SYS is free of any security policy.
If no object_schema is specified, the current log-on user schema is assumed.
The policy functions which generate dynamic predicates are called by the server. Following is the interface for the function:
FUNCTION policy_function (object_schema IN VARCHAR2, object_name VARCHAR2) RETURN VARCHAR2 --- object_schema is the schema owning the table of view. --- object_name is the name of table, view, or synonym to which the policy applies.
If the function returns a zero length predicate, then it is interpreted as no restriction being applied to the current user for the policy.
Column-level VPD column masking behavior. (specified with sec_relevant_cols_opt => dbms_rls.ALL_ROWS) is fundamentally different from all other VPD policies, which return only a subset of rows. Instead the column masking behavior. returns all rows specified by the user's query, but the sensitive column values display as NULL. The restrictions for this option are as follows:
Only applies to SELECT statements
Unlike regular VPD predicates, the masking condition that is generated by the policy function must be a simple boolean expression.
If your application performs calculations, or does not expect NULL values, then you should use the default behavior. of column-level VPD, which is specified with the sec_relevant_cols parameter.
If you use UPDATE AS SELECT with this option, then only the values in the columns you are allowed to see will be updated.
This option may prevent some rows from displaying. For example:
select * from employees where salary = 10
This query may not return rows if the salary column returns a NULL value because the column masking option has been set.
来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/24104518/viewspace-713786/，如需转载，请注明出处，否则将追究法律责任。