What restrictions apply to VPD functions for column masking?

I want to understand the restrictions that apply to VPD functions when used for column masking, compared with their use for Row-Level Security.
According to the Oracle Database Security Guide (11g Release 1)
Column-masking conditions generated by the policy function must be simple Boolean expressions, unlike regular Oracle Virtual Private Database predicates.
I have long understood the above as implying that column-masking conditions should not contain sub-queries (i.e. inner selects).
However, we tested using a condition with a select inside another select (2-level nesting) and yet it worked. We were on 11g Release 2, by the way.
So, I wonder, does anyone have experience with using sub-queries in column-masking conditions? Or, alternatively, does anyone have more information on what Oracle means with "regular VPD predicates" and "simple Boolean expressions" (of course, in the context of VPD)?
Thanks,
Pablo

Thanks Harm,
that was very useful.
According to the grammar of CASE expressions, <predicate> is generated by the non-terminal "condition". This is the same non-terminal used for WHERE clauses in SELECT statements, and thus <predicate> can contain any number of nested SELECTs.
Cheers,
Pablo

Similar Messages

  • Using VPD for Column Masking

    Hi ,
    Arup nanda demostrate [http://www.oracle.com/technology/pub/articles/10gdba/week14_10gdba.html]
    how to use Column Masking using VPD.
    I would like to use TDE+VPD for PCI DSS requirements.
    In order to protect the data from been stolen i am going to use TDE.
    Regarding the VPD , i need to allow few user to see the entire credir card number , and for some user to see just
    the last 4 digits of the credit card.
    As far as i understood from the link above , all i can do is to mask column valus to null value.
    I thought using dbms_crypto , but Tom Kyte suggested hir
    [http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:1631574900346651898]
    not to do it.
    My question is if it somehow possible to see just the last 4 digit using VPD.
    Thanks

    No you can't, Column level VPD is not ment to give a masking solution, I have filled a request to oracle to enhance VPD to support this feature, I didn't get any answer for it.
    You will have to find a nother way, VPD is not it.
    I suggest you to add another column to your tables that holds the credit card number, the new column will hold the masked value of the credit card - write PL/SQL function to do it, and update the table, then use simple views to control what data each user will see.
    Oded
    [www.dbsnaps.com]
    [www.orbiumsoftware.com]

  • Formatting function for columns which store japanese characters

    I have a table which stores names in all languages.I have a SQL Report.When the names are in English the formatting is good.But when the names are in Japanese.The formatting is going wrong.
    A part of SQL report is as follows
    COLUMN emp_name formata20
    COLUMN mgr_name formata20
    select emp_name,mgr_name
    from employee;
    The data in the columns are coming in ZigZag fashions.I tried using ltrim and rtrim but had no impact.Are there any functions which would help in formatting the query.I need this very urgently.
    Thanks in advance

    Change your environment variable 'nls_lang' appropriately to reflect the language.
    For example on my computer, this variable has the value
    American_America.WE8ISO8859P1
    Typically NLS_LANG environment variable is of type:
    language_territory.charset
    If you are using Japanese character set, you could specify the environment variable as:
    JAPANESE_JAPAN.JA16EUC
    Please go through Oracle's Globalization Support Guide for additional information.

  • Need to disable the clearing of browsing history and what is the "about:config" function for it?

    I am working on an Group Policy Administrative template for Wetdog.exe, and it's awesome by the way. Just want to know what function to use (listed in "about:config" url) so i can turn this feature off entirely.
    I don't want my users deleting browsing history, or have any ability to view it either.
    Still, i want the browser to keep at least 30 days of history.
    This is EASILY accomplished in Internet Explorer via GPO, but not so much in Mozilla with wetdog.exe and it's admin templates. I am using Windows Server 2003 enterprise edition R2 on 2 domain controllers, and Windows XP Professional SP3 client workstations with Mozilla 3.6.3 and the latest version of Wetdog.exe and it's admin templates.
    Any help would be much appreciated!!!
    == This happened ==
    Every time Firefox opened
    == My boss decided that we need to keep browsing history locked out of our existing 700+ workstations ==
    == Troubleshooting information ==
    just need to disable the "history" button, the "tools\clear recent history" button, and "tools\options\privacy tab\history"

    It can be annoying, but I think their motivation is good.  They are trying to make things better for their customers and I think they have, even though sometimes it is annoying.  I think it would be nice if they would advise us when the pages are going to be down for maintenance,  In the mean time, you could have another E mail account so you can always get access to your E mail.

  • Function for column validation in SQl Loader control file.

