Examples: Creating Oracle Virtual Private Database Policies
object_name policy_name function_schema policy_function statement_types END; /
=> => => => =>
'orders_tab', 'orders_policy', 'sysadmin_vpd', 'get_user_orders', 'select');
This statement creates a policy named orders_policy and applies it to the orders_ tab table, which customers will query for their orders, in the SCOTT schema. The get_user_orders function implements the policy, which is stored in the sysadmin_vpd schema. The policy further restricts users to issuing SELECT statements only.
Step 7: Test the New Policy 1.
Log on as user tbrooke. CONNECT tbrooke Enter password: shop2drop Connected.
User tbrooke can log on because he has passed the requirements you defined in the application context. 2.
As user tbrooke, access your purchases. SELECT * FROM scott.orders_tab; VALUES -----9876
User tbrooke has passed the second test. He can access his own orders in the scott.orders_tab table. 3.
Log on as user owoods, and then access your purchases. CONNECT owoods Enter password: loads4me SELECT * FROM scott.orders_tab VALUES -----5432 4592
As with user tbrooke, user owoods can log on and see a listing of his own orders. Note the following about this example: â–
â–
You can create several predicates based on the position of a user. For example, a sales representative would be able to see records only for his customers, and an order entry clerk would be able to see any customer order. You could expand the custnum_sec function to return different predicates based on the user position context value. The use of an application context in a fine-grained access control package effectively gives you a bind variable in a parsed statement. For example: SELECT * FROM orders_tab Using Oracle Virtual Private Database to Control Data Access 8-27