Home » RDBMS Server » Security » Label Security Group Hierarchy?
Label Security Group Hierarchy? [message #32863] Thu, 09 September 2004 08:41
Bryan Hall
Messages: 6
Registered: September 2004
Junior Member
After reading the LS docs and implementing a test scenario am I a bit puzzled about something that is happening. Possibly I misinterpreted the documentation.

I have a three level tier of groups. The data all belongs at the third tier as groups L3A, L3B, and L3C (names simplified for this example):

L1
|
L2A L2B
| |
L3A L3B L3C <- ALL DATA AT THIS LEVEL

I have set up the group hierarchy so that L3A's parent is L2A, etc as show above. All users have the same R/W access.

The L3 users I created to work with the data at the L3 groups function as advertised. The users I created with the L2 group to view the L3 group data function as advertised. However, the L1 group user cannot see any of the data at the L3 level. If I set the L1 user to view the L2 groups, it can see the data.

So, it seems that the data selected by group permissions are only rolling up one group level (L3 to L2 but not L3 via L2 to L1). Is this the intended functionality?
Previous Topic: Row Level Security in Oracle
Next Topic: Password Encryption Prb
Goto Forum:
  


Current Time: Thu Dec 02 03:09:39 CST 2021