IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
GRANT SELECT ON Test TO Department_1;
In the following example, this group is granted the right to make
modifications in the column titled "Comments" of the table named "Test":
GRANT UPDATE (Comments) ON Test TO Department_1;
3. An example of a stored procedure under Oracle with PL/SQL statements is
provided in the following:
PROCEDURE Example (PArticleno IN NUMBER, PPrice OUT
NUMBER) IS
BEGIN
BEGIN
SELECT price INTO PPrice
FROM TabB
WHERE articleno=PArticleno
END Block;
END;
The procedure named "Example" reads the price of an article in accordance
with the article number from table TabB. Staff members who are to be
allowed access to TabB exclusively by means of this method only are
granted the right to use the stored procedure and no rights to access the
table directly. This also prevents time-consuming search operations, for
example.
Additional controls:
- Have database objects been protected against unauthorised access?
- Have views for individual users been defined and documented?
- Have access rights on data been allocated and documented?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000