This action might not be possible to undo. Are you sure you want to continue?
We will start momentarily Phones have been muted for recording purposes
Pressing #5 will un-mute (during Q&A) Pressing #5 again will place line back on mute
Avoid chat sessions during the presentation
Chats may be leveraged at the end of the presentation for Q&A
Please hold questions until the appropriate time
This presentation is being recorded
Submit presentation topics by e-mail to firstname.lastname@example.org
Subject - Topic Submission: <Topic> Include 3-4 line abstract and desired presentation date
<Insert Picture Here>
(System Performance & Architecture Rapid Knowledge Sharing)
Overview of Virtual Private Database
System Performance & Architecture
What is VPD? History of VPD Why use VPD? VPD components Enforcement and Exceptions Examples with Dynamic and Static Policies Benefits of using VPD Drawbacks of using VPD Acknowledgements Review
What is VPD?
views or synonyms Sometimes referred to as Oracle Row-Level Security (RLS) or Fine Grained Access Control (FGAC) Allows to define which rows users may have access to .What is VPD? Acronym for Virtual Private Database VPD enables you to enforce security. directly on tables.
History of VPD .
History of VPD Oracle VPD was introduced in Oracle 8i Version 8.5 as a new solution to enforce granular access control of data at server level Dynamically returns a predicate against a target table This activity is transparent to the user executing the SQL .1.
Row Level Security .Fine grained Access Control .VPD support for table and view . the VPD provided the following key features: .History of VPD In Oracle8i.Application Context .
Oracle Policy Manager .History of VPD Oracle9i expanded the Virtual Private Database features as follows: .Partitioned fine-grained access control .VPD support for synonyms .Global application context .
. and therefore reduce administration costs.You can apply a single VPD policy to multiple objects. Shared Policies . Customization . Rewrites only occur when the statement references relevant columns.With the introduction of four new types of policies. This feature also leads to more privacy.It increases performance by limiting the number of queries that the database rewrites.History of VPD Oracle 10g makes the following three enhancements in Virtual Private Database: major Column-Level Privacy . you can customize VPD to always enforce the same predicate with a static policy or you can have VPD predicates that change dynamically with a non-static policy.
.History of VPD 11g provides integration for Enterprise manager for Row Level Security Policies.
Why use VPD? .
Why use VPD? Protect confidential and secret information Regulations such as HIPAA and SOX You can have one database and control the delivery of the data to the right people VPD inclusive with Enterprise Edition ± no fees .
VPD Components .
VPD Components Application Context PL/SQL Function Security Policies .
Username Gathers information using Dbms_session.Application Context Holds environmental variables .Application name .set_context .
to ensure that the policy can call the function correctly Function returns a value .PL/SQL Function Functions are used to construct and return the Predicates that enforce the row-level security The function must be called in the correct standard.
Security Policies Static Non-Static Dynamic (Default) .
and the resulting string (the predicate) is stored in the Shared Global Area (SGA).Security Policies (Static) STATIC The policy function is executed once. .
Security Policies (Non-Static) SHARED_STATIC Allows the predicate to be cached across multiple objects that use the same policy function. .
.Security Policies (Non-Static) CONTEXT_SENSITIVE The server always executes the policy function on statement parsing. This makes it ideal for connection pooling solutions that share a database schema and use application contexts to actually perform the user identity switching. The server will only execute the policy function on statement execution if it detects context changes.
.Security Policies (Non-Static) SHARED_CONTEXT_SENSITIVE The same as CONTEXT_SENSITIVE except that the policy can be shared across multiple objects that use the same policy function.
which makes no assumptions about caching. This policy will be invoked every time the SQL statement is parsed or executed .Security Policies (Dynamic) DYNAMIC The default.
Enforcement and Exceptions .
are exempt from VPD enforcements Administrators can enforce VPD policies on index maintenance operations by specifying INDEX with the statement_types parameter .Enforcement and Exceptions VPD is not enforced during DIRECT path export VPD policies cannot be applied to objects in the SYS schema Any users with EXEMPT ACCESS POLICY directly or indirectly thru a role.
Examples of Dynamic and Static Policies .
Create user Create user . SQL> create user pattani 2 identified by pattani 3 default tablespace users 4 temporary tablespace temp 5/ User created.Example of Dynamic Policy SQL> create user vpd 2 identified by vpd 3 default tablespace users 4 temporary tablespace temp 5/ User created.
Grant succeeded. Grant succeeded.emp to pattani. Grant succeeded.pattani.resource to vpd. SQL> grant execute on dbms_rls to vpd.vpd. SQL> grant select on scott. .Example of Dynamic Policy SQL> grant connect.
Example of Dynamic Policy SQL> connect vpd/vpd Connected. Table created. ENAME DEPTNO ---------. SQL> create table vpd_ply as select ename.deptno from scott. .emp.---------SMITH 20 ALLEN 30. SQL> select * from vpd_ply.
