Chapter 11: Row-Level Security with Virtual Private Database

Overview

For many years, Oracle’s customers repeatedly asked for a logical and elegant method for applying security policies to the data within database tables. And for many years, Oracle responded by saying, “Use views with functions.” As Chapter 10 illustrates, in many circumstances this is just not a practical solution. Oracle, recognizing their customer’s needs, introduced Virtual Private Database (VPD) technology with Oracle Database 8.1.5.

This chapter illustrates how VPD can be used to provide row-level security. The chapter begins with a “Quick Start” section that introduces you to the ease and power that VPD can provide. This section can also serve as a refresher for you later.

Next, the chapter examines the various aspects of VPD including how to enable the row-level security features as well as providing examples of how it works with different DML statements—select, insert, update, and delete. One of the most valuable sections is “Debugging RLS Policies,” which offers tips and tricks for troubleshooting the VPD implementation. The transparency that works as your ally for security reasons also works against you when things go wrong. The chapter explores common mistakes to avoid as well as ways to help you track down the source of your errors.

Oracle Database 10g introduces a new feature to VPD called Column Sensitive polices, and you will see how to use this. The VPD Performance section suggests how to maintain high-performing security policies and provides examples of the new caching methods introduced in the Oracle Database 10g release.