Simulating Row and Column Level Access Control

Post date: Sep 21, 2012 2:22:6 AM

Q. How to Simulate Oracle Row and Column Level Access Control in Greenplum

Ans: Greenplum Database access control corresponds roughly to the Orange Book ‘C2’ level of security, not the ‘B1’ level. Greenplum Database currently supports access privileges at the object level. Row-level or column-level access is not supported, nor is labeled security.

Row-level and column-level access can be simulated using views to restrict the columns and/or rows that are selected. Row-level labels can be simulated by adding an extra column to the table to store sensitivity information, and then using views to control row-level access based on this column. Roles can then be granted access to the views rather than the base table. While these workarounds do not provide the same as "B1" level security, they may still be a viable alternative for many organizations that require more granular access control.