The DB Proxy Policy

You can use database rule templates to customize database rules and add them to database rule sets. When you add the DB Proxy Policy to virtual system pattern components, you can configure the policy with these rule sets to control client application access to databases at the table, row, and data cell level.

The DB Proxy Policy defines a rule-enabled database proxy that exists between the client application and the existing database server. You can configure rules to control client access to the database at the table, row, and data cell level. You can customize these rules for each installation.

The database proxy can reside on the same virtual machine as the client application or on a different virtual machine. The client application resides within the same regulatory boundary as the existing database.

The client application must be configured so that all JDBC calls from the client application are routed to the database proxy. This configuration uses the database proxy database driver to create the database connections between the client application and the database proxy. The database proxy database driver is comprised of two JAR files: dbpep.jar and derbyclient.jar. These files are located in the /lib directory of the database proxy schema tool. You can download this tool from the Catalog > Database Rule Templates page.

The database proxy maps JDBC SELECT requests through to the existing database, collects the results, and enforces rules on the results. These rules might restrict access to a whole table, to a row, or to a single data cell, or modify data at the row or cell level. For JDBC create, update, and delete requests, the database proxy supports only rules to allow or deny these requests.

You can add the DB Proxy Policy to virtual system pattern components. For more information, see Creating virtual system patterns.