Virtual Private Database
is a type of fine-grained access control using security policies. Fine-grained access control
in Virtual Private Database means that access to data can be controlled down to specific rows as defined by the security policy.
In Advanced Server, the policy function can be written in any language supported by Advanced Server such as SQL and PL/pgSQL in addition to SPL.
The database objects currently supported by Advanced Server Virtual Private Database are tables. Policies cannot be applied to views or synonyms.
The only way security policies can be circumvented is if the EXEMPT ACCESS POLICY
system privilege has been granted to a user. The EXEMPT ACCESS POLICY
privilege should be granted with extreme care as a user with this privilege is exempted from all policies in the database.
package provides procedures to create policies, remove policies, enable policies, and disable policies.