHERE predicate to the SQL statements executed by the user. For example, if you had an Employees table and wanted to grant each user access to his or her own records, you could assign them the clause "WHERE employeeid = USER").
With such an FGAC scheme, if the user executed the following statement:
SELECT *
FROM Employees
Oracle FGAC would modify the statement to read:
SELECT *
FROM Employees
WHERE employeeid = USER
Automatically limiting the user's access. For more information on FGAC, read the Oracle article: Fine Grained Access Control and Application Contexts.
事实上FGAC和FGA是两个不同的概念,FGAC是Control(控制),而一个是审计,FGA可以对访问进行记录,而不能限制访问,但FGAC可以。
本文转自
http://databases.about.com/b/2008/04/10/oracle-fine-grained-access-control.htm
扫一扫
2572
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
