Answers:
只要涉及的用户还没有访问基表的权限,就可以使用普通视图执行此操作。
例如:
SQL> create user reportuser identified by reportuser;
User created.
SQL> grant create session to reportuser;
Grant succeeded.
SQL> grant create synonym to reportuser;
Grant succeeded.
SQL> select user from dual;
USER
------------------------------
PHIL
SQL> create table basetable
(
id number primary key,
viewable varchar2(30),
secret varchar2(30)
);
Table created.
SQL> insert into basetable values ( 1, 'hello world','this is secret' );
1 row created.
SQL> commit;
Commit complete.
SQL> create view reportview
as
select id, viewable
from basetable;
View created.
SQL> grant select on reportview to reportuser;
Grant succeeded.
SQL> conn reportuser/reportuser
Connected.
SQL> select * from phil.basetable;
select * from phil.basetable
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> select secret from phil.basetable;
select secret from phil.basetable
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> select * from phil.reportview;
ID VIEWABLE
---------- ------------------------------
1 hello world
SQL>
如果您撤消对相关表的权限并创建视图,并为每个与原始表具有相同名称的用户视图创建同义词,则该视图应该是透明的。
例如:
SQL> select user from dual;
USER
------------------------------
REPORTUSER
SQL> create synonym basetable for phil.reportview;
Synonym created.
SQL> select * from basetable;
ID VIEWABLE
---------- ------------------------------
1 hello world
SQL>
您也可以使用Virtual Private Database来做到这一点,但是我认为这是一个昂贵的额外许可选项。您使用DBMS_RLS来配置所需的相关安全策略。