Virtual Private Database in Oracle Enterprise 11g

Oracle Enterprise Database11g has the Virtual Private Database feature to provide security features to your database. Virtual Private Database or VPD is very useful in situations when associated database roles and standard object privileges cannot provide application security requirements. You can set the Virtual Private Database policies to be simple or complex depending upon the amount of security
you need to provide to the database.

You can create a secure virtual private database to keep it safe from unauthorized access. Virtual private database is used in environment where multiple users access the same database and only specific information should be available to each group. The best way to secure your virtual private database is to implement security features during its creation or designing. The level of security is very high as you secure your database instead of controlling it with some other application.

Best way is to associate security policies with the views and tables of the database. It is designed in such a way that security policy is implemented whether you access the data directly or indirectly. What is more? You can also define security policies for a set of statements that eliminates the need to develop security policies individually for all statements. It is also possible to apply multiple policies for a group of views, synonym or tables.

A new feature known as Column Masking is also used with Virtual Private Database which overcomes the drawbacks of Column relevance. Main problem with column level Virtual Private Database security was that it restricted the rows that contains data for sensitive columns. However, with column masking the data of all such rows is displayed where the sensitive columns have null value. This way more information is available for the authorized users and only the sensitive information is hidden.

Virtual Private Database can be made more secure by providing security at the column or row level by combining VPD with application context feature. Providing security at such deep levels was termed as fine-grained access control or FGAC where you can secure a row or column separately also. Whenever a DML or DDL query is initiated by the user Oracle Database dynamically modifies the query before data retrieval or data manipulation. However, the user is unaware of the security procedures followed at back end, as it is transparent for users and whenever he or she access the data only the authorized information is shown. Moreover, you need not to modify your application code whenever you want to change any of the security policies. Just change the Virtual Private Database policies to grant or deny access to any part of database. Irrelevant of the fact that you use any source to connect to the database, that is, whether you use an application, SQL or web interface, there is no way by which your application security can be infected.

Various other types of VPD policy types such as Static, Shared and Context-Sensitive are also used to provide a better level of security. You may use context-sensitive and static policies to secure multiple database objects. Shared policies would save your overheads on re-executing policy functions repetitively for every query.