Home > Developer > Database Administrator

Using Oracle VPD for Row-level security protection (2)

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Http://boylook.itpub.net/post/43144/520545


With VPD policy settings, David can only view records of Department 60 and 80.

SQL> conn david
Enter password:
Connected.
SQL> select employee_id, salary, first_name from hr. employees;

EMPLOYEE_ID SALARY FIRST_NAME
-----------------------------------------
103 9000 Alexander
104 Bruce
105 4800 David
106 4800 Valli
107 4200 Diana
145 14000 John
146 13500 Karen
147 12000 Alberta
148 11000 Gerald
149 10500 Eleni
150 10000 Peter

EMPLOYEE_ID SALARY FIRST_NAME
-----------------------------------------
151 9500 David
152 9000 Peter
153 8000 Christopher
154 7500 Nanette
155 7000 Oliver
156 10000 Janette
157 9500 Patrick
158 9000 Allan
159 8000 Lindsey
160 7500 Louise
161 7000 Sarath

EMPLOYEE_ID SALARY FIRST_NAME
-----------------------------------------
162 10500 Clara
163 9500 Danielle
164 7200 Mattea
165 6800 David
166 6400 Sundar
167 6200 Amit
168 11500 Lisa
169 10000 Harrison
170 9600 fiddler
171 William
172 7300 Elizabeth

EMPLOYEE_ID SALARY FIRST_NAME
-----------------------------------------
173 6100 Sundita
174 11000 Ellen
175 8800 Alyssa
176 8600 Jonathon
177 8400 Jack
179 6200 Charles

39 rows selected.

In fact, sometimes you don't have to hide it all. It may be okay if you don't see the salaries of other departments.
What Should VPD do with this demand?
VPD introduces a new feature named sensitive column VPD in Oracle10G. This feature can activate a security protection policy when a column is accessed.
The following is an example:

SQL> conn hr
Enter password:
Connected.

-- Delete the original policy
SQL> declare
2 begin
3 dbms_rls.drop_policy (
4 object_schema => 'hr ',
5 object_name => 'ployees ',
6 policy_name => 'hide _ emp ');
7 end;
8/

PL/SQL procedure successfully completed.

-- Then modify: vi test_add_policy. SQL
Declare
Begin
Dbms_rls.add_policy (
Object_schema => 'hr ',
Object_name => 'ployees ',
Policy_name => 'hide _ emp ',
Function_schema => 'hr ',
Policy_function => 'test _ VPD ',
Statement_types => 'select ',
Sec_relevant_cols => 'salary ',
SEC_RELEVANT_COLS_OPT => dbms_rls.all_rows
);
End;

SQL> @ test_add_policy

PL/SQL procedure successfully completed.

Let's take a look at the effect:
SQL> conn david
Enter password:
Connected.
SQL> select employee_id, department_id, salary from hr. employees;

EMPLOYEE_ID DEPARTMENT_ID SALARY
----------------------------------
198 50
199 50
200 10
201 20
202 20
203 40
204 70
205 110
206 110
100 90
101 90

EMPLOYEE_ID DEPARTMENT_ID SALARY
----------------------------------
102 90
103 60 9000
104 60 6000
105 60 4800
106 60 4800
107 60 4200
108 100
109 100
110 100
111 100
112 100

EMPLOYEE_ID DEPARTMENT_ID SALARY
----------------------------------
113 100
114 30
115 30
116 30
117 30
118 30
119 30
120 50
121 50
122 50
123 50

EMPLOYEE_ID DEPARTMENT_ID SALARY
----------------------------------
124 50
125 50
126 50
127 50
128 50
129 50
130 50
131 50
132 50
133 50
134 50

EMPLOYEE_ID DEPARTMENT_ID SALARY
----------------------------------
135 50
136 50
137 50
138 50
139 50
140 50
141 50
142 50
143 50
144 50
145 80 14000

EMPLOYEE_ID DEPARTMENT_ID SALARY
----------------------------------
146 80 13500
147 80 12000
148 80 11000
149 80 10500
150 80 10000
151 80 9500
152 80 9000
153 80 8000
154 80 7500
155 80 7000
156 80 10000

EMPLOYEE_ID DEPARTMENT_ID SALARY
----------------------------------
157 80 9500
158 80 9000
159 80 8000
160 80 7500
161 80 7000
162 80 10500
163 80 9500
164 80 7200
165 80 6800
166 80 6400
167 80 6200

EMPLOYEE_ID DEPARTMENT_ID SALARY
----------------------------------
168 80 11500
169 80 10000
170 80 9600
171 80 7400
172 80 7300
173 80 6100
174 80 11000
175 80 8800
176 80 8600
177 80 8400
178

EMPLOYEE_ID DEPARTMENT_ID SALARY
----------------------------------
179 80 6200
180 50
181 50
182 50
183 50
184 50
185 50
186 50
187 50
188 50
189 50

EMPLOYEE_ID DEPARTMENT_ID SALARY
----------------------------------
190 50
191 50
192 50
193 50
194 50
195 50
196 50
197 50

107 rows selected.

This article is from "MIKE's old blog" blog, please be sure to keep this source http://boylook.blog.51cto.com/7934327/1298620

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
level 3 ddos protection oracle row oracle data guard protection modes oracle using statement virus protection for tablet malware protection for ipad virus protection for phone
Related Article
Database Administrator DBA
Alibaba DBA (database administrator) pen question __ Database
Level of DBA (database administrator)
The personality characteristics of the DBA (database administ...
Recover database administrator password, user authorization, ...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More