Scenario: ExampleHMO using row and column access control - Secure functions
Functions must be deemed secure before they can be called within row and column access control definitions. Alex, the security administrator, discusses how Paul, a database developer at ExampleHMO, can create a secure function for his new accounting application.
After the privacy and security policy went into effect at ExampleHMO, Alex is notified that the accounting department has developed a powerful accounting application. ExampleHMOAccountingUDF is a SQL scalar user-defined function (UDF) that is used in the column mask ACCT_BALANCE_MASK on the PATIENT.ACCT_BALANCE table and row.
Only UDFs that are secure can be invoked within a column mask. Alex first discusses the UDF with Paul, who wrote the UDF, to ensure the operation inside the UDF is secure.
GRANT CREATE_SECURE_OBJECT ON DATABASE TO USER PAUL;
To create a secured UDF, or alter a UDF to be secured, a developer must be granted CREATE_SECURE_OBJECT authority.
CREATE FUNCTION EXAMPLEHMOACCOUNTINGUDF(X DECIMAL(12,2))
RETURNS DECIMAL(12,2)
LANGUAGE SQL
CONTAINS SQL
DETERMINISTIC
NO EXTERNAL ACTION
RETURN X*(1.0 + RAND(X));
ALTER FUNCTION EXAMPLEHMOACCOUNTINGUDF SECURED;
--Drop the mask to recreate
DROP MASK ACCT_BALANCE_MASK;
CREATE MASK EXAMPLEHMO.ACCT_BALANCE_MASK ONPATIENT FOR
------------------------------------------------------------
-- Accounting information:
-- Role ACCOUNTING is allowed to invoke the secured UDF
-- ExampleHMOAccountingUDFL passing column ACCT_BALANCE as
-- the input argument
-- Other ROLEs accessing this column will strictly view a
-- zero value.
------------------------------------------------------------
COLUMN ACCT_BALANCE RETURN
CASE WHEN VERIFY_ROLE_FOR_USER(SESSION_USER,'ACCOUNTING') = 1
THEN EXAMPLEHMOACCOUNTINGUDF(ACCT_BALANCE)
ELSE 0.00
END
ENABLE;
Dr. Lee, who has the PCP role, must call a drug analysis user-defined function. DrugUDF returns patient drug information. In the past, Dr. Lee issues a SELECT statement that calls DrugUDF and receives the result set quickly. After the PATIENT table has been protected with row and column access control, the same query takes more time to return a result set.
Dr. Lee consults with the ExampleHMO IT staff and Alex, the security administrator, about this performance degradation. Alex tells Dr. Lee, if the UDF is not secure, the query cannot be optimized as well and it takes longer to return a result set.
--Function for ExampleHMO Pharmacy department
CREATE FUNCTION DRUGUDF(PHARMACY VARCHAR(5000))
RETURNS VARCHAR(5000)
NO EXTERNAL ACTION
BEGIN ATOMIC
IF PHARMACY IS NULL THEN
RETURN NULL;
ELSE
RETURN 'Normal';
END IF;
END;
--Secure the UDF
ALTER FUNCTION DRUGUDF SECURED;
--Grant execute permissions to Dr.Lee
GRANT EXECUTE ON FUNCTION DRUGUDF TO USER LEE;
--Querying after the function is secured
SELECT PHARMACY FROM PATIENT
WHERE DRUGUDF(PHARMACY) = 'Normal' AND SSN = '123-45-6789';
PHARMACY
--------
codeine
1 record(s) selected.