Security :: How To Implement Row And Column Level Vpd Simultaneously
May 4, 2011
--here's my set up
CREATE USER schemaowner IDENTIFIED BY schemaowner
DEFAULT TABLESPACE users TEMPORARY TABLESPACE temp;
GRANT connect, resource TO schemaowner;
CREATE USER user1 IDENTIFIED BY user1
DEFAULT TABLESPACE users TEMPORARY TABLESPACE temp;
GRANT connect, resource TO user1;
[Code] .....
my desired outcome for user 1
user1> select * from schemaowner.user_data;
user_id column1
1 USER1
my desired outcome for user2 are as follow:
user1> select * from schemaowner.user_data;
user_id column2
2 TESTER 2
the nearest solution is from with reference to [URL]
Quote:
Adding Policies for Column-Level VPD
....
SELECT ENAME, d.dname, JOB, SAL, COMM from emp e, dept d
WHERE d.deptno = e.deptno;
the database returns a subset of rows as follows:
ENAME DNAME JOB SAL COMM
-------------- -------------- ------------ ------------ -------------
ALLEN SALES SALESMAN 1600 300
WARD SALES SALESMAN 1250 500
MARTIN SALES SALESMAN 1250 1400
BLAKE SALES MANAGER 2850
TURNER SALES SALESMAN 1500 0
JAMES SALES CLERK 950
so how do I implement roll level and column level simultaneously?
View 3 Replies
ADVERTISEMENT
Apr 28, 2011
I have tried to implement RLS policy of oracle.I have two Schema X1 & X1_DBA.
I have created the emp table in X1_DBA create table emp(empid number,ename varchar2(10),deptno number) and inserted some rows into the Table. i have created the below function in X1_DBA schema & Given Select Privilege to X1.
CREATE OR REPLACE FUNCTION no_dept10(
p_schema IN VARCHAR2,
p_object IN VARCHAR2)
RETURN VARCHAR2
[code]...
When i Add the Policy in X1_DBA.schema i am getting the Error as Table does not exist
SQL> BEGIN
2 DBMS_RLS.add_policy
3 (object_schema => 'X1',
4 object_name => 'EMP',
[code]...
ORA-00942: table or view does not exist
ORA-06512: at "SYS.DBMS_RLS", line 20
ORA-06512: at line 2
View 7 Replies
View Related
May 14, 2010
I have a data like,
1) manual_temp_master
auto_idbatch_id sec_idsec_id_type crrncy_cdcreate_Dt price_dt
------------------------------------------------------------------
11234ABC1CUSIPUSD14/05/201014/05/2010
23456XYZ1SEDOLGBP13/05/201013/05/2010
2)manual_temp_detl
auto_idbatch_id Price_bkt_cdscreate_Dtprice_date
---------------------------------------------------------
11234PS114/05/201014/05/2010
11234PS214/05/201014/05/2010
11234PS314/05/201014/05/2010
11234PS414/05/201014/05/2010
[code]....
I want to write a sql query which will fetch the data from manual_temp_master and manual_temp_detl.But from manual_temp_detl table, Price_bkt_cds columns should be displayed as columns. Like the should look like as below:
sec_idsec_id_type crrncy_cd COL_PS1 COL_PS2 COL_PS3 COL_PS4 COL_PS5COL_PS6price_date
--------------------------------------------------------------------------------------
ABC1CUSIPUSDPS1PS2PS3PS4PS5PS614/05/2010
XYZ1SEDOLGBPPS1PS2PS3PS4PS5PS613/05/2010
View 8 Replies
View Related
Apr 27, 2012
We have recently upgraded our DR environment from 9i to 11g. We have auditing turned on for 3 tables.
On 9i, AUD$ table size is 11G for 12 months and the upgraded 11g environment has 9G in 2 days....
Below is the sql statement we used to turn on auditing on these tables.
audit select,update,delete on audit_Test2 by session;
Opened SR with Oracle, but no proper response from them...
what changes we need to do in order to reduce the amount of audit data on these tables in 11g?
