How to integrate with Oracle virtual private database

Oracle Virtual http://www.aliyun.com/zixun/aggregation/33969.html >private database, Hereinafter referred to as VPD) is a security feature provided in Oracle database products that guarantees the multi-tenant nature of Oracle databases while helping users with database consolidation.

Oracle VPD can control data access at the row and column levels for database tables and views. In terms of name, Oracle VPD is somewhat misleading in its meaning, since Oracle databases are already a multiuser database, and each user may not realize that they are sharing the database. Therefore, it is more appropriate to refer to Oracle VPD as a virtual private schema OBJECT,VPSO, because it will virtualize tables, views, and synonyms within the database. But in this article, we still call it VPD.

Because the Oracle user/Role Security permissions model allows access to schema objects, VPD enforces fine-grained access to schema object data through access policies. When the access policy begins to execute, VPD will dynamically adjust the SQL statements, such as SELECT, Update, and insert, by adding a where condition to filter the results. VPD is not only transparent to the user, but also its security cannot be neglected. In Oracle Enterprise database products, the VPD option is provided free of charge. The

, in the VPD use case that you want to refer to, describes how it stores data for multiple companies in the same mode.
 

Using Oracle VPD

In many start-up companies, the chewing gum production company ABC sees business opportunities and hopes to capture the market quickly with the help of managed business systems. They decided to establish a customer information system (CIS) as a centralized network hosting and data Services application. In order for this cloud-based SaaS delivery model to succeed, they must organize a solution that will not modify existing application code, provide data security, and quickly test to maximize ROI.

The company's IT team denies deploying a separate database policy for each client because it does not meet all of the requirements. So they started to think about sharing a separate database in which the owner of the database recommended storing multiple customer data with Oracle VPD in the same database mode. He explained that VPD is the most cost-effective deployment strategy for applications that are fully transparent, can provide row-level data security, and meet the flexibility requirements of the sales team. He explains why customers cannot realize that they are sharing a schema object.

In addition, he describes how the main components of the design are deployed (table 1). First, users will continue to use a specific client connection pool as an agent to connect to the database through existing Web applications. When a database session is established, an application context is set up to efficiently capture the client identifier attribute. The security access policy will be based on a policy function that will be applied to the schema object to force logical separation of client data. The policy function returns a conditional limit row using the application context and a client identity column to access the tables, views, and synonyms of CIS.

(Responsible editor: The good of the Legacy)