    Hello Gurus,
    We have an requirement to create a function to validate all date and number columns in control file, and return 0/1 accordingly to valid_column which is last column . I have developed the function which accepts the number and date type columns as parameter and return Y/N. My question is, is there any way so that the function could be created without passing any parameter to it?
    If yes, then how to call the function in control file?
    I have been searching since a while on Google to find out any solution but could find out.
    Using Oracle 11g Enterprise Edition Release 11.2.0.1.0
    Thanks!
    Edited by: Sush on Jul 5, 2012 2:23 AM
    Edited by: Sush on Jul 5, 2012 4:16 AM
    Edited by: Sush on Jul 5, 2012 7:28 AM

    Hi Srini,
    I have gone through this document and i couldn’t find out any solution. That’s why i was seeking help from you Gurus.
    Thanks for your help, i think i have learnt few new things abt SQL Loader by studying this document :)
    Thanks!

  • What's the fastest C function for writing binary data to disk?

    I'm acquiring data at high speeds across multiple boards and I'm having a hard time writing the data to disk fast enough to keep up. I'm programming in C in Visual Studios and I'm currently using fwrite. I have a similar system set up in LabView and my C code can't perform as well. Is there a better or faster way to write to disk in C?

    Some speculated a few years ago that there would be
    no reason to use Fortran too. :)Are you saying there's a reason to use Fortran? Help me lord!
    Anyway, they were right! The industry may be stalling, but the vision is not. The economy and many other factors are to blame for why we haven't been able to break out of the computing paradigm we're stuck in. It's like the automobile, it hasn't changed in a century. Why? $$$
    Oh, people said we'd have flying cars by now, where are they? Well we do have them! But we're too busy spending that 400 billion a year on war instead of evolving as a species.
    Anyway, when we take the next step and have true distributed computing with multi-core processors everywhere, Java will run, Java will scale, and Java will outperform ANYTHING available.
    And speaking of game programming, the PS3 developers are having a hell of a time doing the 3 CPUs. Why? Because all they've ever done is single & double processor systems. It's time to think out of the box. When a game console hits the market with 512 CPU cores, do you REALLY think C/C++ will run on that? But, Java was designed for it.
    Java = the future
    C++ = the past

  • Column masking row level security in Peoplesoft Databases

    Hi
    How about the credibility of using VPD( for column masking,row level security) in People soft Databases?where the sensitive data is redundant across 100's of tables.
    My intention is to use the VPD across all the tables that contain the sensitive data ( ssn,bank accno, etc)
    Appreciate your help.
    Chelli

    Hi.
    I also have a trouble like yours,but mine is more simple.
    I'd tried to solve,and find that it's really hard and must lost a lot of time to solve,because some table have 2,3 or more derive information that to use VPD is not easy.
    Can i ask for any aspect to solve problem like this.
    Thanks for any answer and support.
    Thinhbk.

  • How to apply time series function on physical columns in OBIEE RPD

    Hi,
    I know a way to apply time series function(Ago and ToDate) by using existing logical columns as the source. I have set the chronological key and created time dimension. In the expressiion builder for the same Time Dimension appears at the Top so that we can use its level.
    But I couldn't apply a time series function when i have to create a logical column using physical columns. In the expression builder for the same, Time dimension does not appear in the list. Neither can i use any column from the time dimension. Please let me know a way to do it.
    Thanks.

    Time series functions are - by design and purpose - only valid for derived logical columns and not useable inside physical mappings.
    If you want / need to do it on a physical level, then abandon the time series functions and do it the old-school way with multiple LTS instances.

  • What is the need of creating partner functions for sales document type.

    Hi SAP (SD-GURUS),
    Actually we create partner functions  before creating customer ex: sold to party, ship to party, bill to party, and payer.
    These partner functions are going to be copied into sales order while processing sales order.
    Again what is the need of creating partner functions for sales document type.
    Thanks&Regards
    sreenivas peruru

    There are some Partners you could enter at Sales ORder Level. E.g. Sales Person, Employee Responsible, Forwarding Agent, Broker, etc.
    Thus these partner Determination need to be carried out at Sales Order Level & not at Customer Master level.
    So we have to configure partner Determination for various levels e.g. Customer Master, Sales Order, Delivery level etc...
    Hope this helps...
    THanks,
    Jignesh Mehta

  • What is the values and meaning for parameter TCLAS in functions

    what is the values and meaning for parameter TCLAS in functions like
    HR_INFOTYPE_OPERATION
    regards
    jan

