Phi*_*lᵀᴹ 13
您可以使用普通视图执行此操作,只要所涉及的用户尚未访问基表即可。
例如:
SQL> create user reportuser identified by reportuser;
User created.
SQL> grant create session to reportuser;
Grant succeeded.
SQL> grant create synonym to reportuser;
Grant succeeded.
SQL> select user from dual;
USER
------------------------------
PHIL
SQL> create table basetable
(
id number primary key,
viewable varchar2(30),
secret varchar2(30)
);
Table created.
SQL> insert into basetable values ( 1, 'hello world','this is secret' );
1 row created.
SQL> commit;
Commit complete.
SQL> create view reportview
as
select id, viewable
from basetable;
View created.
SQL> grant select on reportview to reportuser;
Grant succeeded.
SQL> conn reportuser/reportuser
Connected.
SQL> select * from phil.basetable;
select * from phil.basetable
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> select secret from phil.basetable;
select secret from phil.basetable
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> select * from phil.reportview;
ID VIEWABLE
---------- ------------------------------
1 hello world
SQL>
如果您撤销对相关表的权限并创建视图,以及与原始表同名的每个用户视图的同义词,它应该是透明的。
例如:
SQL> select user from dual;
USER
------------------------------
REPORTUSER
SQL> create synonym basetable for phil.reportview;
Synonym created.
SQL> select * from basetable;
ID VIEWABLE
---------- ------------------------------
1 hello world
SQL>
您也可以使用Virtual Private Database执行此操作,但我认为这是一个昂贵的额外许可选项。您可以使用 DBMS_RLS 来配置您需要的相关安全策略。
| 归档时间: |
|
| 查看次数: |
1853 次 |
| 最近记录: |