Which two statements are true about the working of fine-grained access?

Which two statements are true about the working of fine-grained access? (Choose two.)

Which two statements are true about the working of fine-grained access? (Choose two.)

A.
Security policies can be associated only with tables, but not with views.

B.
Different policies can be used for SELECT, INSERT, UPDATE, and DELETE statements.

C.
User statements are dynamically modified by the Oracle server through a security policy
function.

D.
Fine-grained access control policies always remain in effect until they are dropped from a table
or view.

Show Hint

Leave a Reply 6

Your email address will not be published. Required fields are marked *

morriarti

morriarti

http://docs.oracle.com/cd/B19306_01/network.102/b14266/accessre.htm#DBSEG324
“Fine-grained access control enables you to use functions to implement security policies and to associate those security policies with tables, views, or synonyms.” So it is not A.
“Limit access at the row level by using different policies for SELECT, INSERT, UPDATE, and DELETE.” So B is correct option.
“A dynamic predicate for a table, view, or synonym is generated by a PL/SQL function, which you write and associate with a security policy through a PL/SQL interface. Dynamic predicates are acquired at statement parse time, when the base table or view is referenced in a query using SELECT or a DML statement.” C is correct to
http://docs.oracle.com/cd/B28359_01/appdev.111/b28419/d_rls.htm#i1002506
The DBMS_RLS package contains the fine-grained access control administrative interface and allows to disable policies without droping them.

Reply

PIERO

PIERO

OPS. useful comments written by moriarti.. thanks
so policies can be disabled, not dropped.. (wrong answer D)
and
you can use different policies for all dml and not only select…
so B is correct…
rewind….
B ,C

Reply

PIERO

PIERO

hy
about answer D……(is it really wrong ? )

i’d like suggest about this link

http://docs.oracle.com/cd/E11882_01/appdev.112/e40758/d_rls.htm#ARPLS052

exec DBMS_RLS.ADD_POLICY ( ‘hr’, ’employees’, ’emp_policy’, ‘hr’, ’emp_sec’, ‘select’);

Note:
The transient view can preserve the updatability of the parent object
because it is derived from a single table or view with predicate only;
that is, no JOIN, ORDER BY, GROUP BY, and so on.
DBMS_RLS also provides the interface to drop or enable security policies.
For example, you can drop or enable the EMP_POLICY with the following PL/SQL statements:

DBMS_RLS.DROP_POLICY(‘hr’, ’employees’, ’emp_policy’);
DBMS_RLS.ENABLE_POLICY(‘hr’, ’employees’, ’emp_policy’, TRUE);
Security Model

so .. it seems there is not disable policy, but drop policy……
but may be…(( NOT dropped from a table or a view ??? ))

please, comments answer D…… thenks

Reply

gelete

gelete

B,C

11g

B.
Configuring an Oracle Virtual Private Database Policy
Attaching a Policy to a Database Table, View, or Synonym

To attach a policy to a table, view, or synonym, you use the DBMS_RLS.ADD_POLICY procedure.
You must specify the table, view, or synonym to which you are adding a policy, and a name for the policy.
You can also specify other information, such as the types of statements the policy controls
(SELECT, INSERT, UPDATE, DELETE, CREATE INDEX, or ALTER INDEX).

Example 7-2 Specifying SQL Statement Types with DBMS_RLS.ADD_POLICY
BEGIN
DBMS_RLS.ADD_POLICY(
object_schema => ‘hr’,
object_name => ’employees’,
policy_name => ‘secure_update’,
policy_function => ‘check_updates’,
statement_types => ‘SELECT,INDEX’);
END;
/

C.
What Is Oracle Virtual Private Database?

When a user directly or indirectly accesses a table, view, or synonym that is protected with an
Oracle Virtual Private Database policy, Oracle Database dynamically modifies the SQL statement
of the user. This modification creates a WHERE condition (called a predicate) returned by a function
implementing the security policy.

Components of an Oracle Virtual Private Database Policy
Creating a Function to Generate the Dynamic WHERE Clause

To generate the dynamic WHERE clause (predicate), you must create a function (not a procedure)
that defines the restrictions that you want to enforce.
You create the policy by using the DBMS_RLS package.

http://docs.oracle.com/cd/B28359_01/network.111/b28531/vpd.htm#i1009600

10g

B.
Data Security Policy
Your data security policy determines which users have access to a specific schema object,
and the specific types of actions allowed for each user on the object.
For example, the policy could establish that user scott can issue SELECT and INSERT
statements but not DELETE statements using the emp table.

C.
Data Security Policy
Fine-grained access control is a feature of Oracle Database that enables you to implement
security policies with functions, and to associate those security policies with tables or views.
In effect, the security policy function generates a WHERE condition that is appended to relevant
SQL statements, thereby restricting user access to rows of data in the table or view.

docs.oracle.com/cd/B19306_01/network.102/b14266/policies.htm#i1007332

Reply