View 8 Replies
View Related
Dec 17, 2012
I have 4 tables , Certain users need to (Select ,insert,delete) certain rows only based on nApplication id
All the tables have Application Id , Based on this application id user will (Select ,insert,delete)
I tried row level security DBMS_RLS.add_policy but it hangs every time when i query the data or when i try to drop the policy. Is there is any method to resolve this issue.
If only Row level security will solve this issue , give me some example
View 18 Replies
View Related
Nov 12, 2006
I have the following questions :
1. After creating a view, how do I associate that view with certain level of security. As in, only a few users must be allowed to access that view.
2. How can I create a new user-login and password for my database application?
View 1 Replies
View Related
Apr 26, 2013
Our client is having requirements that data should be encrypted through-out the process (from transaction level to backup level).
Requirements are as below -
1) Data should be encrypted and can be access only through application (through front end).
2) Even if pl/sql, sql installed, developer user cannot able to fetch data from database.
3) Even DBA, should not have access to fetch the data from the database.
4) Only assigned DBA, should fetch details from database (provided he/she should have details of database as well as application's user / password).
5) It should be restricted by ip and user details (such as ip of application server with user/password of user).
6) Changes should be purely done from database level only.
View 5 Replies
View Related
Nov 3, 2010
I'm trying to drop a user but it gives me below error message-
SQL> drop user <username> cascade;
ERROR at line 1:
ORA-00604: error occurred at recursive SQL level 1
ORA-24005: must use DBMS_AQADM.DROP_QUEUE_TABLE to drop queue tables
However when i check from dba_queue_tables or user_queue_tables it doest show any queue tables.
View 6 Replies
View Related
May 29, 2011
I need to implement the foreign key on a column of a table from 2 tables. My requirement is in bellow.
drop table t1;
create table t1 (slno number, acc_no number);
drop table t2;
create table t2 (acc_no number primary key, acc_name varchar2(100));
drop table t3;
create table t3 (acc_no1 number primary key, acc_name1 varchar2(100));
[code]...
It is provided that the values of acc_no in t2 and acc_no1 in t3 are unique.Now it required that while inserting into t1 , the system will check either t2 or t3 tables.
View 7 Replies
View Related
Jan 25, 2009
I am trying to update the security_level of a mission to the highest security level of missions of the same type.
Attributes of the missions table:
mission_id, code_name, mission_type_id, mission_date, security_level
The following is an intermediate output.
MISSION_ID MISSION_TYPE_ID SECURITY_LEVEL
318 3 6
329 3 2
286 5 6
521 5 3
281 6 4
396 7 3
331 8 4
14 9 4
230 9 0
486 10 2
The maximum output for each mission_type_id
MAX_LEVEL TYPE
6 3
6 5
4 6
3 7
4 8
4 9
2 10
According to this 3 records (329,521 and 230) should update.
But my code returns an error.
ERROR at line 4:
cannot update (......"SECURITY_LEVEL") to NULL
this is my code
UPDATE
AM_X_442_2 amx
SET
Amx.SECURITY_LEVEL =
(
select
max_level
[code].........
I have intended the query to make it legible but it removes all spaces.
View 8 Replies
View Related
Feb 9, 2013
The below query returns level and other selected columns. I need to get the max(level) 2nd column value in the below example.How to modify the query?
Ex
Level max(level) id
1 5 101
1 5 102
1 5 103
2 5 104
2 5 105
3 5 107
4 5 120
5 5 134
5 5 280
SELECT DISTINCT level lvl
,form_frms.emp_id
,form_frms.ing_emp_id
,form_frms.prve_id
,CASE
WHEN (select div_dn
[code].......
View 5 Replies
View Related
Jul 4, 2012
i am using 10.2.0.1.0 version of oracle.
I have gathered frequency histogram manually on one of my column of a table to provide more information to optimizer for better calculation of cardinality.
Now i have my weekend job runs for gathering stats on schema level with method_opt as 'For all column size repeat'. But i don't want the stats of above column to be overridden by the stats job. I don't want to lock the statistics of whole table, but i just want to lock the column level stats for this table.
View 7 Replies
View Related
Dec 24, 2010
through Difference between table Level, column Level ,row level constraints.
View 8 Replies
View Related
Mar 29, 2010
I need to identify the dependencies of all the Tables on Packages at column level.
E.g. : XYZ is a package that uses ABC Table having E,F,G has a column, PQR - Table and its columns - R,S,T
The resultant query / code should return like this
PackageName TableName ColumnName
XYZ ABC E
XYZ ABC F
XYZ ABC G
XYZ PQR R
XYZ PQR S
XYZ PQR T
Identify the dependencies at column level.
View 5 Replies
View Related
Apr 22, 2013
Oracle procedure can run simultaneously?
Here is my concern, my procedure is already running manually and as per schedule time the same procedure will call by other application in the same time, So now procedure can run simultaneously or it will show any error message?
View 3 Replies
View Related
Oct 8, 2010
I have created a form in which I have 2 canvases - content canvas and a tabbed canvas.
I have only 4 fields on the content canvas and the remaining on the tabbed canvas. My requirement is such that the tabbed canvas should appear below the content canvas when I run the form, i.e. the fields on the content canvas will be visible, and below them will be the tabbed canvas.
For the content canvas, I have set the viewportX and viewport Y position as (0,0), and for the tabbed canvas, I have set the viewportX and viewportY position as (0,100). However when I run the form, I only see the tabbed canvas and the area at the top where I should see the contents from the content canvas appear blank.
View 2 Replies
View Related
Jun 26, 2010
I have a question about referencing simultaneously multiple tables and I have the following tables
CREATE TABLE TEAM(team_id VARCHAR2(20), ...);
CREATE TABLE AGENT(agent_id VARCHAR2(20), ...);
(I put ... because there are a lot of columns which are not interesting for this question.)
Remark: team_id and agent_id are neither primary keys nor UNIQUE.
In a third table I have a column with exactly the same data type, that is, VARCHAR2(20). What I need is to make sure that its value is at least in one of the tables TEAM or AGENT (so the only thing that is important is to check that the specified value exists no matter in which of the two tables, but just to make sure that it exists somewhere).
The solution that I have found so far, is to create a BEFORE INSERT trigger on the table. Within the trigger I create a cursor
CURSOR c IS
SELECT team_id FROM TEAM
UNION
SELECT agent_id FROM AGENT;
And then within a loop I check the value.
View 1 Replies
View Related
May 6, 2010
I have problem viewing 2 procedures at the same time... e.g. i open procedure A, edit it, not close it. then i open procedure B from the left pane, and then i cannot see the procedure A... If i look at the File Menu on top left, it has the option of SAVE ALL, and not just SAVE.. that means both the procedures are open. but then why am i not able to see them?
View 6 Replies
View Related
Jun 12, 2013
I am trying to insert data in three tables from three csv files simultaneously. This is what I have so far:
---insert all data from three csv files
DECLARE
--zenobject
F UTL_FILE.FILE_TYPE;
[Code]....
View 5 Replies
View Related
Nov 17, 2010
what is the difference on DBMS_STATS for table level and partition level , which will provide the best optimizer . If the table xxxx is partitioned from 1 to 10 ,then running gather stats on table xxxx as whole table level or partition level which will provide best result on the performance.
View 1 Replies
View Related
Jun 21, 2012
started using APEX recently and am trying to configure the APEX Listener in standalone mode to listen to two databases simultaneously. Is it possible?
View 2 Replies
View Related
Jul 25, 2012
My boss make a requirement in exist database as some user can view salary column at employment table by SQL and some user can view salary column at employment table by SQL.
The boss do not like to make changes front SQL. Ooracle 11g vault or Oracle Label Security is best for this requirement?
my oS is 2008 32 bit window and DB is 11.2.0.1
View 4 Replies
View Related
Sep 12, 2013
I'm writing a VPD function to be used for column masking. The predicate (WHERE-clause) it generates may take many different forms. In particular, it may contain inner-selects; for example,
"exists(select '*' from B where B.VAL = '123' and A.KEY = B.KEY)"
where A is the table that is associated to the VPD function, and B is some other table.
if this is OK for column masking? If not, my VPD function may sometimes work and sometimes fail, in unexpected ways.
