Establish security policy with Oracle virtual private database

Tuesday Aug 26th 2003 by DatabaseJournal.com Staff
Share:

Builder.com continues it's series on Oracle security with a look at the virtual private database (VPD).

[From Builder.com]

In previous installments of this series on Oracle security, we examined Oracle grant security and grant execute security, noting the advantages and shortcomings of each approach. Now let's look at another Oracle security alternative, the virtual private database (VPD).

Virtual private databases have several other names within the Oracle documentation, including row-level security (RLS) and fine-grained access control (FGAC). Regardless of the name, VPD security provides a whole new way to control access to Oracle data. Most interesting is the dynamic nature of a VPD. At runtime, Oracle performs these near magical feats by dynamically modifying the SQL statement of the end user:

  1. Oracle gathers application context information at user logon time and then calls the policy function, which returns a predicate. A predicate is a where clause that qualifies a particular set of rows within the table.
  2. Oracle dynamically rewrites the query by appending the predicate to users' SQL statements.

The article continues at http://builder.com.com/5100-6388_14-5062064.html

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved