Home Discussions Questions & Answers Securing sensitive data with Oracle VPD

Securing sensitive data with Oracle VPD

Avatar photoCustomer February 2, 2020 at 12:09 pm

We need to allow developers and support staff SQL access for report development via Blitz Report, but restrict their visibility into highly sensitive PII data fields. How can Oracle VPD be effectively implemented alongside Blitz Report to enforce row and column-level security?

Viewing 4 reply threads
  • Author
    Replies
    • Support February 3, 2020 at 4:01 am  

      Blitz Report is designed to work securely within the EBS infrastructure, specifically allowing control over table access using standard Oracle Virtual Private Database (VPD) security policies at both the row and column level. The first step is creating a policy function that dictates data visibility dynamically at query time.

    • Avatar photoCustomer February 5, 2020 at 2:53 am  

      Can you provide a technical example of how the policy function limits visibility based on the user executing the report?

    • Support February 5, 2020 at 9:49 pm  

      Certainly. A typical implementation involves creating a PL/SQL policy function (e.g., `xxen_vpd_per_phones_fnc`) that dynamically returns a predicate. For instance, to restrict all non-‘APPS’ users, the function checks the user and returns the predicate `’1=2’` if `l_user != ‘APPS’`, effectively hiding all rows from unauthorized individuals.

    • Avatar photoCustomer February 6, 2020 at 4:10 pm  

      I recall Oracle sometimes cautions against custom VPD. Is implementing a VPD policy on Blitz Report tables considered supported or safe?

    • Support February 8, 2020 at 6:03 pm  

      While Oracle generally plays it safe by stating they do not support custom VPD policies that affect standard EBS application functionality (which could cause data corruption or errors), implementing policies specifically on Blitz Report tables for securing developer SQL access is generally considered safe, as it cannot affect the standard EBS application or hide operational data from it.

  • Author
    Replies
Viewing 4 reply threads
  • You must be logged in to reply to this post.

Login with:
Popular Posts
How to track master data changes using Oracle EBS Audit function and Blitz Report™ 123744

Oracle Enterprise Command Center Framework Release 12.2 installation and integration with Oracle EBS 12.2.8 19789

Oracle Discoverer replacement – importing worksheets into Blitz Report™ 14609

How to check if a patch is applied in Oracle EBS 12.2 14383

Oracle Discoverer 11.1.1.7 installation and integration with Oracle EBS R12.1.3 14071

Oracle E-Business Suite 12.2.8 upgrade to version 12.2.9 11963

Oracle E-Business Suite 12.2.7 upgrade to version 12.2.8 9897

Migration to Java Web Start in Oracle EBS 12.2 instance 9890

Securing sensitive data with Oracle VPD 7793

EBS 12.1.3 BI Publisher Excel templates generate XLS instead of XLSX and limit row number to 65,536 6446

Blog Archive
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
Recent Events
2026
2025
2024
2023
2022
2021
2020
2019
2018