Help on VPD

I am trying to use VPD in our application. It works fine if I directly use SQL select statement. However I can not get the right reocrd set if the SQL statement in stored procedures, functions, or package. Your kind reply will be highly appreciated.

Find the issue.
If I logon into system use sys as sysdba and then grant exempt access policy to one user, then i get the problem. If I logon the current schema using one user with DBA roles, and then grant exempt access policy to one user, the whole system works fine now.
Thanks a lot.

Similar Messages

APEX VPD Implementation for Web Site - Please Help

Hi Folks.
I want to do the following...
I have an APEX website which has both INTERNAL and EXTERNAL users.
The INTERNAL users (employees) should be able to see all data in all tables.
The EXTERNAL users (clients) should only see their own data within the same tables.
The intention here is to enforce the data that employees and clients can interact with using VPD.
Within the application we have our own CONTACT table that will be used by our system for controlling user-access. Only Valid system users will have an entry in the CONTACT table. Currently, this is partially enforced by APEX.
It is also, our intention that all the users of our APEX system, connect to the database as a single user – currently APP_PUBLIC_USER. As we do not want the overhead of database user account management.
Note in the future we hope to integrate the APEX system with Oracle Business Intelligence (BI).
VPD
If we create a DATABASE account with the same username as that stored in our own CONTACT table and connect using SQL/PLUS then the VPD policy is successful.
When we connect using APEX we are able to authenticate the APEX username is in our own CONTACT table but we cannot pass the APEX username to the database for testing with regards the VPD policy. It is always APEX_PUBLIC_USER as far as the database is confirmed.
The username as far as the database is concerned is always APEX_PUBLIC_USER.
As such we cannot distinguish between the users.
We have tried setting an oracle application context (XXX_App_CTX) that has an attribute ‘USER_NAME’ with value of :APP_USER in the APEX application. This was done in the Apex VPD security section. We’ve queried the value when running the APEX application and the value displays correctly.
But on the database the value of USER_NAME appears as null.
How can we pass the APEX user name to the database for the purposes of enforcing VPD?
Also, we have a database on-logon trigger which initialises application contexts attributes/values that are used to implement our VPD, see below.
Any suggestions?
Note : DEVYYY is the schema owner.
DECLARE
-- Fetch valid user information which is required for set the application
-- context.
CURSOR csr_user_info (cp_user_name IN VARCHAR2) IS
sELECT con.contact_id
,con.master_entity_id
FROM DEVYYY.contact con
WHERE con.user_name = cp_user_name ;
r_user_info csr_user_info%ROWTYPE;
v_user VARCHAR2(30);
BEGIN
IF v('APP_USER') != 'APEX_PUBLIC_USER' AND
v('APP_USER') IS NOT NULL THEN
v_user := v('APP_USER');
ELSE
v_user := UPPER(SYS_CONTEXT('USERENV','SESSION_USER'));
END IF;
v_user := SYS_CONTEXT('XXX_App_CTX','user_name') ;
-- Validate/Authenticate that the user exists in the contacts table
OPEN csr_user_info (cp_user_name => v_user );
FETCH csr_user_info INTO r_user_info;
CLOSE csr_user_info;
-- Set application context for a valid user, else set the the context
-- to invalid.
IF r_user_info.contact_id IS NOT NULL THEN
DEVYYY.XXX_app_CTX_mgr.set_contact_id_CTX(p_contact_id => r_user_info.contact_id );
DEVYYY.XXX_app_CTX_mgr.set_user_name_CTX (p_user_name => v_user);
DEVYYY.XXX_app_CTX_mgr.set_master_entity_id_CTX(p_master_entity_id => r_user_info.master_entity_id);
ELSE
-- invalid user, i.e does not exist in .contact table.
DEVYYY.XXX_app_CTX_mgr.set_contact_id_CTX(p_contact_id => -99 );
DEVYYY.XXX_app_CTX_mgr.set_user_name_CTX(p_user_name => 'INVALID_USER');
DEVYYY.XXX_app_CTX_mgr.set_master_entity_id_CTX(p_master_entity_id => -99);
END IF;
EXCEPTION
WHEN OTHERS THEN
RAISE_APPLICATION_ERROR(-20001, 'ON-LOGON TRG Error: ' ||SQLERRM);
END trg_db_logon;

Contexts are only valid for a session, but every page view in an APEX application is essentially a new session. Take a look at global application contexts as they persists across sessions. You could also set some type of role info in an APEX item and reference it via PL/SQL from your VPD policy function.
Tyler

Help With FGAC (VPD, RLS...)

