Data security is designed to allow data visibiliy to be defined per user. This traditionally means each user needs either (a) a unique database log on or (b) the security logic is implemented in the application layer, not the database

This design uses new security features of Oracle 9i to allow us to still maintain a pool of connections to the database, but for a give connection allow the database to perform the data visiblity logic.

What is provided by Jaffa is the basic framework for doing data security. This includes the following

• A security class to plug into the JDBCEngine in the persistence layer
• An oracle package to provide the basic functionality in the database
• A policy generation pattern, that can from an XML based policy definition create all the required SQL to implement the policy.

The following three guides should help you understand the data security architecture is more detail.

• Configuring The Database

  This explains how the Oracle 9i data base must be configured with the various security scripts at different levels to support the implementation of the specific security policies.

• Writing and Generating A Policy

  This explains the structure of the XML policies, and how the correct SQL scripts can be generated from the policy descriptors using the pattern generator.

• Propagating Security Rules From the Business to the Data Tier

  The explains how the Jaffa JDBC Persistence Engine has a generic plug-in point for setting up the security rules in the Data Tier while allowing Database connections to be pooled. It covers how the default plug-in works, and how you can write and insert your own.