Home Discussions Questions & Answers Securing sensitive data with Oracle VPD – Technical deep dive

Securing sensitive data with Oracle VPD – Technical deep dive

Avatar photoCustomer May 6, 2023 at 3:47 am

We understand that Blitz Report supports Oracle VPD for row and column-level security. Can you provide a detailed technical example of the *policy function* used in a highly restrictive scenario, such as limiting access to PII tables for anyone other than the core ‘APPS’ user?

Viewing 6 reply threads
  • Author
    Replies
    • Support May 8, 2023 at 2:43 am  

      Certainly. The implementation involves creating a PL/SQL policy function (for example, `xxen_vpd_per_phones_fnc`). This function executes dynamically at query time. Inside this function, you determine the running user’s context.

    • Avatar photoCustomer May 9, 2023 at 12:04 am  

      What is the critical piece of code that the function returns to restrict data access if the user is unauthorized?

    • Support May 9, 2023 at 3:41 pm  

      If the security logic determines the user is unauthorized (e.g., `l_user` is not equal to `’APPS’`), the function returns a restrictive predicate such as `’1=2’`. Oracle then dynamically appends this predicate to the user’s query, resulting in zero rows being returned for unauthorized users, effectively hiding all sensitive data.

    • Avatar photoCustomer May 11, 2023 at 12:55 am  

      If we implement this strict VPD policy on custom Blitz Report tables to restrict non-‘APPS’ developer access, is there a risk of breaking standard Oracle EBS application functionality?

    • Support May 11, 2023 at 10:03 pm  

      When implementing custom security, Oracle generally advises caution. However, implementing VPD policies specifically on Blitz Report tables to secure developer SQL access is generally considered safe, as it cannot affect the standard EBS application or accidentally hide operational data from it.

    • Avatar photoCustomer May 13, 2023 at 8:25 pm  

      We need this capability specifically because our technical team uses custom SQL through Blitz Report, which otherwise bypasses standard security views.

    • Support May 14, 2023 at 5:37 pm  

      By leveraging Blitz Report’s compatibility with this standard Oracle functionality, you achieve the necessary data governance. It allows consultants to drop their queries directly into Blitz Report , knowing that the VPD mechanism enforces row and column-level control over sensitive data fields.

  • Author
    Replies
Viewing 6 reply threads
  • You must be logged in to reply to this post.

Login with:
Popular Posts
How to track master data changes using Oracle EBS Audit function and Blitz Report™ 123803

Oracle Enterprise Command Center Framework Release 12.2 installation and integration with Oracle EBS 12.2.8 19939

Oracle Discoverer replacement – importing worksheets into Blitz Report™ 14674

How to check if a patch is applied in Oracle EBS 12.2 14435

Oracle Discoverer 11.1.1.7 installation and integration with Oracle EBS R12.1.3 14122

Oracle E-Business Suite 12.2.8 upgrade to version 12.2.9 11998

Oracle E-Business Suite 12.2.7 upgrade to version 12.2.8 9944

Migration to Java Web Start in Oracle EBS 12.2 instance 9937

Securing sensitive data with Oracle VPD 7863

EBS 12.1.3 BI Publisher Excel templates generate XLS instead of XLSX and limit row number to 65,536 6486

Blog Archive
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
Recent Events
2026
2025
2024
2023
2022
2021
2020
2019
2018