Search

Top 60 Oracle Blogs

Recent comments

Oracle VPD as a safeguard for DML

A new blog post on the Databases at CERN blog about using VPD Row-Level Security (DBMS_RLS) as a safeguard for the privileged users who need to bypass the application and run SQL directly: https://db-blog.web.cern.ch/blog/franck-pachot/2018-12-oracle-vpd-safeguard-dml

Of course, your data should be guarded behind a hard shell (See Bryn Llewellyn presentation https://community.oracle.com/docs/DOC-1018915) but there may be some exceptional reasons to directly modify data with SQL because some information was not originally supposed to be changed, and then the application has no GUI or API for this. If all security was implemented through the application, everything is now possible when directly connected and a mistake (like a where clause predicate lost in ac copy-paste) can be critical. Flashback features are awesome to react to this kind of error, but VPD rules can be used as a proactive safeguard by allowing, by default, only a subset of data to be touched.

Oracle VPD as a safeguard for DML