Description of the illustration dspolicy_emp.png

This illustration shows the Real Application Security Policy created on the Employees Table. There are three columns of boxes. To the left are two boxes. The upper box is labeled 'Security Classes' and contains within it a box labeled 'Privileges' of which there are two defined labeled 'SELECT' and 'VIEW SENSITIVE_INFO'. The lower box is labeled 'ACLs' and contains within it the ACL named HR.HRACL of which there are two ACLs defined labeled 'Grant SELECT to Employee_Role' and 'Grant SELECT, VIEW_SENSITIVE_INFO to Manager_Role'. To the far right is a box labeled EMPLOYEES containing two columns (sub-boxes) labeled 'DEPARTMENT_ID' and 'SALARY'. In the center is a box labeled 'Data Security Policies', which contains one defined policy labeled ‘HR.EMPLOYEES_DS'. Also within this center box is a sub-box labeled 'Realm Constraints', which contains one data realm constraint labeled 'DEPARTMENT_ID in (60, 100)' and one column constraint labeled 'SALARY'. The relationships among the labeled items in these three boxes is shown as connecting lines and can best be described in the example that follows.