SlideShare a Scribd company logo

OER Unit 4 Virtual Private Database

Girija Muscut
Girija Muscut

This document discusses database security using Oracle Virtual Private Database (VPD). It covers row level security (RLS) using predicates, components of a VPD policy including creating a function and policy, an example of a policy restricting user access, and dropping a function and policy. It also discusses column masking and application context, including using SYS_CONTEXT to return session information and setting an application context within a function.

1 of 28
Download to read offline
Database Security https://www.oercommons.org/ Dr. Girija Narasimhan 1 OER- UNIT 4 Virtual Private Database PART 1 – Row Level Security (RLS)
Dr. Girija Narasimhan 2 • The Virtual Private Database (VPD) is introduced in oracle 8i version. • This is special feature which will control the database access. The purpose of VPD is whenever object privilege and role is not sufficient to fulfill the requirement of the user security then VPD policy control the access. • In the VPD policy includes SELECT, INSERT, UPDATE, DELETE, INDEX statement. • It controls user directly or indirectly accessing any schema objects such as views, tables or synonyms in the database. • Using Predicate to the view it will restrict the user to access the row, it is called Row Level security as RLS. • The package name DBMS_RLS will support for implementing this feature. • VPD is not supporting TRUNCATE OR ALTER statement i.e Data Definition Language statement. • It is using Application context feature to control the user transaction views in the database. 4.1 Introduction
Dr. Girija Narasimhan 3 • There is two components, first to create function and then create policy. • For Creating a Function to generate the Dynamic WHERE Clause (predicate). • Using predicate define the restriction to apply for the policy. • The function generally created in administration own schema. (i.e. SYS). 4.2 Components of an Oracle Virtual Private Database Policy
Dr. Girija Narasimhan 4 CREATE TABLE USER1(USERID NUMBER(4) PRIMARY KEY,USERNAME VARCHAR2(15)); INSERT INTO USER1 VALUES(11,'ARVIND'); INSERT INTO USER1 VALUES(12,'SINDUJA'); INSERT INTO USER1 VALUES(13,'RAJU'); CREATE TABLE PROJECT(USERID NUMBER(4),PROJECT_NAME VARCHAR2(20),NO_OF_HOURS NUMBER(3)); INSERT INTO PROJECT VALUES(11,'MOBILE APPLICATION',30); INSERT INTO PROJECT VALUES(11,'ONLINE SHOPPING',40); INSERT INTO PROJECT VALUES(12,'HR APPLICATION',25); INSERT INTO PROJECT VALUES(12,'TELE BUY',35); Commit; Before creating function create two tables in HR schema USER1 and PROJECT. 4.2.1. Create Function
Dr. Girija Narasimhan 5
Dr. Girija Narasimhan 6 1) It must take as arguments a schema name and an object (table, view, or synonym) name as inputs. Define input parameters to hold this information, but do not specify the schema and object name themselves within the function. The policy that you create with the DBMS_RLS package. You must create the parameter for the schema first, followed by the parameter for the object. 2) It must provide a return value for the WHERE clause predicate that will be generated. The return value for the WHERE clause is always a VARCHAR2 data type. 3) It must generate a valid WHERE clause., in that its WHERE clause is the same for all users who log on. But in most cases, you may want to design the WHERE clause to be different for each user, each group of users, or each application that accesses the objects you want to protect. For example, if a manager logs in, the WHERE clause can be specific to the rights of that particular manager. You can do this by incorporating an application context, which accesses user session information, into the WHERE clause generation code. 4) It must not select from a table within the associated policy function. Although you can define a policy against a table, you cannot select that table from within the policy that was defined against the table. The function must have the following behavior
Dr. Girija Narasimhan 7 Creating a Policy to Attach the Function to the Objects You Want to Protect object. To attach a policy to a table, view, or synonym, you use the DBMS_RLS.ADD_POLICY procedure. You need to specify the table, view, or synonym to which you are adding a policy, and a name for the policy. You can also specify other information, such as the types of statements the policy controls (SELECT, INSERT, UPDATE, DELETE, CREATE INDEX, or ALTER INDEX). You can enforce Oracle Virtual Private Database policies for SELECT, INSERT, UPDATE, INDEX, and DELETE statements. If you do not specify a statement type, by default, Oracle Database specifies SELECT, INSERT, UPDATE, and DELETE but not Index. Enter any combination of these statement types by using the statement_types parameter in the DBMS_RLS.ADD_POLICY procedure. Enclose the list in a pair of single quotation marks. In the Virtual Private Database policy, you must ensure that the statement_types parameter includes all three of the INSERT, UPDATE, and DELETE statements for the policy to succeed. Alternatively, you can omit the statement_types parameter. You can enforce Oracle Virtual Private Database policies on index maintenance operations by specifying INDEX with the statement_types parameter. 4.3 Creating a Policy to Attach the Function to the Objects
Dr. Girija Narasimhan 8 That is a reason it is showing only user 12 values. After creating policy, login HR schema using PROJECT table, it will show only USERID 12 records i.e 2 rows only. It don‘t show all the records in the PROJECT table, once you policy is attach with the function RETURN_VAL:='USERID=12' this predicate WHERE condition is applied to the table.
Dr. Girija Narasimhan 9 4.4 Drop Function For deleting the function, write drop function statement DROP FUNCTION <FUNCTION_NAME> DROP FUNCTION GET_PROJECT; EXEC DBMS_RLS.DROP_POLICY ('schema name', 'object name', 'policy name'); EXEC DBMS_RLS.DROP_POLICY ('HR', 'PROJECT', 'PROB_project'); For example HR-schema name PROJECTobject name PROB_project  policy name All parameter should be enclosed by signal quotes. 4.5 Drop Policy
Database Security https://www.oercommons.org/ Dr. Girija Narasimhan 10 OER- UNIT 4 Virtual Private Database PART 2 – Column Masking
Dr. Girija Narasimhan 11 Set up a policy for each set of columns that has a different rule not for each user, for each set of columns. The following considerations apply to column-masking: * Column-masking applies only to SELECT statements. * Column-masking conditions generated by the policy function must be simple Boolean expressions, unlike regular Oracle Virtual Private Database predicates. * For applications that perform calculations, or do not expect NULL values, use standard column-level Oracle Virtual Private Database, specifying SEC_RELEVANT_COLS rather than the SEC_RELEVANT_COLS_OPT column-masking option. * Do not include columns of the object data type (including the XMLtype) in the sec_relevant_cols setting. This column type is not supported for the sec_relevant_cols setting. * Column-masking used with UPDATE AS SELECT updates only the columns that users are allowed to see. 4.6 Column Masking
Dr. Girija Narasimhan 12
Dr. Girija Narasimhan 13 Column-level policies enforce row-level security when a query references a security-relevant column. You can apply a column-level Oracle Virtual Private Database policy to tables and views, but not to synonyms. To apply the policy to a column, specify the security-relevant column by using the SEC_RELEVANT_COLS parameter of the DBMS_RLS.ADD_POLICY procedure. This parameter applies the security policy whenever the column is referenced, explicitly or implicitly, in a query.
Dr. Girija Narasimhan 14 With column-masking behavior, all rows display, even those that reference sensitive columns. The sensitive columns display as NULL values. To enable column-masking, set the SEC_RELEVANT_COLS_opt parameter of the DBMS_RLS.ADD_POLICY procedure.
Dr. Girija Narasimhan 15 For some queries, column-masking may prevent some rows from displaying. Because the column-masking option was set, this query may not return rows if the salary column returns a NULL value. This example deptno 20,10 values sal column values are NULL
Database Security https://www.oercommons.org/ Dr. Girija Narasimhan 16 OER- UNIT 4 Virtual Private Database PART 3 – Application Context
Dr. Girija Narasimhan 17 The following statement returns the name of the user who logged onto the database: CONNECT OE/OE SELECT SYS_CONTEXT ('USERENV', 'SESSION_USER') FROM DUAL; SYS_CONTEXT ('USERENV', 'SESSION_USER') ------------------------------------------------------ OE SELECT SYS_CONTEXT ('<name_space>','<parameter>', <length>) from DUAL; SYS_CONTEXT function returns the value of parameter associated with the context namespace. This function can be used in both SQL and PL/SQL statements.Context namespaces are always stored in the schema SYS . If you omit schema , then Oracle Database uses the current schema. package. To create a context namespace, you must have CREATE ANY CONTEXT system privilege. The parameter name can be any string. It is not case sensitive, but it cannot exceed 30 bytes in length. Oracle provides a built- in namespace called USERENV, which describes the current session. 4.7 SYS_CONTEXT
Dr. Girija Narasimhan 18 • Policy types control how Oracle Database caches Oracle Virtual Private Database policy predicates. • Setting a policy type for your policies, because the execution of policy functions can use a significant amount of system resources. • Minimizing the number of times that a policy function can run optimizes database performance. • You can choose from five policy types: DYNAMIC, STATIC, SHARED_STATIC, CONTEXT_SENSITIVE, and SHARED_CONTEXT_SENSITIVE. • To specify the policy type, set the policy_ type parameter of the DBMS_RLS.ADD POLICY procedure. 4.8 Oracle Virtual Private Database Policy Types
Dr. Girija Narasimhan 19
Dr. Girija Narasimhan 20 • Application context helps you apply fine-grained access control because you can link function-based security policies with applications. • Oracle provides a built-in application context namespace, USERENV, which provides access to predefined attributes. • These attributes are session primitives which is information that the database automatically captures about a user session. • For example, the IP address from which a user connects, the user name, and the proxy user name (in cases where a user connection is proxies through a middle tier), are all available as predefined attributes through the USERENV application context. • Such usage removes the repeated overhead of querying the database each time access to application attributes is needed. 4.9 Application Context
Dr. Girija Narasimhan 21
Dr. Girija Narasimhan 22
Dr. Girija Narasimhan 23
Dr. Girija Narasimhan 24 Line 4: userno variable hold the userid. Line 6: SELECT statement to copy the userid information in the variable userno. Line 7 : Uses a WHERE clause to find all the USERIDs that match the username of the user who is logging on. For example username of "ARVIND" userid 11 is matching. Line 8: Sets the pro_ctx application context values by creating the userid attribute and then setting it to the value stored in the userno variable. Line 10: Add a WHEN NO_DATA_FOUND system exception to catch any no data found errors that may result from the SELECT statement
Dr. Girija Narasimhan 25
Dr. Girija Narasimhan 26
Dr. Girija Narasimhan 27
Dr. Girija Narasimhan 28

Recommended

Apex and Virtual Private Database
Apex and Virtual Private DatabaseApex and Virtual Private Database
Apex and Virtual Private Database
Jeffrey Kemp
 
Introducing Application Context - from the PL/SQL Potpourri
Introducing Application Context - from the PL/SQL PotpourriIntroducing Application Context - from the PL/SQL Potpourri
Introducing Application Context - from the PL/SQL Potpourri
Lucas Jellema
 
Vpd Virtual Private Database By Saurabh
Vpd Virtual Private Database By SaurabhVpd Virtual Private Database By Saurabh
Vpd Virtual Private Database By Saurabhguestd83b546
 
MySQL Shell - the best DBA tool !
MySQL Shell - the best DBA tool !MySQL Shell - the best DBA tool !
MySQL Shell - the best DBA tool !
Frederic Descamps
 
Oracle Data Redaction
Oracle Data RedactionOracle Data Redaction
Oracle Data Redaction
Alex Zaballa
 
MySQL Database Architectures - InnoDB ReplicaSet & Cluster
MySQL Database Architectures - InnoDB ReplicaSet & ClusterMySQL Database Architectures - InnoDB ReplicaSet & Cluster
MySQL Database Architectures - InnoDB ReplicaSet & Cluster
Kenny Gryp
 
Unidad 1. Fundamentos de Base de Datos
Unidad 1. Fundamentos de Base de DatosUnidad 1. Fundamentos de Base de Datos
Unidad 1. Fundamentos de Base de Datos
hugodanielgd
 
[❤PDF❤] Oracle 19c Database Administration Oracle Simplified
[❤PDF❤] Oracle 19c Database Administration Oracle Simplified [❤PDF❤] Oracle 19c Database Administration Oracle Simplified
[❤PDF❤] Oracle 19c Database Administration Oracle Simplified
ZanderHaney
 

Recommended

Apex and Virtual Private Database
Apex and Virtual Private DatabaseApex and Virtual Private Database
Apex and Virtual Private Database
Jeffrey Kemp
 
Introducing Application Context - from the PL/SQL Potpourri
Introducing Application Context - from the PL/SQL PotpourriIntroducing Application Context - from the PL/SQL Potpourri
Introducing Application Context - from the PL/SQL Potpourri
Lucas Jellema
 
Vpd Virtual Private Database By Saurabh
Vpd Virtual Private Database By SaurabhVpd Virtual Private Database By Saurabh
Vpd Virtual Private Database By Saurabhguestd83b546
 
MySQL Shell - the best DBA tool !
MySQL Shell - the best DBA tool !MySQL Shell - the best DBA tool !
MySQL Shell - the best DBA tool !
Frederic Descamps
 
Oracle Data Redaction
Oracle Data RedactionOracle Data Redaction
Oracle Data Redaction
Alex Zaballa
 
MySQL Database Architectures - InnoDB ReplicaSet & Cluster
MySQL Database Architectures - InnoDB ReplicaSet & ClusterMySQL Database Architectures - InnoDB ReplicaSet & Cluster
MySQL Database Architectures - InnoDB ReplicaSet & Cluster
Kenny Gryp
 
Unidad 1. Fundamentos de Base de Datos
Unidad 1. Fundamentos de Base de DatosUnidad 1. Fundamentos de Base de Datos
Unidad 1. Fundamentos de Base de Datos
hugodanielgd
 
[❤PDF❤] Oracle 19c Database Administration Oracle Simplified
[❤PDF❤] Oracle 19c Database Administration Oracle Simplified [❤PDF❤] Oracle 19c Database Administration Oracle Simplified
[❤PDF❤] Oracle 19c Database Administration Oracle Simplified
ZanderHaney
 
MySQL enterprise edition
MySQL enterprise edition MySQL enterprise edition
MySQL enterprise edition
Mark Swarbrick
 
Top 20 FAQs on the Autonomous Database
Top 20 FAQs on the Autonomous DatabaseTop 20 FAQs on the Autonomous Database
Top 20 FAQs on the Autonomous Database
Sandesh Rao
 
Reducing Risk When Upgrading MySQL
Reducing Risk When Upgrading MySQLReducing Risk When Upgrading MySQL
Reducing Risk When Upgrading MySQL
Kenny Gryp
 
DOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsDOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant Environments
Stefan Oehrli
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12c
Nabeel Yoosuf
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database VaultMarco Alamanni
 
OOW15 - managing oracle e-business suite auditing and security
OOW15 - managing oracle e-business suite auditing and securityOOW15 - managing oracle e-business suite auditing and security
OOW15 - managing oracle e-business suite auditing and security
vasuballa
 
Understanding oracle rac internals part 2 - slides
Understanding oracle rac internals part 2 - slidesUnderstanding oracle rac internals part 2 - slides
Understanding oracle rac internals part 2 - slides
Mohamed Farouk
 
Stored procedures
Stored proceduresStored procedures
Stored procedures
Prof.Nilesh Magar
 
Fundamentos de base de datos 1a. unidad
Fundamentos de base de datos 1a. unidadFundamentos de base de datos 1a. unidad
Fundamentos de base de datos 1a. unidad
emilio_ambrosio
 
Explain that explain
Explain that explainExplain that explain
Explain that explainFabrizio Parrella
 
Fine-tuning Group Replication for Performance
Fine-tuning Group Replication for PerformanceFine-tuning Group Replication for Performance
Fine-tuning Group Replication for Performance
Vitor Oliveira
 
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptxFive_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Maria Colgan
 
MySQL Atchitecture and Concepts
MySQL Atchitecture and ConceptsMySQL Atchitecture and Concepts
MySQL Atchitecture and Concepts
Tuyen Vuong
 
Oracle Security Presentation
Oracle Security PresentationOracle Security Presentation
Oracle Security Presentation
Francisco Alvarez
 
Redefining tables online without surprises
Redefining tables online without surprisesRedefining tables online without surprises
Redefining tables online without surprises
Nelson Calero
 
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfOracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
SrirakshaSrinivasan2
 
MySQL Performance Schema in MySQL 8.0
MySQL Performance Schema in MySQL 8.0MySQL Performance Schema in MySQL 8.0
MySQL Performance Schema in MySQL 8.0
Mayank Prasad
 
The Oracle RAC Family of Solutions - Presentation
The Oracle RAC Family of Solutions - PresentationThe Oracle RAC Family of Solutions - Presentation
The Oracle RAC Family of Solutions - Presentation
Markus Michalewicz
 
Database performance tuning and query optimization
Database performance tuning and query optimizationDatabase performance tuning and query optimization
Database performance tuning and query optimization
Dhani Ahmad
 
Data Redaction - OTN TOUR LA 2015
Data Redaction - OTN TOUR LA 2015 Data Redaction - OTN TOUR LA 2015
Data Redaction - OTN TOUR LA 2015
Alex Zaballa
 
Row-level security and Dynamic Data Masking
Row-level security and Dynamic Data MaskingRow-level security and Dynamic Data Masking
Row-level security and Dynamic Data Masking
SolidQ
 

More Related Content

What's hot

MySQL enterprise edition
MySQL enterprise edition MySQL enterprise edition
MySQL enterprise edition
Mark Swarbrick
 
Top 20 FAQs on the Autonomous Database
Top 20 FAQs on the Autonomous DatabaseTop 20 FAQs on the Autonomous Database
Top 20 FAQs on the Autonomous Database
Sandesh Rao
 
Reducing Risk When Upgrading MySQL
Reducing Risk When Upgrading MySQLReducing Risk When Upgrading MySQL
Reducing Risk When Upgrading MySQL
Kenny Gryp
 
DOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsDOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant Environments
Stefan Oehrli
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12c
Nabeel Yoosuf
 
OOW15 - managing oracle e-business suite auditing and security
OOW15 - managing oracle e-business suite auditing and securityOOW15 - managing oracle e-business suite auditing and security
OOW15 - managing oracle e-business suite auditing and security
vasuballa
 
Understanding oracle rac internals part 2 - slides
Understanding oracle rac internals part 2 - slidesUnderstanding oracle rac internals part 2 - slides
Understanding oracle rac internals part 2 - slides
Mohamed Farouk
 
Stored procedures
Stored proceduresStored procedures
Stored procedures
Prof.Nilesh Magar
 
Fundamentos de base de datos 1a. unidad
Fundamentos de base de datos 1a. unidadFundamentos de base de datos 1a. unidad
Fundamentos de base de datos 1a. unidad
emilio_ambrosio
 
Fine-tuning Group Replication for Performance
Fine-tuning Group Replication for PerformanceFine-tuning Group Replication for Performance
Fine-tuning Group Replication for Performance
Vitor Oliveira
 
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptxFive_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Maria Colgan
 
MySQL Atchitecture and Concepts
MySQL Atchitecture and ConceptsMySQL Atchitecture and Concepts
MySQL Atchitecture and Concepts
Tuyen Vuong
 
Oracle Security Presentation
Oracle Security PresentationOracle Security Presentation
Oracle Security Presentation
Francisco Alvarez
 
Redefining tables online without surprises
Redefining tables online without surprisesRedefining tables online without surprises
Redefining tables online without surprises
Nelson Calero
 
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfOracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
SrirakshaSrinivasan2
 
MySQL Performance Schema in MySQL 8.0
MySQL Performance Schema in MySQL 8.0MySQL Performance Schema in MySQL 8.0
MySQL Performance Schema in MySQL 8.0
Mayank Prasad
 
The Oracle RAC Family of Solutions - Presentation
The Oracle RAC Family of Solutions - PresentationThe Oracle RAC Family of Solutions - Presentation
The Oracle RAC Family of Solutions - Presentation
Markus Michalewicz
 
Database performance tuning and query optimization
Database performance tuning and query optimizationDatabase performance tuning and query optimization
Database performance tuning and query optimization
Dhani Ahmad
 

What's hot (20)

MySQL enterprise edition
MySQL enterprise edition MySQL enterprise edition
MySQL enterprise edition
 
Top 20 FAQs on the Autonomous Database
Top 20 FAQs on the Autonomous DatabaseTop 20 FAQs on the Autonomous Database
Top 20 FAQs on the Autonomous Database
 
Reducing Risk When Upgrading MySQL
Reducing Risk When Upgrading MySQLReducing Risk When Upgrading MySQL
Reducing Risk When Upgrading MySQL
 
DOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsDOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant Environments
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12c
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database Vault
 
OOW15 - managing oracle e-business suite auditing and security
OOW15 - managing oracle e-business suite auditing and securityOOW15 - managing oracle e-business suite auditing and security
OOW15 - managing oracle e-business suite auditing and security
 
Understanding oracle rac internals part 2 - slides
Understanding oracle rac internals part 2 - slidesUnderstanding oracle rac internals part 2 - slides
Understanding oracle rac internals part 2 - slides
 
Stored procedures
Stored proceduresStored procedures
Stored procedures
 
Fundamentos de base de datos 1a. unidad
Fundamentos de base de datos 1a. unidadFundamentos de base de datos 1a. unidad
Fundamentos de base de datos 1a. unidad
 
Explain that explain
Explain that explainExplain that explain
Explain that explain
 
Fine-tuning Group Replication for Performance
Fine-tuning Group Replication for PerformanceFine-tuning Group Replication for Performance
Fine-tuning Group Replication for Performance
 
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptxFive_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
Five_Things_You_Might_Not_Know_About_Oracle_Database_v2.pptx
 
MySQL Atchitecture and Concepts
MySQL Atchitecture and ConceptsMySQL Atchitecture and Concepts
MySQL Atchitecture and Concepts
 
Oracle Security Presentation
Oracle Security PresentationOracle Security Presentation
Oracle Security Presentation
 
Redefining tables online without surprises
Redefining tables online without surprisesRedefining tables online without surprises
Redefining tables online without surprises
 
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdfOracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
Oracle_Multitenant_19c_-_All_About_Pluggable_D.pdf
 
MySQL Performance Schema in MySQL 8.0
MySQL Performance Schema in MySQL 8.0MySQL Performance Schema in MySQL 8.0
MySQL Performance Schema in MySQL 8.0
 
The Oracle RAC Family of Solutions - Presentation
The Oracle RAC Family of Solutions - PresentationThe Oracle RAC Family of Solutions - Presentation
The Oracle RAC Family of Solutions - Presentation
 
Database performance tuning and query optimization
Database performance tuning and query optimizationDatabase performance tuning and query optimization
Database performance tuning and query optimization
 

Similar to OER Unit 4 Virtual Private Database

Data Redaction - OTN TOUR LA 2015
Data Redaction - OTN TOUR LA 2015 Data Redaction - OTN TOUR LA 2015
Data Redaction - OTN TOUR LA 2015
Alex Zaballa
 
Row-level security and Dynamic Data Masking
Row-level security and Dynamic Data MaskingRow-level security and Dynamic Data Masking
Row-level security and Dynamic Data Masking
SolidQ
 
Row level security
Row level securityRow level security
Row level security
Antonios Chatzipavlis
 
OTech magazine article - Principle of Least Privilege
OTech magazine article - Principle of Least PrivilegeOTech magazine article - Principle of Least Privilege
OTech magazine article - Principle of Least Privilege
Biju Thomas
 
oracle
oracleoracle
oracle
tarunamoria
 
Vpd
VpdVpd
Vpd
Sage Computing Services
 
MySQL Administration and Monitoring
MySQL Administration and MonitoringMySQL Administration and Monitoring
MySQL Administration and MonitoringMark Leith
 
DB2 10 Security Enhancements
DB2 10 Security EnhancementsDB2 10 Security Enhancements
DB2 10 Security Enhancements
Laura Hood
 
Introducing Data Redaction - an enabler to data security in EDB Postgres Adva...
Introducing Data Redaction - an enabler to data security in EDB Postgres Adva...Introducing Data Redaction - an enabler to data security in EDB Postgres Adva...
Introducing Data Redaction - an enabler to data security in EDB Postgres Adva...
EDB
 
Data Driven Security in SSAS
Data Driven Security in SSASData Driven Security in SSAS
Data Driven Security in SSASMike Duffy
 
Oracle Data Redaction
Oracle Data RedactionOracle Data Redaction
Oracle Data Redaction
Ivica Arsov
 
Enterprise Library 3.0 Policy Injection Applicatoin Block
Enterprise Library 3.0 Policy Injection Applicatoin BlockEnterprise Library 3.0 Policy Injection Applicatoin Block
Enterprise Library 3.0 Policy Injection Applicatoin Block
mcgurk
 
Privilege Analysis with the Oracle Database
Privilege Analysis with the Oracle DatabasePrivilege Analysis with the Oracle Database
Privilege Analysis with the Oracle Database
Markus Flechtner
 
08 Dynamic SQL and Metadata
08 Dynamic SQL and Metadata08 Dynamic SQL and Metadata
08 Dynamic SQL and Metadata
rehaniltifat
 
The Database Environment Chapter 7
The Database Environment Chapter 7The Database Environment Chapter 7
The Database Environment Chapter 7
Jeanie Arnoco
 
BI Publisher Data model design document
BI Publisher Data model design documentBI Publisher Data model design document
BI Publisher Data model design document
adivasoft
 
BI Publisher 11g : Data Model Design document
BI Publisher 11g : Data Model Design documentBI Publisher 11g : Data Model Design document
BI Publisher 11g : Data Model Design document
adivasoft
 

Similar to OER Unit 4 Virtual Private Database (20)

Data Redaction - OTN TOUR LA 2015
Data Redaction - OTN TOUR LA 2015 Data Redaction - OTN TOUR LA 2015
Data Redaction - OTN TOUR LA 2015
 
Row-level security and Dynamic Data Masking
Row-level security and Dynamic Data MaskingRow-level security and Dynamic Data Masking
Row-level security and Dynamic Data Masking
 
Row level security
Row level securityRow level security
Row level security
 
OTech magazine article - Principle of Least Privilege
OTech magazine article - Principle of Least PrivilegeOTech magazine article - Principle of Least Privilege
OTech magazine article - Principle of Least Privilege
 
oracle
oracleoracle
oracle
 
Less11 Security
Less11 SecurityLess11 Security
Less11 Security
 
Vpd
VpdVpd
Vpd
 
MySQL Administration and Monitoring
MySQL Administration and MonitoringMySQL Administration and Monitoring
MySQL Administration and Monitoring
 
DB2 10 Security Enhancements
DB2 10 Security EnhancementsDB2 10 Security Enhancements
DB2 10 Security Enhancements
 
Introducing Data Redaction - an enabler to data security in EDB Postgres Adva...
Introducing Data Redaction - an enabler to data security in EDB Postgres Adva...Introducing Data Redaction - an enabler to data security in EDB Postgres Adva...
Introducing Data Redaction - an enabler to data security in EDB Postgres Adva...
 
Data Driven Security in SSAS
Data Driven Security in SSASData Driven Security in SSAS
Data Driven Security in SSAS
 
Oracle Data Redaction
Oracle Data RedactionOracle Data Redaction
Oracle Data Redaction
 
Enterprise Library 3.0 Policy Injection Applicatoin Block
Enterprise Library 3.0 Policy Injection Applicatoin BlockEnterprise Library 3.0 Policy Injection Applicatoin Block
Enterprise Library 3.0 Policy Injection Applicatoin Block
 
Privilege Analysis with the Oracle Database
Privilege Analysis with the Oracle DatabasePrivilege Analysis with the Oracle Database
Privilege Analysis with the Oracle Database
 
DB2 LUW Auditing
DB2 LUW AuditingDB2 LUW Auditing
DB2 LUW Auditing
 
08 Dynamic SQL and Metadata
08 Dynamic SQL and Metadata08 Dynamic SQL and Metadata
08 Dynamic SQL and Metadata
 
Database modeling and security
Database modeling and securityDatabase modeling and security
Database modeling and security
 
The Database Environment Chapter 7
The Database Environment Chapter 7The Database Environment Chapter 7
The Database Environment Chapter 7
 
BI Publisher Data model design document
BI Publisher Data model design documentBI Publisher Data model design document
BI Publisher Data model design document
 
BI Publisher 11g : Data Model Design document
BI Publisher 11g : Data Model Design documentBI Publisher 11g : Data Model Design document
BI Publisher 11g : Data Model Design document
 

More from Girija Muscut

Tamil Nalvar
Tamil Nalvar Tamil Nalvar
Tamil Nalvar
Girija Muscut
 
Visualization using Tableau
Visualization using TableauVisualization using Tableau
Visualization using Tableau
Girija Muscut
 
Introduction to ml
Introduction to mlIntroduction to ml
Introduction to ml
Girija Muscut
 
Effective Visualization with Tableau
Effective Visualization with TableauEffective Visualization with Tableau
Effective Visualization with Tableau
Girija Muscut
 
Guruvayoor song with audio-Udayasthamana puja
Guruvayoor song with audio-Udayasthamana puja Guruvayoor song with audio-Udayasthamana puja
Guruvayoor song with audio-Udayasthamana puja
Girija Muscut
 
Lakshmi lalli with audio
Lakshmi lalli with audioLakshmi lalli with audio
Lakshmi lalli with audio
Girija Muscut
 
Bagyada laskhmi purandara dasa
Bagyada laskhmi purandara dasaBagyada laskhmi purandara dasa
Bagyada laskhmi purandara dasa
Girija Muscut
 
Lakshmi lalli
Lakshmi lalliLakshmi lalli
Lakshmi lalli
Girija Muscut
 
Amba nee irangaayenil - papanasam sivan song
Amba nee irangaayenil - papanasam sivan songAmba nee irangaayenil - papanasam sivan song
Amba nee irangaayenil - papanasam sivan song
Girija Muscut
 
Mahalakshmi jagan madha - papanasm sivan tamil song
Mahalakshmi jagan madha - papanasm sivan tamil songMahalakshmi jagan madha - papanasm sivan tamil song
Mahalakshmi jagan madha - papanasm sivan tamil song
Girija Muscut
 
Sowbhagayaha laskhmi varuvai nee tamil song
Sowbhagayaha laskhmi varuvai nee tamil songSowbhagayaha laskhmi varuvai nee tamil song
Sowbhagayaha laskhmi varuvai nee tamil song
Girija Muscut
 
Bega baro Bega baro Neela Megha Varna-Vadhiraja Theertha
Bega baro Bega baro Neela Megha Varna-Vadhiraja TheerthaBega baro Bega baro Neela Megha Varna-Vadhiraja Theertha
Bega baro Bega baro Neela Megha Varna-Vadhiraja Theertha
Girija Muscut
 
Rama Nama Bhajan
Rama Nama BhajanRama Nama Bhajan
Rama Nama Bhajan
Girija Muscut
 
Saratha devi song 1
Saratha devi song 1Saratha devi song 1
Saratha devi song 1
Girija Muscut
 
Saraswathi bhajan 1 with tamil meaning
Saraswathi bhajan 1 with tamil meaningSaraswathi bhajan 1 with tamil meaning
Saraswathi bhajan 1 with tamil meaning
Girija Muscut
 
Aneyu karadare -Purandara Dasar.
Aneyu karadare -Purandara Dasar.Aneyu karadare -Purandara Dasar.
Aneyu karadare -Purandara Dasar.
Girija Muscut
 
Maithriam Bhajatha with tamil meaning (lyrics)
Maithriam Bhajatha with tamil meaning (lyrics)Maithriam Bhajatha with tamil meaning (lyrics)
Maithriam Bhajatha with tamil meaning (lyrics)
Girija Muscut
 
Unit 4 scd2-exercise 1-solution
Unit 4 scd2-exercise 1-solutionUnit 4 scd2-exercise 1-solution
Unit 4 scd2-exercise 1-solution
Girija Muscut
 
Unit 2 - Slowly Changing Dimension Type 1 (SCD1) (insert)
Unit 2 - Slowly Changing Dimension Type 1 (SCD1) (insert)Unit 2 - Slowly Changing Dimension Type 1 (SCD1) (insert)
Unit 2 - Slowly Changing Dimension Type 1 (SCD1) (insert)
Girija Muscut
 
Slowly Changing Dimension Type 1 (SCD 1) exercise 2 solution insert and update
Slowly Changing Dimension Type 1 (SCD 1) exercise 2 solution insert and updateSlowly Changing Dimension Type 1 (SCD 1) exercise 2 solution insert and update
Slowly Changing Dimension Type 1 (SCD 1) exercise 2 solution insert and update
Girija Muscut
 

More from Girija Muscut (20)

Tamil Nalvar
Tamil Nalvar Tamil Nalvar
Tamil Nalvar
 
Visualization using Tableau
Visualization using TableauVisualization using Tableau
Visualization using Tableau
 
Introduction to ml
Introduction to mlIntroduction to ml
Introduction to ml
 
Effective Visualization with Tableau
Effective Visualization with TableauEffective Visualization with Tableau
Effective Visualization with Tableau
 
Guruvayoor song with audio-Udayasthamana puja
Guruvayoor song with audio-Udayasthamana puja Guruvayoor song with audio-Udayasthamana puja
Guruvayoor song with audio-Udayasthamana puja
 
Lakshmi lalli with audio
Lakshmi lalli with audioLakshmi lalli with audio
Lakshmi lalli with audio
 
Bagyada laskhmi purandara dasa
Bagyada laskhmi purandara dasaBagyada laskhmi purandara dasa
Bagyada laskhmi purandara dasa
 
Lakshmi lalli
Lakshmi lalliLakshmi lalli
Lakshmi lalli
 
Amba nee irangaayenil - papanasam sivan song
Amba nee irangaayenil - papanasam sivan songAmba nee irangaayenil - papanasam sivan song
Amba nee irangaayenil - papanasam sivan song
 
Mahalakshmi jagan madha - papanasm sivan tamil song
Mahalakshmi jagan madha - papanasm sivan tamil songMahalakshmi jagan madha - papanasm sivan tamil song
Mahalakshmi jagan madha - papanasm sivan tamil song
 
Sowbhagayaha laskhmi varuvai nee tamil song
Sowbhagayaha laskhmi varuvai nee tamil songSowbhagayaha laskhmi varuvai nee tamil song
Sowbhagayaha laskhmi varuvai nee tamil song
 
Bega baro Bega baro Neela Megha Varna-Vadhiraja Theertha
Bega baro Bega baro Neela Megha Varna-Vadhiraja TheerthaBega baro Bega baro Neela Megha Varna-Vadhiraja Theertha
Bega baro Bega baro Neela Megha Varna-Vadhiraja Theertha
 
Rama Nama Bhajan
Rama Nama BhajanRama Nama Bhajan
Rama Nama Bhajan
 
Saratha devi song 1
Saratha devi song 1Saratha devi song 1
Saratha devi song 1
 
Saraswathi bhajan 1 with tamil meaning
Saraswathi bhajan 1 with tamil meaningSaraswathi bhajan 1 with tamil meaning
Saraswathi bhajan 1 with tamil meaning
 
Aneyu karadare -Purandara Dasar.
Aneyu karadare -Purandara Dasar.Aneyu karadare -Purandara Dasar.
Aneyu karadare -Purandara Dasar.
 
