what is VPD in oracle

-

 VPD stands for virtual private database in oracle. Using VPD we can enable security at the row and column level for a table  to user.

For example . I have an employee table with a salary column , using VPD we can restrict users having employee privileges to access only their salary and users with manager privileges can access salary column data of all users.



With VPD, you can define security policies based on user attributes such as their identity, role, or session context. These policies are implemented through the use of database functions called "policy functions" that are associated with tables or views. These policy functions are invoked automatically by the database whenever a user attempts to access the data.


When a user queries a table or view that is protected by VPD, the associated policy function evaluates the user's session attributes and dynamically adds WHERE clauses to the SQL statement, limiting the result set to only the rows that the user is authorized to access. This process happens transparently, without requiring any modifications to the application code.


VPD provides a powerful mechanism for enforcing row-level and column-level security. It enables organizations to enforce fine-grained access control policies based on business rules, data ownership, or any other criteria. By restricting access to sensitive or confidential data, VPD helps organizations protect their data from unauthorized access and ensure compliance with privacy regulations.



CREATE TABLE Employees (
  EmployeeID   NUMBER,
  FirstName    VARCHAR2(50),
  LastName     VARCHAR2(50),
  Salary       NUMBER
);

CREATE OR REPLACE FUNCTION salary_policy_function (
  schema_name  IN VARCHAR2,
  object_name  IN VARCHAR2
) RETURN VARCHAR2
IS
  predicate VARCHAR2(4000);
BEGIN
  IF (USER_ROLE('MANAGER') = 1) THEN
    -- Managers can access all salary data
    predicate := '';
  ELSE
    -- Employees can only access their own salary
    predicate := 'EMPLOYEEID = SYS_CONTEXT(''USERENV'', ''SESSION_USERID'')';
  END IF;
  
  RETURN predicate;
END;
/

BEGIN
  DBMS_RLS.ADD_POLICY(
    object_schema   => 'SCHEMA_NAME',
    object_name     => 'EMPLOYEES',
    policy_name     => 'SALARY_POLICY',
    function_schema => 'SCHEMA_NAME',
    policy_function => 'SALARY_POLICY_FUNCTION',
    statement_types => 'SELECT',
    update_check    => FALSE,
    enable          => TRUE
  );
END;

/

Comments

Post a Comment

Popular posts from this blog

Understanding Terraform

-
 Terraform is a tool used  for building, changing, and versioning infrastructure safely and efficiently. A Terraform can manage multiple cloud services using a provider plugin  Terraform work flow? Terraform work flow will be comprised of validate -> plan -> apply and finally destroy. what is the important file of terraform which records the actions of Terraform apply? For every Terraform execution the action will be recorded in a file called Terraform state file .  The terraform init command is used to initialise a working directory containing Terraform configuration files. During init, the configuration is searched for module blocks, and the source code for referenced modules is retrieved from the locations given in  their source arguments. The terraform plan command is used to create an execution plan. It will not modify things in infrastructure. The terraform apply command is used to apply the changes required to reach the desired state of the configur...
Read more

How to make CRS and ASM not to restart after server reboot

-
I have noticed that server rebooting is taking lot of time on a VM machine for every reboot, so I have decided to auto start of the crs and ASM service During this phase I have noticed an attribute called auto_start when I try to execute the below command crsctl stat res -p This AUTO_START attribute is there for several resources like ora.ASM ,ora.crs,ora.DATA_DG it has got 2 options restore(0) , never(2) and always (1) always (1)  Causes the resource to restart when the node restarts regardless of the resource’s state when the node stopped -restore (0)  Does not start the resource at restart time if it was in an offline state, such as STATE=OFFLINE, TARGET=OFFLINE, when the node stopped. The resource is restored to its state when the node went down. The resource is started only if it was online before and not otherwise. -never (2)  Oracle Clusterware never restarts the resource regardless of the resource’s state when the node is stopped. So I have dec...
Read more

How to repair ASM disk header

-
Image
What is ASM disk header corruption? ASM disk header corruption is a loss or damage to the disk header which contains the metadata essential for the operation and availability of an ASM disk group in Oracle. Imagine that you have an ASM disk corruption in any of the ASM diskgroups that have critical business data and the diskgroup has been configured as "EXTERNAL" redundancy, meaning that if one disk is inaccessible the whole diskgroup will be unavailable. Now what? Is your only option to restore it from backup by recreating the diskgroup or are there any other faster ways to recover the data? Here you need to find out whether it’s a complete loss of data in the ASM disk or is it just a header corruption. Hopefully for you, this is just a header corruption. Because, yes, there is a way out!  Below find the steps to restore from the ASM header corruption. Most of the data in the ASM disk header is of interest to that disk only. However, some information in the ASM disk header ...
Read more