Skip to main content

Virtual Private Database: Beyond the Basics

Virtual Private Database (VPD), also referred to as row-level security or RLS, is a feature built into the Oracle Database that allows you to set up security policies on tables that restrict which rows a user can see or change based on the policy logic.

One of the nicest things about VPD is that this logic (and the fact that a filter is being applied) is completely invisible to the user. They just see the data relevant to them and none the wiser about all that other data in the data.

Here's a simple example to drive the point home: suppose I am building a health care application and it contains a patients table. The security policy is straightforward:
  • A patient can only see their own information.
  • A doctor can see only the information about their own patients.
  • A clinic administrator can see information only about the patients in their clinic.
In all three cases, the user would sign on to the application and execute this identical query and only their rows would appear.

SELECT * FROM patients

Of course, there are lots of different and very interesting aspects to setting up your policies. Back on March 3, 2020, Praveen Kumar of Wipro shared his thoughts about VPD with 100 developers on PL/SQL Office Hours.

He ran out of time before he could explore some of the more interesting challenges and beyond-the-basics features, so we are bringing him back on May 5th at 11 AM Eastern to complete his thoughts! We hope you'll join us. We encourage you to watch last session's video beforehand to get the most out of the May session.

Our Presenter: Praveen Kumar of Wipro

Parveen Kumar is a Java and Oracle Developer with Wipro, based in the UK. He has over eight years experience focused mainly on developing and designing applications using Oracle Database as a primary database. He aims to keep the business logic inside the database and expose data through PL/SQL APIs.

Parveen has in various projects taken advantage of native support for XML, JSON and Object datatypes, SOAP/REST APIs for Web Programming and security features like VPD/RLS, Oracle Wallet for Web APIs and other features which provide true fine grained access to different types of users.

In the May Office Hours session, Praveen will cover these topics and maybe even some more:
  • Policy Groups and how they work and provide better control
  • Application roles in conjunction with VPD more detail
  • Performance issues and analyzing and fixing them
  • Drawbacks and real-time challenges of working with VPDs 
  • Maintenance of VPD policies
Follow this link to subscribe to my monthly PL/SQL Office Hours program, so that you will receive email reminders for this and future sessions.

You can also view recordings of the dozens of past sessions, including:


Labels:

Comments

Post a Comment

Popular posts from this blog

Why DBMS_OUTPUT.PUT_LINE should not be in your application code

A database developer recently came across my  Bulletproof PL/SQL  presentation, which includes this slide. That first item in the list caught his attention: Never put calls to DBMS_OUTPUT.PUT_LINE in your application code. So he sent me an email asking why I would say that. Well, I suppose that is the problem with publishing slide decks. All the explanatory verbiage is missing. I suppose maybe I should do a video. :-) But in the meantime, allow me to explain. First, what does DBMS_OUTPUT.PUT_LINE do? It writes text out to a buffer, and when your current PL/SQL block terminates, the buffer is displayed on your screen. [Note: there can be more to it than that. For example, you could in your own code call DBMS_OUTPUT.GET_LINE(S) to get the contents of the buffer and do something with it, but I will keep things simple right now.] Second, if I am telling you not to use this built-in, how could text from your program be displayed on your screen? Not without a lot o...
4 comments
Read more

The future of Oracle PL/SQL: some thoughts on Sten Vesterli's thoughts

Sten Vesterli published a very thought-provoking post on his blog: Please stop reading this post, and read that one. When you are done, come on back here for my thoughts on Sten's thoughts. OK. You read it. Here we go. First, thanks, Sten, for being such an interesting, wise, sometimes provocative voice in our community. Next, Sten writes: Now, on the one hand, I certainly agree that the vast majority of young developers are currently caught up in the modern version of a Gold Rush, which is: "Build an app using JavaScript, pay no attention to that database behind the curtain." But I can assure you that I still do meet young PL/SQL programmers, regularly, when I am at conferences and doing onsite presentations at companies. So, young person who writes PL/SQL: do not be afraid! You are not alone! And you are super-smart to have made the choice you did. :-) Next, Sten offers this advice to managers: I agree that PL/SQL is a "spec...
46 comments
Read more

Table Functions, Part 1: Introduction and Exploration

Please do feel encouraged to read this and my other posts on table functions, but you will learn much more about table functions by taking my Get Started with PL/SQL Table Functions class at the Oracle Dev Gym. Videos, tutorials and quizzes - then print a certificate when you are done! Table functions - functions that can be called in the FROM clause of a query from inside the TABLE operator - are fascinating and incredibly helpful constructs. So I've decided to write a series of blog posts on them: how to build them, how to use them, issues you might run into. Of course, I am not the first to do so. I encourage to check out the  documentation , as well as excellent posts from Adrian Billington (search for "table functions") and Tim Hall . Adrian and Tim mostly focus on pipelined table functions, a specialized variant of table functions designed to improve performance and reduce PGA consumption. I will take a look at pipelined table functions in the latter part...
31 comments
Read more