Which has the higher priority in your organization: Deploying a new database or securing the ones you already have?
Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Purpose
Internal support for DBMS_RLS and Row Level Security. There is a 1:1 correspondence between the objects in this package and objects in the DBMS_RLS package that is link at page bottom.
Add a row level security policy to a policy group for a table or view
dbms_rls_int.add_grouped_policy(
object_schema IN VARCHAR2,
object_name IN VARCHAR2,
policy_group IN VARCHAR2,
policy_name IN VARCHAR2,
function_schema IN VARCHAR2,
policy_function IN VARCHAR2,
statement_types IN VARCHAR2,
update_check IN BOOLEAN,
enable IN BOOLEAN,
static_policy IN BOOLEAN,
policy_type IN BINARY_INTEGER,
long_predicate IN BOOLEAN,
sec_relevant_cols IN VARCHAR2,
sec_relevant_cols_opt IN BINARY_INTEGER,
namespace IN VARCHAR2,
attribute IN VARCHAR2,
cps IN BOOLEAN);
Add a row level security policy to a table or view
dbms_rls_int.add_policy(
object_schema IN VARCHAR2,
object_name IN VARCHAR2,
policy_name IN VARCHAR2,
function_schema IN VARCHAR2,
policy_function IN VARCHAR2,
statement_types IN VARCHAR2,
update_check IN BOOLEAN,
enable IN BOOLEAN,
static_policy IN BOOLEAN,
policy_type IN BINARY_INTEGER,
long_predicate IN BOOLEAN,
sec_relevant_cols IN VARCHAR2,
sec_relevant_cols_opt IN BINARY_INTEGER,
namespace IN VARCHAR2,
attribute IN VARCHAR2,
cps IN BOOLEAN);
Alter a row level security policy of a policy group
dbms_rls_int.alter_grouped_policy(
object_schema IN VARCHAR2,
object_name IN VARCHAR2,
policy_group IN VARCHAR2,
policy_name IN VARCHAR2,
alter_option IN BINARY_INTEGER,
namespace IN VARCHAR2,
attribute IN VARCHAR2,
cps IN BOOLEAN);
dbms_rls_int.alter_policy(
object_schema IN VARCHAR2,
object_name IN VARCHAR2,
policy_name IN VARCHAR2,
alter_option IN BINARY_INTEGER,
namespace IN VARCHAR2,
attribute IN VARCHAR2,
cps IN BOOLEAN);
dbms_rls_int.disable_grouped_policy(
object_schema IN VARCHAR2,
object_name IN VARCHAR2,
group_name IN VARCHAR2,
policy_name IN VARCHAR2,
enable IN BOOLEAN,
cps IN BOOLEAN);
Drop a row level security policy from a policy group of a table or view
dbms_rls_int.drop_grouped_policy(
object_schema IN VARCHAR2,
object_name IN VARCHAR2,
policy_group IN VARCHAR2,
policy_name IN VARCHAR2,
cps IN BOOLEAN);
dbms_rls_int.enable_grouped_policy(
object_schema IN VARCHAR2,
object_name IN VARCHAR2,
group_name IN VARCHAR2,
policy_name IN VARCHAR2,
enable IN BOOLEAN,
cps IN BOOLEAN);