Advertisement

07.22.2008 at 06:35AM PDT, ID: 23585015
[x]
Attachment Details

Want to create View or Function to contain security code and access in WHERE clause

Asked by bcarlis in PL / SQL

Tags: SQL, PL/SQL

Hi All,
I have business rules of who can see what depending on 2-3 global arguments.
I want to use this query, where statement to plug in everywhere and if the business rule changes I can change it in one place.

right now I have a function that returns a boolean if rows exist
the function has the select count(*) into lcnt from mytable where x=3 and y=4 and z=0
if lcnt >0 then return true;
Works great..

but now I also want to limit a drop down select list.
drop down query is:
select office_id from mytbl2
where office id in myfunction -- can you do this if it returns a comma delimited list?

or another thought was to have my function return the where clause as a string and use dynamic SQL with execute immediate.
But.. that doesn't work very well in the select for the drop downs.
select xxx d, yyy r
from tbl
order by 1

A view sounded great by I have the 2 arguments that the view would have to access.
The user's id that logged in, his user_type (which I could get in the view)

ANY IDEAS?Start Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:

create or replace function "GET_ACCESS"
(pPID NUMBER, 
 pUSER_TYPE in VARCHAR2,
 pPAGE_TYPE in VARCHAR2)
return BOOLEAN
is
    lcnt NUMBER;
begin
  CASE
     WHEN pPAGE_TYPE='ENTER' THEN
         select count(*) into lcnt
	from AUDIT_USE U, AUDIT_TEMPLATE T
	where U.AUDIT_TEMPLATE_ID = t.AUDIT_TEMPLATE_ID
	  AND ( (pUSER_TYPE IN ('ADMIN','TPM')) 
	     OR (pUSER_TYPE IN ('CLIENT','SUPER') 
		   AND U.AUDIT_TEMPLATE_ID IN
		    (Select AUDIT_TEMPLATE_ID from SECURE_TEMPLATE
			where PID = pPID 
		  	  and (ALLX = 'Y' OR AUDIT_AUTH = 'Y')
		     )
		 )
	       );
     WHEN pPAGE_TYPE='EDIT' THEN
       select count(*) into lcnt
	from AUDIT_USE U, AUDIT_TEMPLATE T
	where U.AUDIT_TEMPLATE_ID = t.AUDIT_TEMPLATE_ID
	      AND ( (pUSER_TYPE = 'ADMIN') 
	         OR (pUSER_TYPE = 'TPM' AND U.AUDITOR_ID IN 
                     (select PID from PERSON where user_type = 'TPM')
                     )
		 OR (pUSER_TYPE IN ('CLIENT','SUPER') 
 		    AND t.AUDIT_TEMPLATE_ID IN
		        (Select AUDIT_TEMPLATE_ID from SECURE_TEMPLATE
		             where PID = pPID 
		             AND (ALLX = 'Y' OR AUDIT_AUTH = 'Y')
		         )
		     )
		   ); 
     WHEN pPAGE_TYPE='VIEW' OR pPAGE_TYPE='REPORT' THEN
       select count(*) into lcnt
	from AUDIT_USE U, AUDIT_TEMPLATE T
	where U.AUDIT_TEMPLATE_ID = t.AUDIT_TEMPLATE_ID
	  AND ( (pUSER_TYPE IN ('ADMIN','TPM'))
	     OR (pUSER_TYPE IN ('CLIENT','SUPER') 
		AND t.AUDIT_TEMPLATE_ID IN
		   (Select AUDIT_TEMPLATE_ID from SECURE_TEMPLATE
			where PID = pPID 
			AND (ALLX = 'Y' OR AUDIT_AUTH = 'Y')
		   )
		 )
	     OR (U.EXAMINER_ID = pPID AND U.COMPLETE = 'Y')
	     OR (pUSER_TYPE = 'SUPER' 
		  AND (U.EXAMINER_ID = U.SUPERVISOR_ID   
		  OR   U.EXAMINER_ID IN (select E.PID
			           from PERSON E, PERSON S
			          where S.PID = pPID 
		           and E.REPORTS_TO_1 = S.position_id 
		            OR E.REPORTS_TO_2 = S.position_id 
		            OR E.REPORTS_TO_3 = S.position_id 
		            OR E.REPORTS_TO_4 = S.position_id 
		         ) 
		       )
	         )
	       );
  END CASE;
  
  if(lcnt >0)then return true; end if;
  return false;
end;
[+][-]07.22.2008 at 06:44AM PDT, ID: 22059234

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07.22.2008 at 06:45AM PDT, ID: 22059252

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07.22.2008 at 06:56AM PDT, ID: 22059359

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07.22.2008 at 06:58AM PDT, ID: 22059375

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07.22.2008 at 07:03AM PDT, ID: 22059435

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]07.22.2008 at 07:07AM PDT, ID: 22059482

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07.22.2008 at 07:09AM PDT, ID: 22059509

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]07.22.2008 at 07:13AM PDT, ID: 22059565

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zone: PL / SQL
Tags: SQL, PL/SQL
Sign Up Now!
Solution Provided By: sdstuber
Participating Experts: 3
Solution Grade: A
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628