John Cantu, December 01, 2016 - 1:04 pm UTC
GM Connor,
Thanks for the explanation. I certainly don't blame to messenger for telling us about the additional changes.
Connor, there is a tutorial in the VPD section (
http://docs.oracle.com/cd/E11882_01/network.112/e36292/vpd.htm#CIHIFFDE ). Is this an example of FGAC? Do you know if there an added cost to it? If yes, then what is to stop us from simply using a trigger or even have the front-end application append the where clause if we only need to protect a few tables?
December 02, 2016 - 2:51 am UTC
"If yes, then what is to stop us from simply using a trigger"
Because there is no such thing as a "select" trigger. You could do with this a view, but you might end up needing dozens of views to implement different policies for different users etc. Lots of complexity there.
"or even have the front-end application append the where clause if"
Because in the world I've worked in, anyone that ever sees "Oh...the only way anyone ever access our data is by this application" is kidding themselves :-)
John Cantu, December 02, 2016 - 1:18 pm UTC
Thanks once again, Connor.
However, you reminding me that there isn't a trigger on selects, make me wonder why that was left out, but that is a totally different topic.
John
December 02, 2016 - 2:53 pm UTC
A select statement shouldn't have any side-effects. If you could create triggers they would...
Miracle
A reader, December 02, 2016 - 5:50 pm UTC
Maybe when Assertions come to existence. We get then a Select within Trigger clause 😊