Hello,
I am currently struggling with the fact that VPD policies run into circularity (ORA-28108) when predicates use subqueries including other - also protected - tables (or even the same database table than the protected table).
Why is this constraint necessary? From my point of view, subqueries used in VPD predicates should not recursively be subject to security enforcement. I believe that the administrator setting up policies should be allowed to use the full, unrestricted content of all database tables to be able to express powerful security policies.
Are there any internal technical limitations to the VPD engine? I mean, it can't be too hard to stop VPD from recursively applying security policies to subqueries emerging from VPD predicates?! Does anyone know if the described feature will be available in future Oracle versions?
Kind regards,
Gerhard