Scenario: ExampleHMO using row and column access control - View creation
Views can be created on tables that have row and column access control defined. Alex, the security administrator, is asked to create a view on the PATIENT table that medical researchers can use.
Researchers, that have a partnership with ExampleHMO, can have access to limited patient data if patients have opted-in to permit this access. Alex and the IT team are asked to create a view to list only specific information related to research of the patient. The report must contain the patient insurance number, name of the patient and the disclosure option chosen by the patient.
The view created fetches the patient basic information and the health condition disclosure option. This view ensures that patient information is protected and fetched only with their permission for any other purpose.
CREATE VIEW PATIENT_INFO_VIEW AS
SELECT P.SSN, P.NAME FROM PATIENT P, PATIENTCHOICE C
WHERE P.SSN = C.SSN AND
C.CHOICE = 'drug-research' AND
C.VALUE = 'opt-in';
After Alex and his team create the view, users can query the view. They see data according to the row and column access control rules defined on the base tables on which the view is created.
SELECT SSN, NAME FROM PATIENT_INFO_VIEW;
SSN NAME
----------- ----------
0 record(s) selected.
SELECT SSN, NAME FROM PATIENT_INFO_VIEW;
SSN NAME
----------- ----------
123-11-9856 Sam
123-45-6789 Bob
2 record(s) selected.
SELECT SSN, NAME FROM PATIENT_INFO_VIEW;
SSN NAME
----------- ----------
123-45-6789 Bob
1 record(s) selected.