Home/ Questions/Q 590323
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T15:31:00+00:00

I got a request to implement Column-level privileges, for example: GRANT UPDATE(column1) ON TABLE

  • 0

I got a request to implement Column-level privileges, for example:

GRANT UPDATE("column1") ON "TABLE" TO ROLE;

But I found that client applications ( in Delphi+ODAC ) always emits SQL updates like:

update TABLE set column1=:column1,column2=:column2,column3=:column3,...etc
where id_c=:id_c;

what causes Oracle to always throw ORA-01031: insufficient privileges, even if only column1 was changed. The obvious solution is to change the client application so that it emits SQL updates only with changed columns, but it looks like quite a lot of coding.

Is there any more elegant solution possible?

Edit: I forgot to mention that there is considerable number of hardcoded insert/update queries in my Delphi sources. ODAC cannot help in this case.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can create a view and an INSTEAD OF UPDATE trigger on that view:

    CREATE VIEW myview ON mytable
AS
SELECT  *
FROM    table

CREATE TRIGGER trg_myview_iu
INSTEAD OF UPDATE
ON myview
FOR EACH ROW
BEGIN
        UPDATE  mytable
        SET     column1 = :NEW.column1
        WHERE   id_c = :NEW.id_c;
END;

    If you want to process a column only if its value had not changed, then you’ll have to write several UPDATE statements:

    CREATE TRIGGER trg_myview_iu
INSTEAD OF UPDATE
ON myview
FOR EACH ROW
BEGIN
        IF :NEW.column1 <> :OLD.column1 THEN -- add `NULL` processing options if necessary
                UPDATE  mytable
                SET     column1 = :NEW.column1
                WHERE   id_c = :NEW.id_c;
        END IF;
        IF :NEW.column2 <> :OLD.column2 THEN
                UPDATE  mytable
                SET     column2 = :NEW.column2
                WHERE   id_c = :NEW.id_c;
        END IF;
        …
END;

    This is far from being efficient, though.

    In Oracle, the UPDATE executes even if the actual value of the column does not change. This means that the row gets locked, triggers fire etc.

    • 0