> We have 'em.
We do NOT have secure application roles or anywhere near the level of
configurability in security aspects as Oracle. We've got a great
foundation, but we lack a lot of fine-grained granularity (e.g. an
Oracle SAR can allow a role to execute a particular function based on
the result of another function call or query, which has rather a lot
of possibilities - consider grant connect on database to staff when
hour_of_day () between 9 and 6; also consider row-level and column-
level and even field-level access controls).
It's complicated in Oracle, but there's a lot of possibilities there
that we simply cannot reproduce. But this could be extended one day. :)
Casey Allen Shobe
Database Architect, The Berkeley Electronic Press