Real Application Security

Oracle RAS provides a declarative model that enables security policies that encompass not only the business objects being protected but also the principals (users and roles) that have permissions to operate on those business objects. RAS is more secure, scalable, and cost effective than traditional Oracle VPD technology.

With Oracle RAS, application users are authenticated in the application-tier as well as in the database. Irrespective of the data access path, the data security policies are enforced in the database kernel based on the end-user native session in the database. The privileges assigned to the user control the type of operations (select, insert, update and delete) that can be performed on rows and columns of the database objects.

Virtual Private Database

Oracle Database 18c Virtual Private Database (VPD, first introduced in Oracle8i), provides an interface to associate PL/SQL packages with application tables. The PL/SQL package computes a predicate or "where" clause that is automatically appended to incoming SQL statements, restricting access to rows and columns within the table. VPD policies can be simple or complex depending on your security requirements, but almost always use an Oracle defined application context that is initialized by the application at runtime. VPD can be used to enforce row and/or column level security requirements for privacy and regulatory compliance. A simple VPD example might restrict access to data during business hours and a more complex VPD example might read an application context during a login trigger and enforce row level security against an application table.