Description of the illustration dspolicy_master_detail.png

This illustration shows the Real Application Security data security policies created and applied to objects (master-detail related tables) CUSTOMERS - SALES - COUNTRIES. There are three columns of boxes. The left column contains three boxes arranged vertically. The topbox is labeled 'Security Classes' and contains the defined security class labeled SH.CUST_SEC_CLASS. Within this box is a sub-box labeled 'Privileges' containing two privileges labeled 'SELECT' and 'VIEW_SENSITIVE_INFO'. Below that is a box labeled 'ACLs' containing the four defined ACLs labeled '('View_Europe_sales' 'REGION' 'Europe')', '('View_Americas_sales' 'REGION' 'Americas')', '('View_Asias_sales' 'REGION' 'Asia')', and '('View_Afirca_sales' 'REGION' 'Africa')'. Below that is a box labeled 'Principals' with two sub-boxes. The left sub-box is labeled 'Roles' containing defined roles labeled 'Europe_sales', 'Americas_sales', Asia_sales, Africa_sales', and 'Business_Analyst'. The right sub-box is labeled 'Users (grantee)' containing defined users labeled 'Smith', James', Miller', 'Martin', and 'Turner'.

The right column contains three boxes arranged vertically. The top box has an outer label labeled 'Objects (Tables) Master' and an inner label labeled 'Customers' containing the column names labeled 'CUST_ID_PK', 'CUST_FIRST_NAME', 'CUST_INCOME_LEVEL', and 'CUST_CREDIT_LIMIT'. Below that is a sub-box with an outer label labeled 'Detail' and an inner label labeled 'SALES' containing the column names labeled 'CUST_ID_FK', 'PROD_ID', and 'QUANTITY_SOLD'. Below that is a sub-box with an outer label labeled 'Detail' and an inner label labeled 'COUNTRIES' containing the column names labeled 'COUNTRY_ID_PK', ''COUNTRY_REGION', and 'COUNTRY_NAME'.

The center column contains one large box labeled 'Data Security Policies' containing the two defined data security policies labeled 'SH.CUSTOMER_DS' and 'SH.SALES_DS'. Within it is a sub-box labeled 'Realm Constraints' containing two additional sub-boxes labeled 'Data Realm Constraints' and 'Column Constraints'. The Data Realm Constraints sub-box contains the defined data realm constraints labeled '('COUNTRY_ID in (SELECT COUNTRY_ID from SH.COUMTRIES' II 'where COUNTRY_REGION = &' II 'REGION)')' and 'parent object ->'CUSTOMERS'', primary_key -> 'CUST_ID'', and 'foreign_key -> 'CUST_ID''. The Column Constraints sub-box contains the two defined column constraints labeled 'CUST_INCOME_LEVEL' and 'CUST_CREDIT_LIMIT'. The relationships among the labeled items in these three columns of boxes is shown as connecting lines and can best be described in the example that follows. A brief description of this data security policy example precedes this illustration and a series of steps of how this master-detail data security policy is defined, follows this illustration.