Creating column-level policies
When you create a column-level VPD policy, you define sensitive columns, and if those columns are referenced in a query, statement will be rewritten. To create a column-level VPD policy, you also use the DBMS_RLS.ADD_POLICY
procedure.
Getting ready
See the Getting ready section for the first recipe in this chapter. Results shown in this recipe assume that you completed previous recipes in this chapter.
How to do it...
- Connect to the database as a user who has appropriate privileges (for example, the user
maja
):$ sqlplus maja
- Create a VPD policy (for example,
test_col
) that protects thehr.emp_vpd_test
table in the following way: it defines thatsalary
andcomm_pct
are sensitive columns and a user can access them only if he or she has theHREMP_TEST
role (therole_access
policy function). - Grant the role
HREMP_TEST
to userzoran
:SQL> grant HREMP_TEST to zoran;
- Connect to the database as the user
zoran
and view data in the tablehr.emp_vpd_test
. - Connect to...