Hi all.
I'm trying to create a Discoverer Trigger to implement FGAC. The point is:
Discoverer DEMANDS you to create a DB function without any argument, returning integer (that won't be used anywhere), and register it in Disco. Adm. Edition. This is the easy part.
Then I created two db. functions. The first one configures Policies (INFO_SEC). The second one (this is the one I try to invoke in discoverer - EUL_TRIGGER$POST_LOGIN), simply creates the policy using DBMS_RLS package.
SQL> create or replace function info_sec( p_schema in varchar2) return varchar2
2 as
3 v_user varchar2(30);
4 begin
5 select sys_context('USERENV', 'SESSION_USER')
6   into v_user
7 FROM DUAL;
8    if (v_user = 'DWH_ADMIN' ) then
9      return '';
10    else
11      return 'upper(nm_emp) = '||v_user;
12    end if;
13 end;
14 /
Function created.
SQL> create or replace FUNCTION EUL_TRIGGER$POST_LOGIN RETURN INTEGER
2 as
3 begin
4 dbms_rls.add_policy
5 ( object_schema   => 'DWH_ADMIN',
6 object_name     => 'EMP_T',
7 policy_name     => 'POL_EMP',
8 function_schema => NULL,
9 policy_function => 'INFO_SEC',
10 statement_types => 'select, insert, update, delete' ,
11 update_check    => TRUE );
12   RETURN(10000);
13 end;
14 /
Function created.
SQL> select EUL_TRIGGER$POST_LOGIN FROM DUAL;
select EUL_TRIGGER$POST_LOGIN FROM DUAL
ERROR at line 1:
ORA-14552: cannot perform a DDL, commit or rollback inside a query or DML
ORA-06512: at "SYS.DBMS_RLS", line 308
ORA-06512: at "DWH_ADMIN.EUL_TRIGGER$POST_LOGIN", line 4I understand this is due to the insert that dbms_rls tries to perform in order to create the policy.
My question is if anyone has an alternative for setting this using pl/sql. I need to set the RLS policy in discoverer only, so, i MUST use Discoverer Triggers.
If you need more info about Discoverer Triggers, you cand find it in:
http://www.huihoo.com/oracle/docs/B25016_04/doc/dl/bi/B13916_04/appendix_b.htm
Anything you guys input here will be highly appreciate!
Regards,
Marcos

You do not want any part of a system which intends to apply different FGAC policies to the same Oracle user based on the application they are using. Assuming you managed to set things up so that each application was setting up its own FGAC policy, FGAC policies apply to the instance. So the policy that would apply to the Discoverer session, for example, could change when some other application created a session and set its own policy. This is a disaster waiting to happen.
Your policy function could look at information about the session to try to determine the application being used and tailor the policy accordingly. This is generally a bad idea since this information is being passed in by the client, meaninging that it is relatively easy to spoof a different application.
Justin

How to get Win NT userid for setting VPD application context?

We are planning to implement row-level security using VPD. For that to happen, we need to capture the Windows NT userid since all the applications connect through a generic Oracle userid which will not help us.
Has anyone done this before? Your responses are appreciated.
Thanks.

SELECT osuser
FROM v$session
WHERE audsid = (SELECT USERENV ('sessionid') FROM dual)

Effect of RLS policy (VPD) on execution plan of a query

Hi
I have been working on tuning of few queries. A RLS policy is defined on most of the tables which appends an extra where condition (something like AREA_CODE=1). I am not able to understand the effect of this extra where clause on the execution plan of the query. In the execution plan there is no mention of the clause added by VPD. In 10046 trace it does show the policy function being executed but nothing after that.
Can someone shed some light on the issue that has VPD any effect on the execution plan of the query ? Also would it matter whether the column on which VPD is applied, was indexed or non-indexed ?
Regards,
Amardeep Sidhu

