1 / 54

Virtual Private Databases

Virtual Private Databases. Brandon Mason Database Administrator America First Credit Union. What is a Virtual Private Database ?. What is a VPD?. Masks data in larger database Limits a user to only view/manipulate “private” data Contains both ROW and COLUMN level security.

cira
Download Presentation

Virtual Private Databases

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtual Private Databases Brandon Mason Database Administrator America First Credit Union

  2. What is a Virtual Private Database ?

  3. What is a VPD? Masks data in larger database Limits a user to only view/manipulate “private” data Contains both ROW and COLUMN level security

  4. The Basics • Been around Since 1999 • Orale 8i • Also Known As: • Fine Grained Access Control (FGAC) (i.e. Policies can be applied per table) • Row-Level Security (RLS)

  5. How Magic Happens . • Re-Writes Query • Appends Predicate to SQL Query Select * from table; Becomes Select * from table where salary < 50000; • Multiple Predicates are ‘ANDed’ • Allows Multiple Policies per Table

  6. VPD Vs. Views • Difficult (sometimes impossible) to maintain large number of views • What if Security Policy Changes? • Views best suited for simple evaluations • Data must reside in the database (or be hard-coded in the view) • Users bypass security when accessing base tables

  7. DataBase Security Traditional What Users Can See (Permission)

  8. DataBase Security Traditional What Users Can See (Permission) VPD What Users Can’tSee (Prohibition)

  9. Benefits • Scalable • 1 function can replace (n) number of views • Simple • Even I implemented this, and I have an HR degree • Attaching VPD to base tables affects all related views and applications • Security • Server-enforced • Can be granted to Security Admin User • Based on DB Objects (not applications)

  10. Benefits, cont. • Granularity If you want to limit: All Records for Selects Insert and Update your own Department Delete only your own record VPD can handle that! • Certified for EBS, among others • Simplifies Admin • Transcends Apps • Databases Outlive Applications

  11. When to use • HR Data • HIPAA requirements • Franchises • Gyms, Kiosks, etc. • America First Credit Union

  12. Privs Needed • Create Procedure* • *Unless existing procs are sufficient already • Execute on DBMS_RLS Package • DBMS_RLS.ADD_POLICY • DBMS_RLS.DROP_POLICY • DBMS_RLS.ENABLE_POLICY • Does NOT require object privs on target object

  13. Demonstration

  14. Demonstration

  15. Attaching a Policy DBMS_RLS.ADD_POLICY

  16. Default Behavior

  17. Removing a Policy DBMS_RLS.DROP_POLICY

  18. WHO AM I? • Lewis Alcindor, Jr. • Kareem Abdul-Jabbar • Gordon Sumner • Sting • Gordon Schumway • A.LF.

  19. Column Security

  20. Column Security Select * from table gives the same results, However…

  21. Column Security

  22. ALL_ROWS

  23. Column Masking

  24. ALL_ROWS Features • Attach a policy only to security-relevant data • Default Behavior restricts entire row • MASKING behavior • Returns ALL rows, but returns NULL for secured values • Restrictions • Applies only to SELECT statements • Must be simple Boolean

  25. STATEMENT_TYPES • Can restrict based on type of SQL statement • Select • Insert • Update • Delete • Index • If not specified, policy applies to all but INDEX

  26. STATEMENT_TYPES Note the function is always FALSE.

  27. STATEMENT_TYPES

  28. STATEMENT_TYPES

  29. STATEMENT_TYPES Re-try same query, but securing a single column

  30. STATEMENT_TYPES

  31. UPDATE_CHECK What if the VPD allows us to update data - However, performing the update would kick the record out of the security policy?

  32. UPDATE_CHECK

  33. STATEMENT_TYPES

  34. Other Parameters • Enable • Toggles Policy on/off • Long_predicate • Increases length the of string returned by function • Static_policy / Policy_Type • Rarely used. Can improve speed with caching

  35. Performance • Because VPD invokes a function each time a statement is issued, performance is a concern • 5 Options for controlling Caching • Dynamic (default) – no caching • Static – cached in SGA • Shared_Static - cached across multiple objects that use the same policy function • Context_Sensitive – Ideal for Connection Pooling • Shared_Context_Sensitive – Only executes function if it detects context changes

  36. WHO AM I? • Carlos Irwin Estevez • Charlie Sheen • Cassius Clay • Muhammad Ali • William Bruce Rose • Axl Rose

  37. Application Context . • Application Context securely caches user info • Global variable, holds info relevant to session • You can define, set, and access application attributes that you can use as a secure data cache • Increases performance, due to caching • Makes use of SYS_CONTEXT function

  38. Application Context . • Preserves identity across multi-tier environments • Pre-defined app context “USERENV” • Describes the current session of the user • Computer ID • IP Address • OS Username *USERENV can only RETRIEVE session data, not set it • Chapter 6 of Oracle Database Security Guide for more information…

  39. Application Context . Select syscontext(‘userenv’, ‘current_user’) from dual;

  40. Application Context .

  41. Application Context .

  42. Application Context . • Set attribute value in an application context • DBMS_SESSION.SET_CONTEXT(‘namespace’, ‘attributename’, value); • Get attribute value from an application context, • SYS_CONTEXT(‘namespace’, ‘attributename’);

  43. Policy Groups • Policy Group – set of security policies that belong to an application • Useful when multiple apps with complex share the same data • Example: a Data hosting company • DBMS_RLS.ADD_GROUPED_POLICY

  44. Finding VPDs • ALL_SEC_RELEVANT_COLS; • select * from DBA_POLICIESwhere object_owner not in ('MDSYS', 'XDB');

  45. Data Dict Views

More Related