Chapter 10. Implementing Fine-Grained Access Controls with Views

In Chapter 7, you were introduced to database system and object privileges. System privileges allow the user to access data or execute procedures on a global- or system-wide scale. Object privileges, on the contrary, allow the user rights on specific objects. The commonality between the two is that the security privileges are coarse-grained and only regulate actions at the object level.

This chapter reviews various ways of restricting access to data within the most critical database objects: the data tables. You will see how database views can be used as effective security mechanisms for providing security for the individual table rows and columns. There are some limitations and challenges present in the various approaches as well and these will be addressed. You’ll also see how views can be effectively designed and implemented to overcome many of the most difficult security challenges that exist today.