Home > Developer > Database Administrator

How to hide sensitive data using oracle 10 Gb column value Mask Technology

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

The Virtual Private Database feature of Oracle is also known as fine-grained access control. It provides row-level security checks for DML statements in data management languages such as SELECT. PL/SQL policy functions are associated with a data table. This function can check the context of the current user and add conditional assertions for the WHERE statement in the query). A user or application can write the statements as follows:

SELECT * FROM employees;

However, oracle will execute the following statement:

SELECT * FROM employees
WHERE department_id = 60;

Therefore, only the first 60 rows in the department data table within the search range are returned by the query statement. The new oracle 10 GB option allows oracle to return all rows, not just authorized rows. However, some columns that are not included in the authorization row are referred to as security-related columns. NULL is displayed instead of actual data, and other column values are displayed normally.

To use the column value mask, you must do two things in the Virtual Private Database policy.

First, you must create a column-level policy to design columns related to security. Second, you must include the ALL_ROWS option in the query to return all rows. The combination of these two parameters enables the column value mask.

List A shows A policy function called rls_dept. It returns the asserted "department_id = 60", which is used to set the department field within 60 rows in the EMPLOYEES table. In fact, this function does not return a static table. It can determine who the current user is and return the correct department value to the user accordingly .)

List B shows how to apply the function in list A to create A column value mask. Create a new policy called restrict_dept_policy during the ADD_POLICY process in the DBMS_RLS package. The sec_relevant_cols parameter indicates that the salary and commission_pct fields are security-related columns. A query that contains the preceding two fields will be applied to this policy function. A query that does not contain the preceding two fields will not apply this policy. Finally, set the sec_relevant_cols_opts parameter to the constant ALL_ROWS.

The column value mask is applied to SELECT statements. No matter which client accesses the database, the column value mask can be implemented, such as SQL * Plus,. NET applications, or other tools.

List:

CREATE OR REPLACE
FUNCTION rls_dept (obj_owner IN VARCHAR2, obj_name IN VARCHAR2)
RETURN VARCHAR2
AS
predicate                  
VARCHAR2 (200);
BEGIN
predicate := 'department_id = 60';
RETURN (predicate);
END rls_dept;
/

List B:

BEGIN
DBMS_RLS.ADD_POLICY(object_schema=>'HR', 
object_name=>'EMPLOYEES',
policy_name=>'restrict_dept_policy',
function_schema=>'HR',
policy_function=>'rls_dept',
sec_relevant_cols=>'salary,commission_pct',
sec_relevant_cols_opt=>dbms_rls.ALL_ROWS);
END;
/

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to insert clob data in oracle using sql developer how to change column name in oracle how to hide data usage from service provider how to hide data usage from service provider oracle row to column column to row oracle how to hide url
Related Article
Database Administrator DBA
Alibaba DBA (database administrator) pen question __ Database
Level of DBA (database administrator)
The personality characteristics of the DBA (database administ...
Recover database administrator password, user authorization, ...
Sort common DB2 scripts

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More