joungmin/vpd-permission-poc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
68d53dc5a916d93a412fdf61cc3aa6f58fefbdeb
vpd-permission-poc/sql/adb/05_views.sql
devmrko 68d53dc5a9 Initial commit — VPD Permission POC (clone-and-go) 
ADB-centered row-level access control across heterogeneous DB sources
(AWS RDS Postgres + MySQL) using Oracle VPD + Data Redaction +
Secure Application Context, packaged as a one-click demo.

Mechanism:
- LOGON trigger calls ctx_pkg.init once per session to load the user's
  allowed regions from the permission mapping tables into a Secure App
  Context (VPD_CTX, USING ctx_pkg).
- VPD policy function vpd_region_filter reads SYS_CONTEXT and returns
  an IN-list predicate (or '1=0' for fail-closed, NULL for '*'),
  which Oracle injects into every SELECT on the protected views.
- Data Redaction reuses the same context to mask PII (email, full_name)
  when the allowed-regions value is not '*'.
- 5 documented bypass attempts (direct DB link SELECT, SET_CONTEXT
  spoof, DBMS_RLS drop, mapping table SELECT) all blocked by GRANT
  scoping + DEFINER rights on ctx_pkg.

One-click entrypoint:
- ./run.sh {prereq|source|adb|tests|audit|all|teardown}
- Source DDL (Postgres + MySQL customers + 12-row seed each) is
  applied via local psql/mysql; ADB-side setup via sqlplus with .env
  values injected as SQL*Plus DEFINE substitutions.

Verified E2E on ADB 26ai + AWS RDS PG + RDS MySQL (mysql_community
gateway) on 2026-05-26: VPDUSER_A sees only APAC rows (PG 2 / MySQL 6,
PII masked), VPDUSER_B sees all (PG 12 / MySQL 17, PII unmasked).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-05-26 14:03:32 +09:00

32 lines
1.2 KiB
SQL
Raw Blame History

-- ============================================================
-- 04_views.sql
-- Local views over the remote (heterogeneous) DB-linked tables.
-- End-users will be granted SELECT on these views only.
-- The raw @dblink references stay inside ADMIN, invisible to users.
-- ============================================================
SET ECHO OFF
SET FEEDBACK ON
PROMPT === Creating v_customers_pg (Postgres) ===
-- Postgres is case-sensitive: schema, table, and column names must be quoted.
CREATE OR REPLACE VIEW v_customers_pg AS
SELECT "customer_id" AS customer_id,
"full_name" AS full_name,
"email" AS email,
"signup_date" AS signup_date,
"region" AS region
FROM "public"."customers"@RDS_POSTGRES_LINK;
PROMPT === Creating v_customers_my (MySQL) ===
-- MySQL via Oracle gateway: schema/table need quoting (lowercase preserved).
CREATE OR REPLACE VIEW v_customers_my AS
SELECT "customer_id" AS customer_id,
"full_name" AS full_name,
"email" AS email,
"signup_date" AS signup_date,
"region" AS region
FROM "ecommerce_poc"."customers"@RDS_LINK;
PROMPT === Views created ===
EXIT;
Reference in New Issue View Git Blame Copy Permalink