Originally posted by Scott Selikoff:
A better solution is to build your database schema such that you have a security mechanism in place, possibly through an object access table, then have the system pass the user account id in the query that determines what the user has the ability to access.
In many DBMS's user accounts are associated with different database schemas so you actually see different things depending on your user
If implementing an application frontend to database access is a best practice, how would you give a user, or group of users, direct SQL access to a DB?
As for the user explosion problem, would groups and generic user credentials help with this problem?
So if understand what is being said, it is better to implement row, or object, based security in the application layer instead of trying to handle it in the DB? If this is the case, then why does Oracle have such stringent security?
So would the best solution be to use an LDAP server so both the application and the DB (Oracle) use the same security credentials?
Finally, is there anyway to extend Oracle's level based security into a Java application?