Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual Private Databases

Published byGabriel Henrique Martinho Modified over 5 years ago

Similar presentations

Presentation on theme: "Virtual Private Databases"— Presentation transcript:

1 Virtual Private Databases
Brandon Mason Database Administrator America First Credit Union

2 What is a Virtual Private Database ?

3

4

5

6 What is a VPD? Masks data in larger database
Limits a user to only view/manipulate “private” data Contains both ROW and COLUMN level security

7 The Basics Been around Since 1999 Also Known As: Orale 8i
Fine Grained Access Control (FGAC) (i.e. Policies can be applied per table) Row-Level Security (RLS)

8 How Magic Happens . Re-Writes Query Multiple Predicates are ‘ANDed’
Appends Predicate to SQL Query Select * from table; Becomes Select * from table where salary < 50000; Multiple Predicates are ‘ANDed’ Allows Multiple Policies per Table

9 VPD Vs. Views Difficult (sometimes impossible) to maintain large number of views What if Security Policy Changes? Views best suited for simple evaluations Data must reside in the database (or be hard-coded in the view) Users bypass security when accessing base tables

10 DataBase Security Traditional What Users Can See (Permission)

11 DataBase Security Traditional What Users Can See (Permission)
VPD What Users Can’t See (Prohibition)

12 Benefits Scalable Simple Security
1 function can replace (n) number of views Simple Even I implemented this, and I have an HR degree Attaching VPD to base tables affects all related views and applications Security Server-enforced Can be granted to Security Admin User Based on DB Objects (not applications)

13 Benefits, cont. Granularity Certified for EBS, among others
If you want to limit: All Records for Selects Insert and Update your own Department Delete only your own record VPD can handle that! Certified for EBS, among others Simplifies Admin Transcends Apps Databases Outlive Applications

14

15 When to use HR Data HIPAA requirements Franchises
Gyms, Kiosks, etc. America First Credit Union

16 Privs Needed Create Procedure* Execute on DBMS_RLS Package
*Unless existing procs are sufficient already Execute on DBMS_RLS Package DBMS_RLS.ADD_POLICY DBMS_RLS.DROP_POLICY DBMS_RLS.ENABLE_POLICY Does NOT require object privs on target object

17 Demonstration

18 Demonstration

19 Attaching a Policy DBMS_RLS.ADD_POLICY

20 Default Behavior

21 Removing a Policy DBMS_RLS.DROP_POLICY

22 WHO AM I? Lewis Alcindor, Jr. Gordon Sumner Gordon Schumway
Kareem Abdul-Jabbar Gordon Sumner Sting Gordon Schumway A.LF.

23 Column Security

24 Column Security Select * from table gives the same results, However…

25 Column Security

26 ALL_ROWS

27 Column Masking

28 ALL_ROWS Features Attach a policy only to security-relevant data
Default Behavior restricts entire row MASKING behavior Returns ALL rows, but returns NULL for secured values Restrictions Applies only to SELECT statements Must be simple Boolean

29

30 STATEMENT_TYPES Can restrict based on type of SQL statement
Select Insert Update Delete Index If not specified, policy applies to all but INDEX

31 STATEMENT_TYPES Note the function is always FALSE.

32 STATEMENT_TYPES

33 STATEMENT_TYPES

34 STATEMENT_TYPES Re-try same query, but securing a single column

35 STATEMENT_TYPES

36 UPDATE_CHECK What if the VPD allows us to update data - However, performing the update would kick the record out of the security policy?

37 UPDATE_CHECK

38 STATEMENT_TYPES

39 Other Parameters Enable Long_predicate Static_policy / Policy_Type
Toggles Policy on/off Long_predicate Increases length the of string returned by function Static_policy / Policy_Type Rarely used. Can improve speed with caching

40 Performance Because VPD invokes a function each time a statement is issued, performance is a concern 5 Options for controlling Caching Dynamic (default) – no caching Static – cached in SGA Shared_Static - cached across multiple objects that use the same policy function Context_Sensitive – Ideal for Connection Pooling Shared_Context_Sensitive – Only executes function if it detects context changes

41 WHO AM I? Carlos Irwin Estevez Cassius Clay William Bruce Rose
Charlie Sheen Cassius Clay Muhammad Ali William Bruce Rose Axl Rose

42 Application Context . Application Context securely caches user info
Global variable, holds info relevant to session You can define, set, and access application attributes that you can use as a secure data cache Increases performance, due to caching Makes use of SYS_CONTEXT function

43 Application Context . Preserves identity across multi-tier environments Pre-defined app context “USERENV” Describes the current session of the user Computer ID IP Address OS Username *USERENV can only RETRIEVE session data, not set it Chapter 6 of Oracle Database Security Guide for more information…

44 Application Context . Select syscontext(‘userenv’, ‘current_user’) from dual;

45 Application Context .

46 Application Context .

47 Application Context . Set attribute value in an application context
DBMS_SESSION.SET_CONTEXT(‘namespace’, ‘attributename’, value); Get attribute value from an application context, SYS_CONTEXT(‘namespace’, ‘attributename’);

48 Policy Groups Policy Group – set of security policies that belong to an application Useful when multiple apps with complex share the same data Example: a Data hosting company DBMS_RLS.ADD_GROUPED_POLICY

49 Finding VPDs ALL_SEC_RELEVANT_COLS;
select * from DBA_POLICIES where object_owner not in ('MDSYS', 'XDB');

50 Data Dict Views View Description ALL_POLICIES
Describes all Oracle Virtual Private Database security policies for objects accessible to the current user. ALL_POLICY_CONTEXTS Describes the driving contexts defined for the synonyms, tables, and views accessible to the current user. A driving context is an application context used in an Oracle Virtual Private Database policy. ALL_POLICY_GROUPS Describes the Oracle Virtual Private Database policy groups defined for the synonyms, tables, and views accessible to the current user ALL_SEC_RELEVANT_COLS Describes the security relevant columns of the security policies for the tables and views accessible to the current user DBA_POLICIES Describes all Oracle Virtual Private Database security policies in the database. DBA_POLICY_GROUPS Describes all policy groups in the database.