Amardeep Sidhu wrote:
I have been working on tuning of few queries. A RLS policy is defined on most of the tables which appends an extra where condition (something like AREA_CODE=1). I am not able to understand the effect of this extra where clause on the execution plan of the query. In the execution plan there is no mention of the clause added by VPD. In 10046 trace it does show the policy function being executed but nothing after that.
VPD is supposed to be invisible - which is why you get minimal information about security predicates in the standard trace file. However, if you reference a table with a security preidcate in your query, the table is effectively replaced by an inline view of the form: "select * from original_table where {security_predicate}", and the result is then optimised. So the effects of the security predicate is just the same as you writing the predicate into the query.
Apart from your use of v$sql_plan to show the change in plan and the new predicates, you can see the effects of the predicates by setting event 10730 with 10046. In current versions of Oracle this causes the substitute view being printed in the trace file.
Bear in mind that security predicates can be very complex - including subqueries - so the effect isn't just that of including the selectivity of "another simple predicate".
Can someone shed some light on the issue that has VPD any effect on the execution plan of the query ? Also would it matter whether the column on which VPD is applied, was indexed or non-indexed ?
Think of the effect of changing the SQL by hand - and how you would need to optimise the resultant query. Sometimes you do need to modify your indexing to help the security predicates, sometimes it won't make enough difference to matter.
Regards
Jonathan Lewis
http://jonathanlewis.wordpress.com
http://www.jlcomp.demon.co.uk
"Science is more than a body of knowledge; it is a way of thinking"
Carl Sagan
To post code, statspack/AWR report, execution plans or trace files, start and end the section with the tag {noformat}{noformat} (lowercase, curly brackets, no spaces) so that the text appears in fixed format.

How to use vpd to restrict rows by application and schema_name?

We have a need to reuse a schema name many times in a test/dev. environment. Normally we just create a new instance so development can test their apps. using the same schema_name, let's call it test_user. This is very tedious and time consuming to create many db's and sometimes we don't have the hardware to support so many db's. So I was wondering if I could use vpd and an application_context to restrict the rows & columns that can be seen. But instead of restricting it by schema_name I want to restrict it by schema_name and another env. variable like app_name or something similar. So when the middle layer connects with test_user user name and the app is called accts_payable they see parts of the rows that pertain to them. But if the middle layer connects with the test_user user name and the app is called accts_payable2 they see completely different rows. Any help would be appreciated.
Thanks,
George

I was hoping someone else had already been down this path so I don't have to re-invent the wheel. But it looks like I'm going to go down that path. I did find something in the manual that may help but again it's not exactly what I was hoping for so I will have to test it. It mentions using dbms_session to set the application name in the environment like this:
Consider the application server, AppSvr, that has assigned the client identifier 12345 to client SCOTT. It then issues the following statement to indicate that, for this client identifier, there is an application context called RESPONSIBILITY with a value of 13 in the HR namespace.
DBMS_SESSION.SET_CONTEXT( 'HR', 'RESPONSIBILITY' , '13', 'SCOTT', '12345' );
Thanks for your help on this. If anyone else has been through a similar situation please reply.
Thanks,
George

How to use VPD in Java/Struts JSP portlet with SSO

DB = 10.1.0 (Standard Edition)
Portal = 9.0.4.1
10gAS = 9.4.0.1 (EE)
I am in the beginning stages of developing some portlets that will be Java/Struts JSP based. We use SSO and have implemented some VPD security in our DB by creating some views that use SYS_CONTEXT('USERENV','CURRENT_USERID').
These Java portlets connect to the DB using a defined JDBC connection for the OC4J container they are deployed in. The problem I'm having is that the call to SYS_CONTEXT is returning the user of the JDBC connection and not the SSO user. So far I have been unable to find any documentation that will point me in the right direction to get this configured properly.
Deployment and configuration are as follows. Deploy war file to custom container on app server. In the configuration of the OC4J contain the app used the containers default JDBC connection using the oracle.jdbc.pool.OracleDataSource class. Max and Min open connections are blank.
In the portal configuration under Navigator - Providers tab we defined a new Registered Provider. In the Connections tab for the provider we Specify the URL Http://hpsrv02.simsol.com:7777/discovery-portlets/providers. Under "Specify how the user's identity will be set by the Portal..." the "The user has the same identity in the Web providers application as in the Single Sign-On identity" is selected. Under "User/Session Information" User is selected and Login Frequency is set to "Once per user session". Then we created a new portal page and created a new portlet with the new provider.
Just an FYI I do have Discoverer working with VPD and any report portlet, dynamic page portlet and any other type of portlet I created all work correctly with VPD it is just the java/struts one that is not working.
So does any one have any insight into what configuration steps I have missed?
Any help is much appreciated,
Ed Klinger

