Embedded Files
Oracle Real Application Security
This is a built-in Enterprise Edition feature (no additional license required) introduced in Oracle 12cOverview
Overview
RAS implements virtual users who connect as XS$NULL with individual passwords and a manipulated view of the target schema objects (including data redaction without the need for an Advanced Security license and pruning of rows, similar to VPD)...
SELECT SYS_CONTEXT('userenv','current_user') FROM dual;
XS$NULL
SELECT SYS_CONTEXT('userenv','current_schema') FROM dual;
SCHEMA_USER
SELECT SYS_CONTEXT('userenv','authenticated_identity') FROM dual;
VIRTUAL_USER
Setup
Setup
Create RAS Administrator
Create RAS Administrator
GRANT dba, xs_session_admin TO &RAS_ADMIN;
Create DB Role with permissions on Target Schema
Create DB Role with permissions on Target Schema
CREATE ROLE &target_role;
GRANT ALL ON &target_object TO &target_role;
Create RAS Users and Roles
Create RAS Users and Roles
exec xs_principal.create_role(name => '&low_priv', enabled => true);
exec xs_principal.create_role(name => '&mid_priv', enabled => true);
exec xs_principal.create_role(name => '&top_priv', enabled => true);
GRANT &target_role TO &low_priv,&mid_priv,&top_priv;
exec xs_principal.create_user(name => '&low_user', schema => '&target_schema');
Create RAS Access Control Entities
Create RAS Access Control Entities
Create masking and filtering realm policies
Create masking and filtering realm policies
Associate Policies with Tables
Associate Policies with Tables
Page updated
Google Sites
Report abuse