background preloader

VPD

Facebook Twitter

11g Securirty Guide. BK - Blog - Oracle ADF and Virtual Private Database. As you probably know, Oracle ADF is a complete JEE application development framework from Oracle. It is targetted at companies that already have an Oracle Database and perhaps legacy applications developed with Oracle’s “Forms” technology. The client I’m working for at the moment is such a company, and we’re developing an application in ADF that is going to replace (a part of) their Forms application eventually.

One would expect a framework designed by Oracle for use with an Oracle database to have excellent support for specific features of the Oracle database. For a lot of features this is true, but at my client’s, we were unlucky to have chosen to use a database feature that is not supported that well in ADF. That is: “out of the box”. With a lot of “trial and error” and some help from some experts at the forum on Oracle’s Technology Network, I managed to get it working.

Read on to find out what problems I encountered and how I solved them. The problem Sessions Refresh the view Ok. Vpd_otn (10gr2) 14 Implementing Application Context and Fine-Grained Access Cont. Application context can be implemented with fine-grained access control as part of Virtual Private Database (VPD) or by itself to provide application developers a way to define, set, and access application attributes. When used alone, application context can serve as a secure data cache, saving the overhead of multiple queries to the database each time an application needs to access application attributes. This chapter discusses how to implement application context and fine-grained access control. It contains the following topics: About Implementing Application Context Application context can be used for the following purposes: Enforce fine-grained access controlPreserve user identity across multitier environmentsServe as a secure data cache, saving the overhead of multiple queries to the database each time an application needs to access application attributes There are two types of application contexts, depending on where the context information is stored: How to Use Application Context.

DBMS_RLS. The DBMS_RLS package contains the fine-grained access control administrative interface. Dynamic Predicates The functionality to support fine-grained access control is based on dynamic predicates, where security rules are not embedded in views, but are acquired at the statement parse time, when the base table or view is referenced in a DML statement.

A dynamic predicate for a table or view is generated by a PL/SQL function, which is associated with a security policy through a PL/SQL interface. For example: DBMS_RLS.ADD_POLICY ( 'scott', 'emp', 'emp_policy', 'secusr', 'emp_sec', 'select'); Whenever EMP table, under SCOTT schema, is referenced in a query or subquery (SELECT), the server calls the EMP_SEC function (under SECUSR schema). The server then produces a transient view with the text: SELECT * FROM scott.emp WHERE P1 Here, P1 (e.g., SAL > 10000, or even a subquery) is the predicate returned from the EMP_SEC function. Security Usage Notes Table 41-1 DBMS_RLS Subprograms ADD_POLICY procedure. DBMS_RLS. Virtual Private Database.