It’s common practice to authorized application users to use approved channels such as web application form, for example, to access the Oracle database. But what happens if a user accesses the database through other, non approved channels? For example, what if an authorized user access the database not through the approved application forms, but through SQL*Plus, the Oracle command line and GUI interface to the database? Oracle offers the free Virtual Private Database feature to help you prevent this. VPD, as it’s commonly referred to, the Virtual Private Database feature is popular among database users, when they plan on implementing row-level security.
VPD prevents uses from bypassing the security protections you’ve built into your database applications by instituting row level security in database tables. Essentially what the application developer does is to write a security policy or function in Oracle code. The developer then attaches this security function to code that retrieves data from a table or set of tables. This helps create and implement strong access management policies directly at the data level, by controlling who can access which rows of a table. How the user access the database becomes completely irrelevant, as you’ve very fine grained access control policies working at the row level.
Virtual Private Database comes with Oracle Database Enterprise Edition, and it’s a very easy feature to implement, and doesn’t evolve into a major project of its own. You don’t have to purchase any addition Oracle options to make the Virtual Private Database feature work. What else can you ask for – a true Oracle freebie that works reliably to offer extremely fine-grained data security and is a piece of cake to implement? Not many things in any database offer what this feature does.