. SQL> commit.Example of Dynamic Policy SQL> insert into vpd_ply values('PATTANI'.30). 1 row created. 4 p_table in varchar2 5) 6 return varchar2 7 as 8 l_retstr varchar2(2000). Commit complete. SQL> create or replace function fun_vpd_emp 2( 3 p_schema in varchar2.
. 20 end loop. 12 else 13 for user_rec in 14 ( 15 select deptno 16 from vpd_ply 17 where ename = user 18 ) loop 19 l_retstr := l_retstr||'.'||user_rec.deptno.Example of Dynamic Policy 9 begin 10 if (p_schema = user) then 11 l_retstr := null.
Example of Dynamic Policy 21 l_retstr := ltrim(l_retstr. . 29 end. 27 end if. 22 if (l_retstr is null) then 23 l_retstr := '0=1'. 24 else 25 l_retstr := 'DEPTNO IN ('||l_retstr||')'. 28 return l_retstr.'). Grant succeeded.'. 30 / Function created. SQL> grant execute on fun_vpd_emp to public. 26 end if.
10 end. 8 statement_types => 'SELECT' 9 ).Example of Dynamic Policy SQL> connect vpd/vpd SQL> begin 2 dbms_rls. 6 function_schema => 'VPD'.add_policy ( 3 object_schema => 'SCOTT'. 11/ . 4 object_name => 'EMP'. 5 policy_name => 'EMP_DEPTNO_PLY_1'. 7 policy_function => 'FUN_VPD_EMP'.
12 / .add_policy ( 3 object_schema => 'SCOTT'. 5 policy_name => 'EMP_DEPTNO_PLY_2'. 9 update_check => TRUE 10 ).Example of Dynamic Policy SQL> begin 2 dbms_rls. UPDATE. 11 end. 7 policy_function => 'FUN_VPD_EMP'. 8 statement_types => 'INSERT. 6 function_schema => 'VPD'. DELETE'. 4 object_name => 'EMP'.
emp where deptno<>30. 0 rows deleted.Example of Dynamic Policy Login as Scott user SQL> select count(*) from emp. COUNT(*) ---------14 Login as pattani user SQL> select count(*) from scott. SQL> update scott. 6 rows updated.emp.emp set sal=sal+100. . COUNT(*) ---------6 SQL> delete from scott.
10).ename.Example of Dynamic Policy SQL> insert into scott.ename.deptno) values (9999.emp(empno.emp(empno.'VPD'. insert into scott.'VPD'.deptno) values(9999.10) * ERROR at line 1: ORA-28115: policy with check option violation .
begin return 'empno = 7934'.Example with Static Policy As Scott user CREATE OR REPLACE function pol_func (objowner in varchar2. / . / CREATE OR REPLACE FUNCTION myUpper (var in VARCHAR2) RETURN VARCHAR2 DETERMINISTIC AS BEGIN RETURN UPPER(var). END. objname in varchar2) return varchar2 as deptno number. end.
20)) * ERROR at line 1: ORA-28133: full table access is restricted by fine-grained security .20)) .object_name => 'EMP'.1.1.policy_function => 'pol_func'.policy_name => 'pol1'. SQL> CREATE INDEX emp_i ON scott.emp (SUBSTR(myupper(ename). CREATE INDEX emp_i ON scott.function_schema => 'SCOTT'. As scott user when trying to create an index when index is also part of statement_type following error is raised.statement_types => 'select.emp (SUBSTR(myupper(ename).update_check => true). index'.Example with Static Policy As System or sys user exec dbms_rls.add_policy (object_schema => 'SCOTT'.
Benefits of using VPD .
as well as stack them on other base polices. No backdoors Users can no longer bypass security polices embedded in applications.Benefits of using VPD Dynamic Security No need to maintain complex roles and grants Multiple Security You can place more than one policy on each object. as they are attached to the data .
Drawbacks of using VPD .
This adds maintenance and overhead Hard to audit It is hard to write an audit script that defines the exact access for each user .Drawbacks of using VPD Requires Oracle User ID VPD requires that an Oracle user Id be defined to every person who connects to the database.
VPD Summary .
or synonym-based applications. another for INSERT statements. view-. or synonym means that you make the addition only once. Simplicity Adding the security policy to the table. finegrained access control ensures that the same security is in force. or synonyms. no matter how a user accesses the data. Flexibility You can have one security policy for SELECT statements. . view. and still others for UPDATE and DELETE statements. rather than repeatedly adding it to each of your table-. views.VPD Summary Security By attaching security policies to tables.
Review VPD Evolution Various VPD Components Pros and Cons of VPD .
Acknowledgements Avadhani Yanamandra Peter Shi Sameer Mehta Winston Shirley .
oracle.htm (Oracle security papers) .10G: Policy Enforced Only When the Relevant Column is Queried in Any Way Metalink article 281829.Evolution of Fine Grain Access Control FGAC Feature From 8i to 10g and it has lots of links to FGA http://asktom.1 .com/orasec.petefinnigan.1 .com http://www.References Oracle® Database Security Guide Documentation VPD White Papers Metalink article 250795.
Visit us at http://my.oracle.com/SPARKS for additional details and archived presentations .
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.