Is it possible to define security roles using Namespaces or Package hierarchies?
Here is an example of an application with naming convention and namespaces used for specific purposes. I would like to leverage the namespaces to define security roles which provide accesses as described below:
APP1:
- Tables:
- SCHEMA_ROOT.APP1.TABLES::FactTables.Table1
- SCHEMA_ROOT.APP1.TABLES::FactTables.Table2
- SCHEMA_ROOT.APP1.TABLES::UserProps.Table3
- SCHEMA_ROOT.APP1.TABLES::UserProps.Table4
- Procedures
- SCHEMA_ROOT.APP1.PROCS::Proc1
- SCHEMA_ROOT.APP1.PROCS::Proc2
Desired Role Definition :
READ access to all tables under SCHEMA_ROOT.APP1.TABLES::FactTables.*
UPDATE access to all tables under SCHEMA_ROOT.APP1.TABLES::UserProps.*
EXECUTE access to all procedures under SCHEMA_ROOT.APP1.PROCS*
Currently the only two approaches I know of are to either list all the tables and procedures individually in the role definition file, or to provide the READ/UPDATE/EXECUTE access at the entire schema level. Neither are desirable.