Implementing row-level access policies
Implementing row-level access is probably the most common form of security controls applied using VPD. It prevents rows from being returned that do not meet the condition defined in policy function, and is activated in any condition regardless of the columns participating in the statement.
In this recipe we will create a new table EMPLOYEES_REG_DATA_VPD
in the HR
schema, based on the VIEW_REG_DATA
definition created in the previous recipe. Next, we will create a policy function that will limit the data that is returned by dynamically applying a region restriction through the application context HR_REGVIW_CONTEXT
.
Basically we recreate the scenario used in the previous recipe, but this time using VPD components.
Getting ready
All steps in this recipe will be performed on the database HACKDB
.
How to do it...
As the user
HR
create a tableEMPLOYEES_REG_DATA_VPD
as follows:SQL> CREATE TABLE EMPLOYEES_REG_DATA_VPD AS SELECT E.FIRST_NAME, E.LAST_NAME...