51 Data Dict Views DBA_POLICY_CONTEXTS
Describes all driving contexts in the database. Its columns are the same as those in ALL_POLICY_CONTEXTS. DBA_SEC_RELEVANT_COLS Describes the security relevant columns of all security policies in the database USER_POLICIES Describes all Oracle Virtual Private Database security policies associated with objects owned by the current user. This view does not display the OBJECT_OWNER column. USER_POLICY_CONTEXTS Describes the driving contexts defined for the synonyms, tables, and views owned by the current user. Its columns (except for OBJECT_OWNER) are the same as those in ALL_POLICY_CONTEXTS. USER_SEC_RELEVANT_COLS Describes the security relevant columns of the security policies for the tables and views owned by the current user. Its columns (except for OBJECT_OWNER) are the same as those in ALL_SEC_RELEVANT_COLS. USER_POLICY_GROUPS Describes the policy groups defined for the synonyms, tables, and views owned by the current user. This view does not display the OBJECT_OWNER column. V$VPD_POLICY Displays all the fine-grained security policies and predicates associated with the cursors currently in the library cache. This view is useful for finding the policies that were applied to a SQL statement.

52 Pitfalls Difficult to Determine TRUE Permissions Performance
EXEMPT_ACCESS_POLICY Exempts you from ANY VPD Policy SYS and SYSDBA inherently have this role Export / Import Materialized View Only on the PRODUCT of a view, not the base table

53 Pitfalls, cont. Recursion Struggling? Create and review a trace file
“Although you can define a policy against a table, you cannot select that table from within the policy that was defined against the table.” (Oracle Database Security Guide, pg. 7-4) Beware that the function you write doesn’t try to access the very table you are securing Also, beware of having 2 tables with VPDs reference each other recursively Struggling? Create and review a trace file

54 Questions? Thanks!

Download ppt "Virtual Private Databases"

Similar presentations

Prligence Empowering Intelligence All About Fine Grained Access Control by Arup Nanda.

Prligence Empowering Intelligence All About Fine Grained Access Control by Arup Nanda.
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
یا ذالامن و الامان. Virtual Private Database Mohammad Amin Sabbaghian.

یا ذالامن و الامان. Virtual Private Database Mohammad Amin Sabbaghian.
Fundamentals, Design, and Implementation, 9/e Chapter 11 Managing Databases with SQL Server 2000.

Fundamentals, Design, and Implementation, 9/e Chapter 11 Managing Databases with SQL Server 2000.
A Guide to Oracle9i1 Advanced SQL And PL/SQL Topics Chapter 9.

A Guide to Oracle9i1 Advanced SQL And PL/SQL Topics Chapter 9.
15 Copyright © 2006, Oracle. All rights reserved. Database Security.

15 Copyright © 2006, Oracle. All rights reserved. Database Security.
ORACLE DATABASE SECURITY

ORACLE DATABASE SECURITY
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.
Security and Integrity

Security and Integrity
Chapter 7 PHP Interacts with Ms. Access (Open DataBase Connectivity (ODBC))

Chapter 7 PHP Interacts with Ms. Access (Open DataBase Connectivity (ODBC))
IAM Online - Grouper Permissions Chris Hyzer University of Pennsylvania / Internet2 September 14, 2011 9/14/20151.

IAM Online - Grouper Permissions Chris Hyzer University of Pennsylvania / Internet2 September 14, /14/20151.
Chapter 101. 2 Oracle Server An Oracle Server consists of an Oracle database (stored data, control and log files.) The Server will support SQL to define.

Chapter Oracle Server An Oracle Server consists of an Oracle database (stored data, control and log files.) The Server will support SQL to define.
ORACLE LABEL SECURITY Evgeniya Kotzeva VEREO Technologies.

ORACLE LABEL SECURITY Evgeniya Kotzeva VEREO Technologies.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.
CSIS 4310 – Advanced Databases Virtual Private Databases.

CSIS 4310 – Advanced Databases Virtual Private Databases.
Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.

Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.
PL/SQLPL/SQL Oracle10g Developer: PL/SQL Programming Chapter 7 PL/SQL Packages.

PL/SQLPL/SQL Oracle10g Developer: PL/SQL Programming Chapter 7 PL/SQL Packages.
Using Procedures & Functions Oracle Database PL/SQL 10g Programming Chapter 9.

Using Procedures & Functions Oracle Database PL/SQL 10g Programming Chapter 9.
R12 MOAC (Multi-Org Access Control) Uncovered John Peters JRPJR, Inc.

R12 MOAC (Multi-Org Access Control) Uncovered John Peters JRPJR, Inc.
Database Design and Management CPTG 424. 10/23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,

Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,

Similar presentations

Ads by Google