Chapter 10: Implementing Fine-Grained Access Controls with Views

Overview

In Chapter 7, you were introduced to database system and object privileges. System privileges allow the user to access data or execute procedures on a global- or system-wide scale. Object privileges, on the contrary, allow the user rights on specific objects. The commonality between the two is that the security privileges are coarse-grained and only regulate actions at the object level.

This chapter reviews various ways of restricting access to data within the most critical database objects: the data tables. You will see how database views can be used as effective security mechanisms for providing security for the individual table rows and columns. There are some limitations and challenges present in the various approaches as well and these will be addressed. You’ll also see how views can be effectively designed and implemented to overcome many of the most difficult security challenges that exist today.

This chapter begins with an introduction to the requirements driving row-level security or, as it’s called within Oracle, fine-grained access control. Defense in depth is the guiding principle. Oracle has developed many tools that can be used to secure the data to a fine level of granularity. Knowing how to exploit those tools is an invaluable asset in providing complete data security.