Page 68
Oracle Database 10g comes with a number of new features designed to provide enhanced security within the Oracle database. In this chapter we will cover these new features, which include
Virtual Private Database new features
Auditing enhancements
New directory features
Oracle Database 10g includes improvements to Oracle's Virtual Private Database (VPD). New features include the following:
Column-level privacy
New VPD policies
Support for parallel query
The benefit of VPD is that it provides for row-level security in your Oracle database. Oracle Database 10g offers a new feature that allows you to indicate that a VPD policy should only be enforced if specific columns are accessed or referenced. One or more columns can be defined within a policy, though you do not need to specify any columns. In this case VPD will operate just as in Oracle9i.
As a result, you can now provide varying levels of security for database tables. For example, you may not need to secure queries against certain columns, such as the name of an employee, but you may require some level of access control for queries against the social security number, because of privacy issues. In this case, you would create a VPD policy that references the column containing the social security number. The policy would be effective for any query that includes the SSN column. This allows you to define privacy policies for certain types of data, such as personal data, while making other data available.
This new feature is supported with the addition of the sec_relevant_cols parameter in the dbms_rls.add_policy PL/SQL package supplied by Oracle. Here is an example of the use of dbms_rls.add_policy to create a policy on a table called RET_SCHEMA.RETIREE: