Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.3K Intelligent Advisor
- 63 Insurance
- 536.4K On-Premises Infrastructure
- 138.3K Analytics Software
- 38.6K Application Development Software
- 5.8K Cloud Platform
- 109.5K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 71.1K Infrastructure Software
- 105.3K Integration
- 41.6K Security Software
Real Application Security - how can application check if user has privileges on a table without know

Hi,
I'm prototyping the use of RAS in an APEX application (using RAS external users)
The assumption is that the APEX developers have limited knowledge of how RAS was implemented e.g. they would only know about dynamic roles and their assignment to users.
Generally this is OK as we can code up authorization checks against the various tables to see of the current use has privileges on the table e.g. using a 'where exists' authorization
SELECT NULLFROM dualWHERE 1 = (SELECT ora_check_acl(ora_get_aclids(p ,'update') ,'update') FROM pipes p WHERE rownum < 2)
would return a row if the user has 'update' privileges on the PIPES table.
However, if the user has *no* ACL access to the PIPES table the above check fails with a ORA-00942 'table does not exist' error.
How can I code the authorization so that I can see if the user has the required table access when they may in fact have no access?
Thanks,
--
Andy
Answers
-
Will this help (using ORA_CHECK_ACL function)?
Alan
-
It's my fallback position, but I'd prefer a method where the developers didn't need to know how the security had been configured i.e. what ACLs might be relevant for the tables that you are looking at (and keep up with changes in naming, etc.).
Something closer to calling a function and asking 'does the current user have select/update access on table PIPE' without knowing that the security team have ACLs1,2 and 3 affecting that table.
--
Andy