Forum Stats

  • 3,733,308 Users
  • 2,246,743 Discussions
  • 7,856,654 Comments

Discussions

should the tables views have the same RAS policy applied on it or new policy must be created ?

1- I used the below code to test the RAS and it was create successfully. 

declare

 realms  xs$realm_constraint_list := xs$realm_constraint_list();    

 cols   xs$column_constraint_list := xs$column_constraint_list();

begin  

 realms.extend(1);

 -- Realm #1: The records in the IT department.

 --      IT_ROLE can view the realm excluding SALARY column.

 realms(1) := xs$realm_constraint_type(

  realm  => 'department_id = 60',

  acl_list => xs$name_list('it_acl')); 

 -- Column constraint protects SALARY column by requiring VIEW_SALARY 

 -- privilege.

 cols.extend(1);

 cols(1) := xs$column_constraint_type(

  column_list => xs$list('salary'),

  privilege  => 'view_salary');

 xs_data_security.create_policy(

  name          => 'employees_ds',

  realm_constraint_list => realms,

  column_constraint_list => cols);

end;

/

Apply the data security policy to the EMPLOYEES table.

begin

 xs_data_security.apply_object_policy(

  policy => 'employees_ds', 

  schema => 'hr',

  object =>'employees',

statement_types => 'select,update');

end;

/

2- And after that i create the following new view on table employees 

create view hr.emp_view as

select first_name,last_name,hire_date,salary from hr.employees;


3- My Question here, when I select from these new view should i expect that the policy will be applied normally on the view or I should create separate policy for the view ?

Sign In or Register to comment.