Fine-tune VPD to your liking in Oracle Database 10g

Oracle Database 10g offers some useful enhancements to VPD, enabling more fine-grained security and better performance optimization:

• Balance performance and flexibility requirements. Oracle has extended the concept of dynamic vs. static policies in VPD, and has made it easier for you to set these. You can set up static policies (rules in effect all the time that are cached in the SGA) and dynamic policies that are enforced for each query. Static policies give better performance, but dynamic policies let you schedule rules to be in effect only at certain times of the day if you want. Context_sensitive policies represent a middle ground, in which caching may occur for a given user, but where policy is enforced again at execution for users with different permissions.
• Improve performance with parallel query. You can make use of VPD in a parallel query by embedding sys_context in a function, and embedding that function in a parallel query. This can lead to improved performance and scalability, especially in data warehouse environments.
• Enable VPD at the column level. You can now use VPD in a more fine-grained way, by triggering certain rules when a query references a certain column. For instance, if a query specifies a particular column, VPD may remove certain sensitive rows from the results. Column-level VPD also supports column masking, where Oracle returns NULL for protected columns but still returns all rows.
• Work with different versions of the data in the same table. Workspace Manager, which lets you work with different versions of the data simultaneously (such as for “what if” analyses), now supports VPD.
• Easily call on VPD from your application code. The latest version of ODP.NET lets you set the Client Identifier in your connection string to facilitate use of VPD.