-
Policy Manager
Hi,
Any pros and cons in using policy manager for row level security? Any performance tips.
thanks,
leonard905
leonard905@yahoo.com
-
It is only a management tool, nothing else. It can't have any performance impact whatsoever - it is totaly irrelevant if you manage security policies by this tool or manualy by using DBMS_RLS. The optimizer will never know which method you used!
Jurij Modic
ASCII a stupid question, get a stupid ANSI
24 hours in a day .... 24 beer in a case .... coincidence?
-
Probably more info than you asked for but:
I use Policy Manager all the time...when I was learning OLS, I insisted upon myself to learn the code first and see the effect in the graphical.....I also use P/M to drop stuff although I also have code too. The more I become Knowledgeable using code, the more I like to use the grapgical because I want to be in control of my database and not depend on a user interface. The pro is that it is easy to use....the con is that you don't learn the code.
I know you didn't ask for it but here is some code, run it as LBACSYS and then see the effect in the P/M....of course change the schema, tables and objects to your own.
--PART I (SQL Plus)
exec SA_SYSDBA.drop_policy('WMS_DETAILS');
-- Create the POLICY
BEGIN
SA_SYSDBA.create_policy(policy_name=>'WMS_DETAILS',
column_name => 'wms_label',default_options => 'ALL_CONTROL,HIDE');
END;
/
grant wms_details_dba to scott, prod_owner;
/
-- SYSTEM should not have to worry about OLS!
exec sa_user_admin.set_user_privs ('WMS_DETAILS','SYSTEM','full');
-- create the LEVELs
exec sa_components.create_level('WMS_DETAILS',500,'SEN','SENSITIVE');
exec sa_components.create_level('WMS_DETAILS',300,'INT','INTERMEDIATE');
exec sa_components.create_level('WMS_DETAILS',100,'GEN','GENERAL');
/
--I don't use compartments in my OLS algorithm
--create groups
exec sa_components.create_group('WMS_DETAILS',450,'L450','CUST1');
exec sa_components.create_group('WMS_DETAILS',460,'L460','CUST2');
exec sa_components.create_group('WMS_DETAILS',500,'L500','CUST3');
-- Now protect the tables
BEGIN
SA_POLICY_ADMIN.APPLY_TABLE_POLICY (
POLICY_NAME => 'WMS_DETAILS',
SCHEMA_NAME => 'prod_owner',
TABLE_NAME => 'CUSTOMER_INFORMATION',
TABLE_OPTIONS => 'ALL_CONTROL,HIDE',
LABEL_FUNCTION => NULL, PREDICATE => NULL);
END;
/
--PART III -- set the user level label
exec sa_user_admin.set_user_labels('WMS_DETAILS','SCOTT','GEN::L500','GEN::L500','GEN','GEN::L500','GEN:: L500');
You should look in Policy Manager after each command to see it's effect.
Don't blame me, I'm from Red Sox Nation.
-
-
ooops..
I guess this thread is not a candidate for "thread of the month"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|