Back to Database Security homepage

Virtual Private Database

Virtual Private Database (VPD), a feature of Oracle Database 11g Enterprise Edition, was introduced in Oracle8i and is one of the most popular security features in the database. VPD is used when the standard object privileges and associated database roles are insufficient to meet application security requirements. VPD policies can be simple or complex depending on your security requirements. VPD can be used in combination with the "application context" feature to enforce sophisticated row and/or column level security requirements for privacy and regulatory compliance. A simple VPD example might restrict access to data during business hours and a more complex VPD example might read an application context during a login trigger and enforce row level security against the ORDERS table.

No matter how users connect to the protected table (via an application, a Web interface or SQL*Plus), the result is the same. There is no "application security problem" anymore, since the access policy is attached to the table, and cannot be bypassed.

VPD simple
Example: A customer can only see his orders in the 'orders' table (below), when he is listed in the 'customers' table (above).


With "Column Relevance", VPD can be configured such that the policy is enforced only when a critical column is selected:

VPD Column Relevance (passive)

VPD Column Relevance (active)
Example: The account manager with the account_mgr_id "149" can see all rows from the customers table, but not the credit limits. As soon as she queries the 'credit_limit' column, she can only see her own customers.


The most advanced configuration ("Column Hiding") of VPD allows for the most effective combination of ease-of-use and security: She still has access to all public information in the 'customers' table, but confidential information remains hidden:

VPD Column Masking
Example: All 'credit_limit' data cells are empty except those of her own customers.



Hands-On


VPD policy groups for application users (incl. 'driving application context')
Leveraging Oracle Database Security with J2EE Container Managed Persistence (pdf)
Combine VPD and Oracle Label Security to hide sensitive columns based on OLS user clearance

Security Features


Data Encryption
Virtual Private Database
Database Auditing
Backup Encryption
Export file encryption
Proxy Authentication
Enterprise User Security
Secure Application Roles
Fine Grained Auditing

Discussion Forums


Security
Audit Vault

Customer Successes


Industry leading organizations globally rely on Oracle Database Security Solutions to protect data privacy, address insider threats, and meet regulatory compliance - without changes to their existing applications, saving time and money.
Database Security Customers

Security Options


Oracle Database Vault
Oracle Advanced Security
Oracle Label Security

Related Technologies


Database Firewall
Audit Vault
Data Masking (pdf)
Secure Backup
Oracle Database Lifecycle Management Pack
Identity Management


In-Memory Replay Banner