JL Computer Consultancy

An introduction to Row Level Security

Sept 2003

The attached documents are in Word 97 format, with sizes of 36KB and 42KB respectively.

The content is a pair of articles first published on www.dbazine.com  some time in September 2003. The articles describe some of the details of how Row Level Security (also known as Fine-grained Access Control, and Virtual Private Database works) as well as pointing out that for some systems, the full-blown implementation of RLS (FGAC, VPD) may be unnecessarily complex. Given the warning in the second article about the performance issues in 9.2, a restricted implementation may be a very good idea.

Originally I intended to write a third article about Label Security – Oracle’s “built-in” offering to replace the old ‘Secure Oracle’ option – as this is largely the application of the key features of RLS. However, as I started to build demonstrations of how it worked and the side-effects, I realized that it would take too long to produce a document containing the usual level of analysis and care that I like to offer – so I stopped.  (If ever I get a few free days, or someone wants me to help them sort out their label security, I may get back to article).

Download article 1

Download article 2

Back to Main Index of Topics