    Hi Jan,
    Good Morning,
    In TCLAS,
    A, B , T will be there.
    A- Master data and time data.
    B- Applicant data.
    T- Shift Schedule.
    So, here we can say the default value will be integrated according to the above ABT.
    Means in the feature ABKRS, if you give the default values for all the three, your payroll area will appear in Master Data and Time data. And in recruitment ( Appicant data ) and work schedules. Means you are getting ingrated to all the three.
    And you can observe the feature PINCH also.
    If you dont want to get integrate with Master data, then dont give the default value under the A- Master date and Time data. And if you want to get integrate with Recruitment , then give the default value under B.
    I think u got the clear idea about TCLAS.
    Dont forget to give the points
    Thanks in Advance
    Cheers
    Vijai

  • F-4 Key on Windows 8.0 what is this function for?

    I accidentally pushed F-4 Key by itself, and my screen was wider and something pop up on the right side of my screen that had 4 choices of ???  My question is what is this function for??  And after I push it again it went back to normal.  I would also like to know what the other functions are for on top row F-1 to F-12 and yes I am a new user to this laptop from HP.  I know there is also windows + keys commands and I am interested in knowing more about what goes on with my pc.  F-3 has a icon that looks like a light, and yes I have a lot to learn,  Thanks in advance for anyone who wishes to give me help on these matters.

    Hi,
    On the top of F4 key, you should see a screen symbol and normally (w/o preesing F4) this will output to an external monitor. For Fn+F4, please read the following article:
        http://h10025.www1.hp.com/ewfrf/wc/document?cc=us&lc=en&docname=c00294488
    What is your machine ? Depeinding on the model/product of your machine, some keys my line up a bit difference but you can see symbol on each key and work this out. For example F2 and F3 are for brightness, F5 for backlit keyboard (not all machines). F6 to F11 for sound/video and F12 for wireless. On your machine, some keys may be swapping around but basically they all have one symbol each.
    Regards.
    BH
    **Click the KUDOS thumb up on the left to say 'Thanks'**
    Make it easier for other people to find solutions by marking a Reply 'Accept as Solution' if it solves your problem.

  • What happened to the soft proof function for printing???

    What happened to the soft proof function for printing???

    Edward Sozinho wrote:
    Thanks Jim.  It's no longer located there.  I miss spoke I'm running Lightroom CC now.
    Then you must not be seeing the toolbar. Press the letter T to display the toolbar. I'm using Lightroom CC.

  • What is the programmed Logarithm or any other function for arc segment tool options in illustrator ?

    Hello Dears ,
    If you please, i need to know the basic function which the arc segment tool options programmed and used in this ARC TOOLS AS IT IN PHOTO:
    I THINK THAT IS Logarithm FUNCTION SO I NED HELP IF ANY HAVE ANY IDEA AND EXPLANATION
    THANKS 

    Thank you very Mr. Mylenium
    because i have not enough knowledge in mathematics , i was think that is options have Logarithm function ,for example 
    1= cartesian coordinate quadrants
    2+3= Describe Interval Type of the subset of real numbers represented by X and Y Axis
    4= the direction of the curve or indpentent and dpentet varibles  X or Y
    5= THE RADIUS FOR THE CURVE
    SORRY FOR THIS SUPPOSED IF THAT WRONG
         ANY WAY IF YOU PLEASE MAY YOU TELL ME HOW I CAN APPLY THIS Bezier formula IN AUTOCAD 2014 COS I NEED TO USE IT THERE .
    FINALLY THANK YOU VERY VERY MUCH

  • What is the inbuilt function for ctrl+f11 and f11?

    what is the inbuilt function for ctrl+f11 and f11?

    Forms version?
    If 11g then see the fmrpcweb.res file in %ORACLE_INSTANCE%config\FormsComponent\forms folder.
    If you ask questions with inadequate inputs like this one, you are bound to end up with
    >
    Handle:      shravan
    Status Level:      Newbie
    Registered:      Sep 20, 2011
    Total Posts:      16
    <b>Total Questions:      10 (10 unresolved) </b>
    >
    Cheers,

  • Hello, what is the mail of apple for applying for financial credit?

    hello, what is the mail of apple for applying for financial credit?

    The application process will be detailed on the web site for the online Apple Store in your country. If you'll tell us what country you're in, we can probably give you a link to the relevant information, assuming Apple offers financing in your country (they do not in all countries). If there is no online Apple Store, you'll have to apply for financing through an authorized Apple Dealer or your own bank.
    Regards.

Maybe you are looking for