FutureDBA-
asked on
select Results based on Authentication.
I have various users connected to 3 databases. I would like for users to only see results based on what they have entered.
is this possible ?
is this possible ?
ASKER
I thought about doing it with the data_owner = 'USER',
my tables do have the equivalent of a data_owner column.
My main thing is, I want to use this with Oracle APEX and Database Authentication, doing it with this method, I would have to make multiple copies of the same app for individual users.
Doesn't seem efficient
my tables do have the equivalent of a data_owner column.
My main thing is, I want to use this with Oracle APEX and Database Authentication, doing it with this method, I would have to make multiple copies of the same app for individual users.
Doesn't seem efficient
no, as long as your apex app only used the views and not the real tables, then the security would be enforced at the database/view level, not in the APEX code.
If you must use the tables and not views, then look into the dbms_rls package. It will allow you to apply the ownership rules on any table, regardless of the method you use to access them.
If you must use the tables and not views, then look into the dbms_rls package. It will allow you to apply the ownership rules on any table, regardless of the method you use to access them.
ASKER
This is the scenario.
I have a Master / Detail form in apex.
Database level authentication.
7 users..
all users write to the same DB,
I want each individual user to only be able to see his data that he enters or has entered in the past.
I have a Master / Detail form in apex.
Database level authentication.
7 users..
all users write to the same DB,
I want each individual user to only be able to see his data that he enters or has entered in the past.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
as always, you're very helpful.
I ended up using
:P0_UNAME := apex_authentication.get_lo
from
http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21674/sec_authentication.htm#BABBCIEE
but your answer set me in the right direction. thanks
I ended up using
:P0_UNAME := apex_authentication.get_lo
from
http://docs.oracle.com/cd/E23903_01/doc/doc.41/e21674/sec_authentication.htm#BABBCIEE
but your answer set me in the right direction. thanks
glad I could help, one little thing though.
I just noticed you had 'USER' in quotes in your reply above. Now I see why you were thinking you'd need an app for each user.
I mean USER - the function, no quotes. That would return the name of the db user connected, but could, as mentioned above be any other function, including APEX functions to determine which user was authenticated.
In any case, you "can" put your logic into the APEX app itself, but putting it views or vpd policies would be more secure and versatile; because then you wouldn't need to remember to reimplement the rules every where.
I just noticed you had 'USER' in quotes in your reply above. Now I see why you were thinking you'd need an app for each user.
I mean USER - the function, no quotes. That would return the name of the db user connected, but could, as mentioned above be any other function, including APEX functions to determine which user was authenticated.
In any case, you "can" put your logic into the APEX app itself, but putting it views or vpd policies would be more secure and versatile; because then you wouldn't need to remember to reimplement the rules every where.
It is possible and supported using the dbms_rls package.
You can simulate it with views that include a check like "data_owner = USER" in them.
and your underlying tables include a "data_owner" column.
The view method is essentially how Oracle's own data dictionary works with the USER_XXX and ALL_XXXX type views.