Home/ Questions/Q 8241163
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T20:44:39+00:00

I have a table with different persons belonging to different clients: CREATE TABLE CLIENTS

  • 0

I have a table with different persons belonging to different clients:

CREATE TABLE CLIENTS
(
  CLIENT    VARCHAR2(20),
  FIRSTNAME VARCHAR2(20)
)

Example data:

INSERT INTO CLIENTS (CLIENT, FIRSTNAME) VALUES ('A Corp.', 'Alice')
INSERT INTO CLIENTS (CLIENT, FIRSTNAME) VALUES ('B Corp.', 'Bob')

Now I want to grant the permission to change the first name of all rows of the ‘A Corp.’ to person A and the rows of ‘B Corp.’ to person B. I think it might be possible by creating a view for each person. But is it also possible without creating dedicated grant views for each person?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you can use the Oracle username, or some piece of data in your application to identify the user, then I think you could use a single updateable view, something like:

    CREATE VIEW filtered_clients AS (
  SELECT * FROM clients WHERE client LIKE USER || ' Corp.'
)

    (Where “USER” is an Oracle SQL function that returns the logged-in username. If the end users are sharing a database account through some middle tier, this wouldn’t work, but you could presumably pass in the end-user name from the middle tier and use that instead.)

    To avoid hardcoding the relationship between username and client name, I’d suggest adding another table that identifies which users can manage which clients. Then the view would be like this:

    CREATE VIEW filtered_clients AS (
  SELECT * FROM clients WHERE client IN (
    SELECT client FROM user_client_access WHERE username = USER
  )
)

    I believe this would still be updateable. You probably want to prevent updates to the CLIENT column; you could do this by specifying WITH CHECK OPTION on the view, or with a trigger on the base table.

    If you want users to be able to see any row but only update their own rows, then the view approach would be no good. Instead, you could simply have a trigger on the base table that checks access whenever an update is attempted, and raises an error if a user tries to update a row that is for a different client.

    Yet another approach would be to use Oracle’s Virtual Private Database feature, but that is probably overkill. (Also it may be an extra-cost option, I’m not sure.)

    • 0