One of the nicest things about VPD is that this logic (and the fact that a filter is being applied) is completely invisible to the user. They just see the data relevant to them and none the wiser about all that other data in the data.
Here's a simple example to drive the point home: suppose I am building a health care application and it contains a patients table. The security policy is straightforward:
A patient can only see their own information.
A doctor can see only the information about their own patients.
A clinic administrator can see information only about the patients in their clinic.
In all three cases, the user would sign on to the application and execute the same query:
SELECT * FROM patients
and only their rows would appear.
Of course, there are lots of different and very interesting aspects to setting up your policies.
The documentation for VPD provides many details for a successful implementation, but there's not substitute for real world experience. That's what you'll hear about in our March 3, 2020 10 AM Eastern PL/SQL Office Hours session from AskTOM.
Our Presenter: Praveen Kumar of WiproParveen Kumar is a Java and Oracle Developer with Wipro, based in the UK. He has over eight years experience focused mainly on developing and designing applications using Oracle Database as a primary database. He aims to keep the business logic inside the database and expose data through PL/SQL APIs. He has in various projects taken advantage of native support for XML, JSON and Object datatypes, SOAP/REST APIs for Web Programming and security features like VPD/RLS, Oracle Wallet for Web APIs and other features which provide true fine grained access to different types of users.
In the March Office Hours session, Praveen will show how Virtual Private Database functionality can be applied across an entire application to control what end users can see based on their role/access level. The business driver for this use of VPD is to ensure appropriate access to the sensitive/financial data in the application.
Follow this link to subscribe to my monthly PL/SQL Office Hours program, so that you will receive email reminders. You can also view recordings of the dozens of past sessions, including: