Comments on: VPD part 2; The added functionality in 10g Friends of Oracle and Java Wed, 01 Apr 2015 06:55:13 +0000 hourly 1 By: Ron Brink Wed, 07 Nov 2007 23:01:07 +0000 /?p=774#comment-2415 It appears that the predicate that is “added” to a query is AND (..vpd policy here…). Is there any way to use OR instead of having the predicate be AND….

By: renish Tue, 23 Oct 2007 09:54:45 +0000 /?p=774#comment-2414 is it possible to mask column data with “########” in case of string and “NaN” in case of float/double.

By: Marcos Fri, 09 Sep 2005 18:18:28 +0000 /?p=774#comment-2413 Well first I would never use VPD on column level without the sec_revelant_cols_opt. It would be very hard for a developer to write SQL or PL/SQL against it. One moment you get x number of columns back the other moment x+(number)depending upon the nr of column policies.So from this perspective I agree. On the other hand perhaps you only want to display salary information of the person querying the salary table. You however do want this person to have access to other information in this table. One is able to solve this using the column policy option an othet possibility would be to create views with case or decode statememts masking the information that needs to be secured.

As for the second question: I could image that it uses a case statement. The outcome definitly looks the same compaired with the use of the sec_relevant_cols_opt option. I am however not sure.

By: Chris Muir Thu, 08 Sep 2005 22:18:54 +0000 /?p=774#comment-2412 Regards the first column sensitive VPD facility you describe (column level VPD; as separate to column masking VPD), can you think of a use of this facility? Column masking makes obvious sense; you can hide credit card values in a table for instance. But column level?… we’re not so sure.

Do you think column level was Oracle’s first attempt at column masking?

Also behind the scenes, any idea how the column sensitive VPD changes the SQL? I’m guessing column masking wraps each secure column in a case statement…. probably why the feature was implemented around the same time as the case-keyword was supported in SQL.