Ed,
Your java code must get the SSO username (it's just a HTTP header variable) :
ie: code sample...
Enumeration e = request.getHeaderNames();
while (e.hasMoreElements()) {
String name = (String)e.nextElement();
String value = request.getHeader(name);
out.println("<br> "+name + " = " + value);
if (name.toUpperCase().trim().equals("OSSO-USER-DN")){
dn_user=value;
out.println("<br>******** USER DN = "+dn_user);
Then, the SSO username can be used in the VPD policy.
Note that there is a difference between the sso username and the database username . SSO username is not known by database (CURRENT_USERID will return a database username)
Discoverer worked OK in your case with the SYS_CONTEXT (.. CURRENT_USERID) because authentication is made by database user, probably.

Row level security in OBIEE 11g: Which is better: VPD or RPD

We can apply row level security in OBIEE by 2 ways.
1. by Creating Initialize Block in RPD
2. or Applying VPD in Database, which restricts source tables
Which one is more efficient and why?
Thanks,
Sunil Jena

you will have some degree of performance degradation with either approach since you are adding additional filters so I would not use that as the main factor to decide. You need to assess your actual requirements. What is the basis by which you are planning on doing the security. Is LDAP the main basis for the security? Do you plan to use certain roles? if your security is more based on roles at the application level, then it may be easier to define at the Application level (OBIEE)...if its just based on a certain user ID for a set of tables, then perhaps VPD can work. If helpful, pls mark.

Implement row-level security using Oracleu2019s Virtual Private Databases (VPD)

Environment: Business Objects XI R2; Oracle 10g
Functional Requirement:
Implement row-level security using Oracleu2019s Virtual Private Databases (VPD) technology. The restriction is that the Business Objects Universe connection should use a generic/u201Capplicationu201D database user account. This will allow the organization to avoid the situation where the Business Objects password and the Oracle password need to be kept in synch.
What do we need from the Business Objects support team?
1.     Review the 2 attempted solutions that we have tried to implement
2.     Propose solutions/answers to open questions for each of the attempted solutions
3.     Propose any alternate solution that will help us implement the Function Requirement stated above
Attempted Solution 1: Connection String uses Oracle Proxy User
The connection string that is specified in the Universe is the following:
app_user[end_user]/app_user_pwdarrobaDatabase.WORLD
app_user = generic application user
end_user = the oracle account of the end user which is set using arrobaVariable('BOUSER') app_user_pwd = password of the generic application user
We have tried and implemented this in our test environment. However, we have some questions and concerns around how the connections are reused in a connection pool environment.
Open Question for Solution 1:
i. What happens when multiple proxy users try to connect on at the same time? Business Objects shares the generic app_user connect string. However, every user that logs on will have their own unique proxy user credentials. Will there be any contention involved? If so, what kind of errors can we expect?
ii. If a user logs on using his credentials (proxy user), and business objects opens up a connection to the database using that user's credentials (as the proxy user but logging in through the generic app user). Then the user exits out --> based on our test today, it seems like the database connection remains open. In that case, if another user logs on similarly with their credentials, will business objects simply assign the first users connection to that second user? If so, then our security will not work. Is there a way that Business Objects can somehow ensure that everytime we close a report, the connection is also terminated both at the BO and DB levels?
iii. Our 3rd question is general high level -> How connection pooling works in general and how it is implemented in BO, i.e. how are new connections assigned, how are they recycled, how are they closed, etc.
Attempted Solution 2: Using the ConnectInit parameter
Reading through a couple of the Business Objects documents, it states that u201CUsing the ConnectInit parameter it is possible to send commands to the database when opening the session which can be used to set database specific parameters used for optimization.u201D
Therefore, we tried to set the parameter in the Universe using several different options:
ConnectInit = BEGIN SYSTEM.prc_logon('arrobaVARIABLE('BOUSER')'); COMMIT; END; ConnectInit = BEGIN DBMS_SESSION.SET_IDENTIFIER('arrobaVariable('BOUSER')'); COMMIT; END;
Neither of the above iterations or any variation of that seemed to work. It seems that the variable is not being set or being u201Cexecutedu201D on the database.
One of the Business Objects documents had stated that Patch ID 38, 977, 350 must be installed in our BO environments. We have verified that this patch has been applied on our system.
Open Questions for Solution 2:
How do we get the parameter ConnectInit to work? i.e. what is the proper syntax to enter and what other things do we need to check to get this to work.
Note: Arroba word is being used instead of the symbol in order to avoid following error message:
We are sorry but your message can not be posted since you have included an email address. Please remove the email address and re-post.

