Previous Topic: Row Level SecurityNext Topic: Implementing RLS: Oracle versus SQL Server

Database Schema and Views Reference GuideDatabase ViewsRow Level SecurityDatabase Users: Owner and Search User

Database Users: Owner and Search User

For the database, RLS is applied using schema separation. In SQL Server two database users are set up: owner/WGNUser (dbo) and search user. In Oracle there is an option when installing to have two of three database users: owner (optional), WGNUser and search user. In the two user model, owner and WGNUser are the same. For the purpose of this document we will assume the 2 user model for simplicity. The deployment guide gives instructions on how to set up a 3 user model. The owner does not have RLS applied and the search user does. The owner owns all objects in the database and has full access to them. The search user is granted access to certain objects within the database. Views (and for Oracle Synonyms) are used to create a common interface to the database that both users can use. The owner will have a view such as WGN_V_EVENT_n. Typically this view may just point to an underlying table that the owner could access directly if required. The search user is not granted permission to access this view. However another view in SQL Server or synonym in Oracle is created that is given the same name which the search user can access. The owner also owns a number of other viewsthat these top views reference. However the search user is granted access to these views. The search user view or synonym then points to this view rather than directly to the underlying table. It is this view and possibly further underlying views that allow RLS to be maintained. The details of all these view are described below.

From r12.5 the above database users still exit. Prior to V12.5 it was only possible to have a single search user with a resulting single RLS model. Now it is possible to create multiple RLS models, with an associated user, and different reviewers can be configured to apply RLS in different ways depending on the RLS model they are set. An overview of these security models can be found in the Database guide and setting up these models can be done via the ACon (see Administration Console help for details). For each RLS model that exists, a top level set of views/synonyms are created. These views then point to their own underlying view, such as WGN_V_EVENT_n -> WGN_V_m_EVENT_n, where m is just an integer that is incremented for each additional RLS model.