Vidya Bala's Blog

Search My Blog

Add RSS Feed

Thursday, October 26, 2006

Is VPD a Realistic Solution for existing Production Applications with n tables??

With security becoming a pressing concern these days, Customers like to enforce multiple levels of security. When the question was put on the table to ; my obvious answer to the Customer and Application team was “the database allows for fine grained access control and we can enforce security using VPD policies at the database level”.

It was not until I started looking at the n(power n) tables in my Database that I started wondering ……….is VPD really going to be a realistic solution? VPD lets you create policy functions that returns the appropriate predicates to be applied to the tables. I have seen it work well for some small Applications where there is a definite set of predicates that are returned. In an Application with many many tables; I think it would be an exhaustive effort just to come up with a list of predicates that need to be applied to the tables……………..”Column Relevance”, is certainly a good feature with 10g but I still keep wondering how one would come up with the list of predicates for many tables linked by many keys and no single data coulumn available to filter data across all tables.


Post a Comment

<< Home