the connectinit setting should look something like this:
declare a date; begin vpd_setup('@VARIABLE('BOUSER')'); Commit; end;
The vpd_setup procedure (in Oracle) should look like this:
CREATE OR REPLACE procedure vpd_setup (p_user varchar)IS
BEGIN
DBMS_SESSION.set_vpd( 'SESSION_VALUES', 'USERID', p_user );
END vpd_setup;
Then you can retrieve the value of the context variable in your vpd functions
and set the vpd.

Evaluate_Analytic function not working with VPD enabled

Experts,
One of the column formula has evaluate_analytic function in the report. The report works fine with no errors when Virtual Private Database is not checked in the Physical Layer's datasource object, but the same report fails with the below error message when VPD is checked.
Please share your thoughts on how to resolve the error. Your response is greatly appreciated.
This is the error message in the answers:
Odbc driver returned an error (SQLExecDirectW).
Error Details
Error Codes: OPR4ONWY:U9IM8TAC:OI2DL65P
State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 43113] Message returned from OBIS. [nQSError: 42015] Cannot function ship the following expression: Evaluate_Analytic( MIN(%1) OVER(PARTITION BY %2),([ D901.c3, D901.c4] )).Please have your System Administrator look at the log for more details on this error. (HY000)
This is in OBIEE 11.1.1.6 version. I haven't tested in old versions.
Regards,
Tom
Edited by: Tom Lype on Oct 1, 2012 2:17 PM

I found the solution myself. Hopefully it should help others.
If your fact table is within a data source object which has VPD enabled in the physical layer, all other tables(dimensions) mapped to it should be from a data source object which has VPD checked. I might be wrong but at least in my case after I copied over two tables from a data source (no VPD checked) into the new data source (VPD checked), my evaluate_analytic function is working with no errors. The parameters for the evaluate_analytic function are from those two tables.
Regards,
Tom

Using VPD in APEX

I need to use a VDP in APEX to restrict access to seeing some records. In other oracle apps I did with VPD, I did these steps:
1) Created a view (SP_TEACHER)
2) Created a function to dynamically set the predicte (where)
3) Created a policy
dbms_rls.add_policy(
object_schema => 'STARS3',
object_name => 'SP_TEACHER',
policy_name => 'SP_TEACHER_POLICY',
function_schema => 'STARS3',
policy_function => 'sp_teacher_predicate');
Is this the appropriate way to handle fine grained acess in APEX applications? I see there is a section in Shared Components - Security That has a VPD call sections

Hi Bob,
The VPD section in APEX is actually a different concept really, any code you place in the VPD section is executed for each page request.
I'm not trying to do a 'hard sell' here, but in my book (Pro Application Express) there is a whole section dedicated to data security (chapter 5) where I cover using the 'traditional VPD' functionality in the database with APEX.
John.
Blog: http://jes.blogs.shellprompt.net
Work: http://www.apex-evangelists.com
Author of Pro Application Express: http://tinyurl.com/3gu7cd
REWARDS: Please remember to mark helpful or correct posts on the forum, not just for my answers but for everyone!

Using VPD in combination with a user table?

I'm very new with VPD's. In fact, I don't know a thing about it yet (I know the philosophy behind it and the principle, but not the practical implementation). My question: Are VPD's always based on database-users? Our applications have a user-table now, where the access rights to applications are stored. Once a user is present in that table and has the necessary rights, he can login to the application. So we don't have an actual database-user for each "real-life" user, just an entry in a table.
Is it possible to use the system of VPD's (and maybe Oracle Label Security) with users stored in a table, instead of actual database users?

