Virtual Private Database New Features

Page 68

Oracle Database 10g comes with a number of new features designed to provide enhanced security within the Oracle database. In this chapter we will cover these new features, which include

Virtual Private Database new features

Auditing enhancements

New directory features

Oracle Database 10g includes improvements to Oracle's Virtual Private Database (VPD). New features include the following:

Column-level privacy

New VPD policies

Support for parallel query

Column-Level Privacy

The benefit of VPD is that it provides for row-level security in your Oracle database. Oracle Database 10g offers a new feature that allows you to indicate that a VPD policy should only be enforced if specific columns are accessed or referenced. One or more columns can be defined within a policy, though you do not need to specify any columns. In this case VPD will operate just as in Oracle9i.

As a result, you can now provide varying levels of security for database tables. For example, you may not need to secure queries against certain columns, such as the name of an employee, but you may require some level of access control for queries against the social security number, because of privacy issues. In this case, you would create a VPD policy that references the column containing the social security number. The policy would be effective for any query that includes the SSN column. This allows you to define privacy policies for certain types of data, such as personal data, while making other data available.

This new feature is supported with the addition of the sec_relevant_cols parameter in the dbms_rls.add_policy PL/SQL package supplied by Oracle. Here is an example of the use of dbms_rls.add_policy to create a policy on a table called RET_SCHEMA.RETIREE: