Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • VPD

    Încărcat de

    singhalneeti
    126 vizualizări5 pagini
    Virtual private databases (VPD) allow dynamic row-level security by modifying SQL statements with a predicate from a policy function. The function returns a WHERE clause to filter rows. Oracle rewrites queries by appending this predicate. For example, a policy on the GL_DAILY_RATES table checks a profile value and restricts by conversion type if not null. Administrators can add or remove VPD policies using DBMS_RLS procedures.

    Descriere originală:

    Titlu original

    VPD Doc

    Drepturi de autor

    © Attribution Non-Commercial (BY-NC)

    Formate disponibile

    PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document
    Virtual private databases (VPD) allow dynamic row-level security by modifying SQL statements with a predicate from a policy function. The function returns a WHERE clause to filter rows. Oracle rewrites queries by appending this predicate. For example, a policy on the GL_DAILY_RATES table checks a profile value and restricts by conversion type if not null. Administrators can add or remove VPD policies using DBMS_RLS procedures.

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    126 vizualizări5 pagini

    VPD

    Încărcat de

    singhalneeti
    Virtual private databases (VPD) allow dynamic row-level security by modifying SQL statements with a predicate from a policy function. The function returns a WHERE clause to filter rows. Oracle rewrites queries by appending this predicate. For example, a policy on the GL_DAILY_RATES table checks a profile value and restricts by conversion type if not null. Administrators can add or remove VPD policies using DBMS_RLS procedures.

    Drepturi de autor:

    Attribution Non-Commercial (BY-NC)
    Descărcați ca PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 5

    VPD or Oracle Security Policy

    Virtual Private
    Database Concept
    in
    R12
    Oracle Policies
    Author
    Sachin Goel
    Creation Date: 10-Apr-2008

    Lat Modified Date: 10-Apr-2008

    Created By: Sachin Goel


    VPD or Oracle Security Policy

    Virtual Private Database or Oracle Security Policy

    Virtual private databases have several other names within the Oracle documentation, including row-level security
    (RLS) and fine-grained access control (FGAC). Regardless of the name, VPD security provides a whole new way to
    control access to Oracle data. Most interesting is the dynamic nature of a VPD. At runtime, Oracle performs these
    near magical feats by dynamically modifying the SQL statement of the end user:

    1. Oracle gathers application context information at user logon time and then calls the policy function, which
    returns a predicate. A predicate is a where clause that qualifies a particular set of rows within the table.

    2. Oracle dynamically rewrites the query by appending the predicate to users' SQL statements.

    Whenever a query is run against the target tables, Oracle invokes the policy and produces a transient view with a
    where clause predicate pasted onto the end of the query, like so: -

    SELECT * FROM book WHERE P1

    To understand the above statement, please see below example, which is being applied in the P2P on
    GL_DAILY_RATES table: -

    *********************************************************************************

    To check the attributes of a policy query on DBA_POLICIES as below: -

    SELECT * FROM DBA_POLICIES WHERE OBJECT_NAME LIKE 'GL_DAILY_RATES';

    *********************************************************************************

    Policy Name: XXCGL_DAILY_RATES_SEC

    Objet Name: GL_DAILY_RATES

    Function Name: XXCGL_RATES_SEC

    Script of Function:

    CREATE OR REPLACE FUNCTION APPS.xxcgl_rates_sec (


    p_schema IN VARCHAR2,
    p_object IN VARCHAR2
    )
    RETURN VARCHAR2
    IS
    l_profile_value VARCHAR2 (200) := NULL;
    l_predicate VARCHAR2 (2000) := NULL;
    l_concurrent_program_id Number:=NULL;
    l_resp_name FND_RESPONSIBILITY_VL.RESPONSIBILITY_NAME%TYPE;
    BEGIN
    /****************************************************************************
    ***************************

    Created By: Sachin Goel


    VPD or Oracle Security Policy

    **** This function generates a condition. Get the Profile value for Profile
    POR_DEFAULT_RATE_TYPE. ****
    **** If Profile Value is null, nothing to restrict, so return 1=1 else
    restrict by Conversion Type. ****
    *****************************************************************************
    **************************/

    l_concurrent_program_id:=fnd_global.CONC_PROGRAM_ID;
    l_resp_name:=FND_GLOBAL.RESP_NAME;

    l_profile_value := fnd_profile.VALUE ('POR_DEFAULT_RATE_TYPE');

    IF l_profile_value IS NULL OR upper(l_resp_name) LIKE 'CITI%GL%WEB%ADI%'


    THEN
    l_predicate := '1=1';
    ELSE
    l_predicate := 'Conversion_Type =' ||
    chr(39)||l_profile_value||chr(39);
    END IF;

    RETURN l_predicate;
    END xxcgl_rates_sec;

    ***********************************END SCRIPT***************************************

    Above script sets the default where on the basis of profile (POR_DEFAULT_RATE_TYPE) value on
    GL_DAILY_RATES table.

    Commands to add or drop a policy: -


    DBMS_RLS.ADD_POLICY (
    object_schema IN VARCHAR2 := NULL,
    object_name IN VARCHAR2,
    policy_name IN VARCHAR2,
    function_schema IN VARCHAR2 := NULL,
    policy_function IN VARCHAR2,
    statement_types IN VARCHAR2 := NULL,
    update_check IN BOOLEAN := FALSE,
    enable IN BOOLEAN := TRUE);

    ADD_POLICY Procedure Parameters

    Parameter Description
    object_schema Schema containing the table or view (logon user, if NULL).

    object_name Name of table or view to which the policy is added.

    policy_name Name of policy to be added. It must be unique for the same table or view.

    Created By: Sachin Goel


    VPD or Oracle Security Policy

    function_schema Schema of the policy function (logon user, if NULL).

    policy_function Name of a function which generates a predicate for the policy. If the function
    is defined within a package, then the name of the package must be present.
    statement_types Statement types that the policy will apply. It can be any combination of
    SELECT, INSERT, UPDATE, and DELETE. The default is to apply to all of these
    types.
    update_check Optional argument for INSERT or UPDATE statement types. The default is
    FALSE. Setting update_check to TRUE causes the server to also check the
    policy against the value after insert or update.
    enable Indicates if the policy is enabled when it is added. The default is TRUE

    Example: -
    DBMS_RLS.ADD_POLICY (
    'APPS' ,
    'GL_DAILY_RATES',
    'XXCGL_DAILY_RATES_SEC',
    'APPS',
    'XXCGL_RATES_SEC');

    DBMS_RLS.DROP_POLICY (
    object_schema IN VARCHAR2 := NULL,
    object_name IN VARCHAR2,
    policy_name IN VARCHAR2);

    DROP_POLICY Procedure Parameters

    Parameter Description
    object_schema Schema containing the table or view (logon user if NULL).

    object_name Name of table or view.

    policy_name Name of policy to be dropped from the table or view.

    Example: -

    Created By: Sachin Goel


    VPD or Oracle Security Policy

    DBMS_RLS.DROP_POLICY(
    'APPS',
    'GL_DAILY_RATES',
    'XXCGL_DAILY_RATES_SEC');

    Created By: Sachin Goel

    S-ar putea să vă placă și