Defining a Virtual Private Database (VPD)
VPD enables the database to perform query modification based on a security policy you have defined in a package, and associated with a table or view. VPD provides fine-grained access control that is data driven, context dependent, and row based. VPD is a key enabling technology in building three-tier systems that expose mission-critical resources to customers and partners.
When a user directly or indirectly accesses a table or view associated with a VPD security policy, the server dynamically modifies the user’s SQL statement. The modification is based on a WHERE condition (also known as a predicate) returned by a function that implements the security policy. The database modifies the statement dynamically, transparently to the user, using any condition that can be expressed in, or returned by a function.
Oracle Database 10g enhances the VPD to further increase effectiveness, security, flexibility, and performance. You can use VPD to assist with privacy initiatives.
Enhancements in Oracle Database 10g are applicable to private information. For example, VPD now includes the notion of security-relevant columns. Within a VPD policy, you can reference “relevant columns” so that the database appends the VPD predicate to queries that reference these relevant columns.
In Oracle Database 10g, to provide flexibility for all types of implementations, policies can be:
Static: These policies strictly enforce the same predicate at all times.
Non-static: These policies can change dynamically.
No comments:
Post a Comment