146 | Chapter 6: Oracle Security, Auditing, and Compliance
Policies are created and applied, sensitivity labels are defined, and user labels are set
and authorized through a policy manager tool accessible through EM. You can also
add SQL predicates and label functions and manage trusted program units, Oracle
VPD fine-grained access control policies, and VPD application contexts. Label Security
policy management is possible in Oracle Database 10g and later versions when
the Oracle Internet Directory is also used.
Security and Application Roles and Privileges
Applications can involve data and logic in many different schemas with many different
privileges. To simplify the issues raised by this complexity, roles are frequently
used in applications. Application roles have all the privileges necessary to run the
applications, and users of the applications are granted the roles necessary to execute
them.
Application roles may contain privileges that should be granted to users only while
they??™re running the application. Application developers can place a SET ROLE command
at the beginning of an application to enable the appropriate role and disable
others only while the application is running.
Pages:
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330