Access Denied: Real-World Use Cases for APEX and Real Application Security

Posted By: Brittany Butler Webinars,

Presented by: Jim Czuprynski, Zero Defect Computing

Limiting users’ access to data is still a thorny issue in many Oracle shops. How do we insure only the right people view – much less change! – only the data they’re allowed to? We’ll show you how we solved those issues for a large government agency with hundreds of external users via Real Application Security (RAS), whether they’re using APEX applications or direct-access tools like SQLcl.

Many Oracle shops still rely on cumbersome solutions like complex views, subsets of data housed within materialized views, or outmoded Virtual Private Database (VPD) security features to limit end-user access to the data they’re permitted to view or change. However, there’s a better way: Real Application Security (RAS).

Introduced in Oracle 12cR1, RAS insures that an end user can only see or change the data they’re allowed to, whether they connect to the database via Application Express (APEX) applications or directly via standard Oracle tools like SQL Developer, SQL*Plus, or SQLcl.

Through our real-world experience – a complex implementation for a large federal fisheries agency with hundreds of end users, each governed by tricky rules for their access rights – we’ll show you how to:

  • Deploy RAS security policies to limit end-user access while viewing or modifying sensitive data
  • Differentiate users connecting indirectly via APEX applications, or directly via SQLcl or SQL Developer
  • Configure the RASADM APEX application to monitor and maintain RAS security features