Maithriam Bhajatha with tamil meaning (lyrics)
Maithriam Bhajatha with tamil meaning (lyrics)Maithriam Bhajatha with tamil meaning (lyrics)
Maithriam Bhajatha with tamil meaning (lyrics)
 
Unit 4 scd2-exercise 1-solution
Unit 4 scd2-exercise 1-solutionUnit 4 scd2-exercise 1-solution
Unit 4 scd2-exercise 1-solution
 
Unit 2 - Slowly Changing Dimension Type 1 (SCD1) (insert)
Unit 2 - Slowly Changing Dimension Type 1 (SCD1) (insert)Unit 2 - Slowly Changing Dimension Type 1 (SCD1) (insert)
Unit 2 - Slowly Changing Dimension Type 1 (SCD1) (insert)
 
Slowly Changing Dimension Type 1 (SCD 1) exercise 2 solution insert and update
Slowly Changing Dimension Type 1 (SCD 1) exercise 2 solution insert and updateSlowly Changing Dimension Type 1 (SCD 1) exercise 2 solution insert and update
Slowly Changing Dimension Type 1 (SCD 1) exercise 2 solution insert and update
 

Recently uploaded

Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
informapgpstrackings
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
Cyanic lab
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Anthony Dahanne
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
RISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent EnterpriseRISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent Enterprise
Srikant77
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
wottaspaceseo
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
abdulrafaychaudhry
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Natan Silnitsky
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 

Recently uploaded (20)

Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
Cyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdfCyaniclab : Software Development Agency Portfolio.pdf
Cyaniclab : Software Development Agency Portfolio.pdf
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
RISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent EnterpriseRISE with SAP and Journey to the Intelligent Enterprise
RISE with SAP and Journey to the Intelligent Enterprise
 
How Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptxHow Recreation Management Software Can Streamline Your Operations.pptx
How Recreation Management Software Can Streamline Your Operations.pptx
 
Lecture 1 Introduction to games development
Lecture 1 Introduction to games developmentLecture 1 Introduction to games development
Lecture 1 Introduction to games development
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.ILBeyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
Beyond Event Sourcing - Embracing CRUD for Wix Platform - Java.IL
 
