The where clause on a grant select command combines with any end user’s where clause in the select command to qualify the rows returned from a select operation.
Use the grant ... where statement on a table without a column list to filter rows regardless of the individual columns selected. This grant statement allows project_leaders read and write access to information only for those projects they manage:
grant select on projects where user_id() = p_mgrid to proj_leader_role
Use a column or column list with the grant command to filter rows when the select accesses a specific column. These grant statements allows all engineers access to the names and departments of all engineers, while restricting access to engineers’ phone numbers to their manager:
grant select on employee(ename, edept) to eng_role
grant select on employee(ephone) where user_id() = emgr to eng_role