The Oracle Database Security Guide (11g Release 1) says
Column-masking conditions generated by the policy function must be simple Boolean expressions, unlike regular Oracle Virtual Private Database predicates".
This seems to indicate that there are cases where a VPD function works for row-level security, but not for column masking.
an example of a 'regular Oracle VPD predicate' that doesn't work for column-masking?
View 5 Replies
View Related
Apr 28, 2011
I'm running a 10.2.0.4 database with auditing enabled:
SQL> show parameter audit_trail;
NAME TYPE VALUE
------------------------------------ -------- -------------
audit_trail string DB, EXTENDED
I have auditing enabled for create session:
SQL> select audit_option, success, failure from dba_stmt_audit_opts;
AUDIT_OPTION SUCCESS FAILURE
---------------------------------------- ---------- ----------
CREATE SESSION BY ACCESS BY ACCESS
My problem is that when I run a report against DBA_AUDIT_SESSION, the CLIENT_ID column is never populated, it's always blank. I've tried running a trigger to populate the client_identifier variable:
create or replace procedure capture_module
as
begin
dbms_session.set_identifier(sys_context('userenv','module'));
end;
/
[code]....
And if I put an access trigger on a table and create an audit event, the CLIENT_ID column from DBA_AUDIT_TRAIL and DBA_COMMON_AUDIT_TRAIL both show the updated value (module), but no matter what, I never get the CLIENT_ID column in DBA_AUDIT_SESSION to show anything - it's always null.
I want to run a report against DBA_AUDIT_SESSION that will tell me who logged in, when they logged in and out, where they logged in from and the one thing I can't get - what module they were running (SQLplus, Toad, etc). Why can't I get the CLIENT_ ID column to take the value I'm setting with the logon trigger?
View 13 Replies
View Related
Jun 12, 2012
I need encrypt column in the table (TDE) with 160 rows (PK) i'd like know what impact if i rn in time production this procedure. And as will be behavior the oracle database if this column is FK.
View 2 Replies
View Related
May 30, 2013
i have a column that contains 1 to 100 values but it has some missed data such as it does not has 50,45,34,23 etc..
so how could i find the missed data alone in a single query..
View 4 Replies
View Related
Jul 19, 2012
I created a test table with 4 columns(id, first_name,last_name, salary-number ) and then alter table to encrypted salary column . everything is OK.
I insert values into test table. However, I still can see salary value by select SQL.
What is wrong?
my db is oracle 11.2.01 in 2008 SP window
newdba
View 7 Replies
View Related
Jan 10, 2011
I would like to encode values in a column using SHA-2 (256 bit encryption). Does 10g support SHA-2 and if so how can i implement this?
View 2 Replies
View Related
Sep 10, 2013
I want to understand the restrictions that apply to VPD functions when used for column masking, compared with their use for Row-Level Security. According to the Oracle Database Security Guide (11g Release 1) Column-masking conditions generated by the policy function must be simple Boolean expressions, unlike regular Oracle Virtual Private Database predicates.
I have long understood the above as implying that column-masking conditions should not contain sub-queries (i.e. inner selects). However, we tested using a condition with a select inside another select (2-level nesting) and yet it worked. We were on 11g Release 2, by the way. So, I wonder about using sub-queries in column-masking conditions? Or, alternatively, what Oracle means with "regular VPD predicates" and "simple Boolean expressions" (of course, in the context of VPD)?
View 2 Replies
View Related
Apr 24, 2013
i have IR report page and download column as blob,how can security applied in specific column wise?e.g. Report page have more rows, and applied query in condition.
Select ID,dbms_lob.getlength(Blob_file) Download from Document_master
where Created_by=UPPER(:APP_USER)
OR
(exists (select '' from apex_workspace_group_users awgu
where awgu.user_name =:app_user AND awgu.GROUP_NAME='EMPLOYEE_GROUP'
)
)
Now all the rows with Download column to see EMPLOYEE_GROUP users,but i need control the download column only except Created_by=UPPER(:APP_USER) ,this case how can do the security.
View 5 Replies
View Related