TomVD wrote:
My question: Are VPD's always based on database-users? No, they are not. You could for example put VPD policies on tables that restrict access after a certain time of the day (not caring which user attempts to access the data, using only SYSDATE and a given cut off access time).
TomVD wrote:
Is it possible to use the system of VPD's (and maybe Oracle Label Security) with users stored in a table, instead of actual database users?Yes you can.
VPD allows you to construct a predicate as you would like based on your requirements (you are basically appending a WHERE clause in to every query based on the logic you dictate on the objects and accesses you determine necessary).
Typically if you're running through a connection pool (as it sounds like you are) you would use an application context to set a specific value (the logging in user) and then validate that against your Users table in whatever fashion tickles your fancy
[Some Tutorials|http://www.google.ca/#hl=en&source=hp&q=oracle+vpd+tutorial&btnG=Google+Search&meta=&aq=0&oq=oracle+vpd+&fp=8e6c6930b7d53e73] may also be helpful
and of course .. [The Documentation|http://download.oracle.com/docs/cd/E11882_01/network.112/e10574/vpd.htm]

JAAS + VPD with BC4J problem

Following the instructions in http://otn.oracle.com/products/jdev/howtos/bc4j/bc4jvpdjaas.html, we set up an vpd+jazn-data.xml application according to which users see portions of the database.
In development with only one JAAS user created, this appeared to work properly.
In testing with several JAAS users created, we have discovered that the application username, as known to the Application Module, will drift in and out of sync with the setting in the database context. In other words
ApplicationModuleImpl.getUserPrincipalName()
remains correct, but
"select context_pkg.get_ctx_appuser from dual" in BC4J/JSP
varies.
Or, an example, one login as user1 sees user2's data, but not the data he is supposed to see.
Please help!!!!

Hi,
Is your client app a JSP? How do you start each session? Do you have settings on SessionCookie state? Could you create a small test case? A test case will greatly help me diagnose the problem. BTW, the application user context get set/reset only after new transaction since it is in afterConnect().
Thanks,
Yvonne

VPD: Problems calling a function on another schema

Here's the setup:
I've create a schema called "AllYourBase". It contains all of my tables, views, functions, procs, etc.
These tables are protected by a DBMS_RLS policy. The policy uses a function to define its predicate which looks like this:
create or replace function tous_filter(schemaName varchar2, tableName varchar2)
return varchar2 is
begin
return 'account = sys_context(''USERENV'', ''CLIENT_IDENTIFIER'')';
end;
All of the tables have an account column for this to work. So far, this is a pretty basic VPD setup.
I have other db users that login and view data in the "AllYourBase" schema.
So when "ArbyLong" logs in, I set sys_context('USERENV', 'CLIENT_IDENTIFIER') to "ArbyLong", and when he runs a query, he gets back his rows.
Now, "AllYourBase" has several functions. Here's a very contrived, simplified example of one (but it illustrates the issue I'm running into just fine):
create or replace function getUserID
return integer is retval integer;
begin
select user_id into retval from users;
return (retval);
end;
When "ArbyLong" runs the equivalent query (select user_id from users), he gets back the one row where the account column is equal to "ArbyLong", as expected.
But this getUserID function lives in the "AllYourBase" schema. And here's the catch: I've made "AllYourBase" exempt from the policies by running "grant exempt access policy to AllYourBase".
When "ArbyLong" runs the function getUserID, it runs in the "AllYourBase" schema and pulls ALL of the rows from the users table.
This particular function simply errors out (since it's only expecting one row), but other functions are returning data that the logged in user shouldn't see.
So even though there are policies in place, by calling a function on another schema who is exempt from the policies, a user is able to see all returned data and not just the rows they are normally limited to.
Ultimately my question is this: Is there a way to enforce VPD policies when a user calls a function that lives in another schema?
Doing my own research, the answers I've come up with are:
* Don't use "grant exempt policy"!
* Put the function directly into the users' schemas. So "ArbyLong" would have his own getUserID function that would look at the "AllYourBase" users table.
I'd rather not do either of these, so does anyone have any other ideas? If it turns out these are the only solutions, then I'll go with one of them.
Thanks!

Need more info. Are you using a ViewStack or other navigator container, and trying to access a view that has not been displayed yet, due to deferred instantiation?
If this post answers your question or helps, please mark it as such.
Greg Lafrance - Flex 2 and 3 ACE certified
www.ChikaraDev.com
Flex Training and Support Services

Support for VPD Policies in SQL Developer?

I've searched the GUI, the help and the google (TM). Is there support for VPD Policies in Oracle SQL Developer. Examples of things would be to enable and disable them, create new ones, etc.

Not as such, but you can always manage them through worksheet statements.
You can request this at the SQL Developer Exchange though, so other users can vote and add weight for possible future implementation.
Regards,
K.

Help on VPD

Similar Messages

Maybe you are looking for