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 

OER Unit 4 Virtual Private Database

  • 1. Database Security https://www.oercommons.org/ Dr. Girija Narasimhan 1 OER- UNIT 4 Virtual Private Database PART 1 – Row Level Security (RLS)
  • 2. Dr. Girija Narasimhan 2 • The Virtual Private Database (VPD) is introduced in oracle 8i version. • This is special feature which will control the database access. The purpose of VPD is whenever object privilege and role is not sufficient to fulfill the requirement of the user security then VPD policy control the access. • In the VPD policy includes SELECT, INSERT, UPDATE, DELETE, INDEX statement. • It controls user directly or indirectly accessing any schema objects such as views, tables or synonyms in the database. • Using Predicate to the view it will restrict the user to access the row, it is called Row Level security as RLS. • The package name DBMS_RLS will support for implementing this feature. • VPD is not supporting TRUNCATE OR ALTER statement i.e Data Definition Language statement. • It is using Application context feature to control the user transaction views in the database. 4.1 Introduction
  • 3. Dr. Girija Narasimhan 3 • There is two components, first to create function and then create policy. • For Creating a Function to generate the Dynamic WHERE Clause (predicate). • Using predicate define the restriction to apply for the policy. • The function generally created in administration own schema. (i.e. SYS). 4.2 Components of an Oracle Virtual Private Database Policy
  • 4. Dr. Girija Narasimhan 4 CREATE TABLE USER1(USERID NUMBER(4) PRIMARY KEY,USERNAME VARCHAR2(15)); INSERT INTO USER1 VALUES(11,'ARVIND'); INSERT INTO USER1 VALUES(12,'SINDUJA'); INSERT INTO USER1 VALUES(13,'RAJU'); CREATE TABLE PROJECT(USERID NUMBER(4),PROJECT_NAME VARCHAR2(20),NO_OF_HOURS NUMBER(3)); INSERT INTO PROJECT VALUES(11,'MOBILE APPLICATION',30); INSERT INTO PROJECT VALUES(11,'ONLINE SHOPPING',40); INSERT INTO PROJECT VALUES(12,'HR APPLICATION',25); INSERT INTO PROJECT VALUES(12,'TELE BUY',35); Commit; Before creating function create two tables in HR schema USER1 and PROJECT. 4.2.1. Create Function
  • 6. Dr. Girija Narasimhan 6 1) It must take as arguments a schema name and an object (table, view, or synonym) name as inputs. Define input parameters to hold this information, but do not specify the schema and object name themselves within the function. The policy that you create with the DBMS_RLS package. You must create the parameter for the schema first, followed by the parameter for the object. 2) It must provide a return value for the WHERE clause predicate that will be generated. The return value for the WHERE clause is always a VARCHAR2 data type. 3) It must generate a valid WHERE clause., in that its WHERE clause is the same for all users who log on. But in most cases, you may want to design the WHERE clause to be different for each user, each group of users, or each application that accesses the objects you want to protect. For example, if a manager logs in, the WHERE clause can be specific to the rights of that particular manager. You can do this by incorporating an application context, which accesses user session information, into the WHERE clause generation code. 4) It must not select from a table within the associated policy function. Although you can define a policy against a table, you cannot select that table from within the policy that was defined against the table. The function must have the following behavior
  • 7. Dr. Girija Narasimhan 7 Creating a Policy to Attach the Function to the Objects You Want to Protect object. To attach a policy to a table, view, or synonym, you use the DBMS_RLS.ADD_POLICY procedure. You need to specify the table, view, or synonym to which you are adding a policy, and a name for the policy. You can also specify other information, such as the types of statements the policy controls (SELECT, INSERT, UPDATE, DELETE, CREATE INDEX, or ALTER INDEX). You can enforce Oracle Virtual Private Database policies for SELECT, INSERT, UPDATE, INDEX, and DELETE statements. If you do not specify a statement type, by default, Oracle Database specifies SELECT, INSERT, UPDATE, and DELETE but not Index. Enter any combination of these statement types by using the statement_types parameter in the DBMS_RLS.ADD_POLICY procedure. Enclose the list in a pair of single quotation marks. In the Virtual Private Database policy, you must ensure that the statement_types parameter includes all three of the INSERT, UPDATE, and DELETE statements for the policy to succeed. Alternatively, you can omit the statement_types parameter. You can enforce Oracle Virtual Private Database policies on index maintenance operations by specifying INDEX with the statement_types parameter. 4.3 Creating a Policy to Attach the Function to the Objects
  • 8. Dr. Girija Narasimhan 8 That is a reason it is showing only user 12 values. After creating policy, login HR schema using PROJECT table, it will show only USERID 12 records i.e 2 rows only. It don‘t show all the records in the PROJECT table, once you policy is attach with the function RETURN_VAL:='USERID=12' this predicate WHERE condition is applied to the table.
  • 9. Dr. Girija Narasimhan 9 4.4 Drop Function For deleting the function, write drop function statement DROP FUNCTION <FUNCTION_NAME> DROP FUNCTION GET_PROJECT; EXEC DBMS_RLS.DROP_POLICY ('schema name', 'object name', 'policy name'); EXEC DBMS_RLS.DROP_POLICY ('HR', 'PROJECT', 'PROB_project'); For example HR-schema name PROJECTobject name PROB_project  policy name All parameter should be enclosed by signal quotes. 4.5 Drop Policy
  • 10. Database Security https://www.oercommons.org/ Dr. Girija Narasimhan 10 OER- UNIT 4 Virtual Private Database PART 2 – Column Masking
  • 11. Dr. Girija Narasimhan 11 Set up a policy for each set of columns that has a different rule not for each user, for each set of columns. The following considerations apply to column-masking: * Column-masking applies only to SELECT statements. * Column-masking conditions generated by the policy function must be simple Boolean expressions, unlike regular Oracle Virtual Private Database predicates. * For applications that perform calculations, or do not expect NULL values, use standard column-level Oracle Virtual Private Database, specifying SEC_RELEVANT_COLS rather than the SEC_RELEVANT_COLS_OPT column-masking option. * Do not include columns of the object data type (including the XMLtype) in the sec_relevant_cols setting. This column type is not supported for the sec_relevant_cols setting. * Column-masking used with UPDATE AS SELECT updates only the columns that users are allowed to see. 4.6 Column Masking
  • 13. Dr. Girija Narasimhan 13 Column-level policies enforce row-level security when a query references a security-relevant column. You can apply a column-level Oracle Virtual Private Database policy to tables and views, but not to synonyms. To apply the policy to a column, specify the security-relevant column by using the SEC_RELEVANT_COLS parameter of the DBMS_RLS.ADD_POLICY procedure. This parameter applies the security policy whenever the column is referenced, explicitly or implicitly, in a query.
  • 14. Dr. Girija Narasimhan 14 With column-masking behavior, all rows display, even those that reference sensitive columns. The sensitive columns display as NULL values. To enable column-masking, set the SEC_RELEVANT_COLS_opt parameter of the DBMS_RLS.ADD_POLICY procedure.
  • 15. Dr. Girija Narasimhan 15 For some queries, column-masking may prevent some rows from displaying. Because the column-masking option was set, this query may not return rows if the salary column returns a NULL value. This example deptno 20,10 values sal column values are NULL
  • 16. Database Security https://www.oercommons.org/ Dr. Girija Narasimhan 16 OER- UNIT 4 Virtual Private Database PART 3 – Application Context
  • 17. Dr. Girija Narasimhan 17 The following statement returns the name of the user who logged onto the database: CONNECT OE/OE SELECT SYS_CONTEXT ('USERENV', 'SESSION_USER') FROM DUAL; SYS_CONTEXT ('USERENV', 'SESSION_USER') ------------------------------------------------------ OE SELECT SYS_CONTEXT ('<name_space>','<parameter>', <length>) from DUAL; SYS_CONTEXT function returns the value of parameter associated with the context namespace. This function can be used in both SQL and PL/SQL statements.Context namespaces are always stored in the schema SYS . If you omit schema , then Oracle Database uses the current schema. package. To create a context namespace, you must have CREATE ANY CONTEXT system privilege. The parameter name can be any string. It is not case sensitive, but it cannot exceed 30 bytes in length. Oracle provides a built- in namespace called USERENV, which describes the current session. 4.7 SYS_CONTEXT
  • 18. Dr. Girija Narasimhan 18 • Policy types control how Oracle Database caches Oracle Virtual Private Database policy predicates. • Setting a policy type for your policies, because the execution of policy functions can use a significant amount of system resources. • Minimizing the number of times that a policy function can run optimizes database performance. • You can choose from five policy types: DYNAMIC, STATIC, SHARED_STATIC, CONTEXT_SENSITIVE, and SHARED_CONTEXT_SENSITIVE. • To specify the policy type, set the policy_ type parameter of the DBMS_RLS.ADD POLICY procedure. 4.8 Oracle Virtual Private Database Policy Types
  • 20. Dr. Girija Narasimhan 20 • Application context helps you apply fine-grained access control because you can link function-based security policies with applications. • Oracle provides a built-in application context namespace, USERENV, which provides access to predefined attributes. • These attributes are session primitives which is information that the database automatically captures about a user session. • For example, the IP address from which a user connects, the user name, and the proxy user name (in cases where a user connection is proxies through a middle tier), are all available as predefined attributes through the USERENV application context. • Such usage removes the repeated overhead of querying the database each time access to application attributes is needed. 4.9 Application Context
  • 24. Dr. Girija Narasimhan 24 Line 4: userno variable hold the userid. Line 6: SELECT statement to copy the userid information in the variable userno. Line 7 : Uses a WHERE clause to find all the USERIDs that match the username of the user who is logging on. For example username of "ARVIND" userid 11 is matching. Line 8: Sets the pro_ctx application context values by creating the userid attribute and then setting it to the value stored in the userno variable. Line 10: Add a WHEN NO_DATA_FOUND system exception to catch any no data found errors that may result from the SELECT statement