The security policy would return a WHERE clause, based on a particular representative??™s
responsibilities, that limits the rows returned. You can keep the range for each
representative in a separate table that is dynamically queried as part of the security
policy function. This simplifies management of allowable access if roles and responsibilities
change frequently.
You can associate a security policy with a particular view or table by using the builtin
PL/SQL package DBMS_RLS, which also allows youto refresh, enable, or disable
a security policy.
Oracle Database 10g and newer database releases feature a VPD that is even more
fine-grained, enabling enforced rewrites when a query references a specific column.
Performance of queries in VPD implementations is also improved in Oracle Database
10g through the support of parallel query. Fine-grained security can also be
based on the type of SQL statement issued. The security policy previously described
could be used to limit UPDATE, INSERT, and DELETE operations to one set of
data, but allow SELECT operations on a different group of data.
Pages:
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328