VPD(Virtual Private Database)

VPD可以直接在表，视图和同义词上实施安全策略，提供行或列级别的安全性

VPD可应用于SELECT, INSERT, UPDATE, INDEX和DELETE命令

VPD是在SQL访问受VPD保护的对象时，SQL被动态地修改加入限制where条件

1. 创建用户并授权

conn sys/oracle as sysdba

grant create session to adams identified by john7;

grant create session to burlington identified by newj2;

grant create session to practice identified by practice;

grant resource to practice;

grant create any context, create public synonym to practice;

grant create any procedure to practice;

grant unlimited tablespace to practice;

grant execute on dbms_rls to practice;

connect practice/practice

create table stock_account(account number(10), account_longname varchar2(50));

insert into  stock_account values (1234,'ADAMS');

insert into  stock_account values (7777,'BURLINGTON');

create table stock_trx( account number(10), symbol varchar2(20), price number(6,2), quantity number(6), trx_flag varchar2(1));

insert into stock_trx values(1234,'ADSP',31.75, 100, 'b');

insert into stock_trx values(7777,'ADSP',31.50,300,'s');

insert into stock_trx values(1234,'ADSP',31.55, 100,'b');

insert into stock_trx values(7777,'OCKS',21.75, 1000, 'b');

commit;

1. 创建应用上下文

connect practice/practice

create context practice using practice.context_package;

create or replace package context_package as

  procedure set_context;

end;

/

create or replace package body context_package is

  procedure set_context is

    v_user varchar2(30);

    v_id number;

  begin

    dbms_session.set_context('PRACTICE','SETUP','TRUE');

    v_user := sys_context('USERENV','SESSION_USER');

    begin

      select account into v_id from