Data Security uses the concept of an Object to define the data records that are secured.
Data security permissions are managed on objects. Business entities such as Projects and Users are examples of objects. Only a securable business-level concept should be registered as an object. An object definition includes the business name of the object and identifies the main table and primary key columns used to access the object.
An object instance is a specific example of an object, such as Project Number 123 or User JDOE. An object instance generally corresponds to a row in the database. An instance is identified by a set of one or more primary key values as defined by the object. In addition, “All Rows” for an object indicates all data rows of the object.
Users and Groups
Users and groups are Oracle Workflow roles. See the Oracle Workflow documentation for more information on roles.
Privileges given to users and groups determine their access to secured objects.
The data security system allows you to assign privileges to groups of users instead of assigning privileges to each user individually.
Users are individuals who have access to software applications at a particular enterprise. A user must have a unique name and should map one-to-one with an individual human or system. “Group” accounts are not correct uses of the user entity.
Users can belong to Groups. The grouping can come from position or organization relationships modeled in applications such as Oracle Human Resources. Alternatively, ad-hoc groups can be created explicitly for security purposes. A group is sometimes referred to as a role.
Use these pages to find, create, and edit data objects. You define objects to be secured in the Data Security system. Objects can be tables or views. An object must be queryable in SQL, and the combination of primary key columns specified must be a unique key.
In these pages, objects are described with the following
- The Name is the name that appears in the Object Instance Set and Grants pages. This name should be user-friendly.
- The Code is the internal name of the object.
- The Application Name is the owning application.
- The Database Object Name is the name of the underlying database object