My Oracle Support Banner

How to Bypass Fine-Grained Security Enforcement (Doc ID 174799.1)

Last updated on FEBRUARY 23, 2023

Applies to:

Oracle Database - Enterprise Edition - Version 10.2.0.1 and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Oracle Database Cloud Schema Service - Version N/A and later
Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Information in this document applies to any platform.
 


Purpose

This bulletin explains how to negate the effect of fine-grained access control and therefore bypass fine-grained security enforcement.


The system privilege EXEMPT ACCESS POLICY allows a user to be exempted from all fine-grained access control policies on any DML operation such as SELECT, INSERT, UPDATE, and DELETE.
If a user is granted the EXEMPT ACCESS POLICY privilege, then the user is exempt from VPD and Oracle Label Security policy enforcement. That is, the user does not have any VPD or Oracle Label Security policies applied to their data access.

Scope

This system privilege provides ease of use for such administrative activities as installation, and import and export of the database through a non-SYS schema. This privilege should only be granted to users who have legitimate reasons for bypassing fine-grained security enforcement. This privilege should not be granted WITH ADMIN OPTION, so that users cannot pass on the EXEMPT ACCESS POLICY privilege to other users, and thus propagate the ability to bypass fine-grained access control.

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.