Oracle's Virtual Private Database system uses Query rewrite functionality. It means that for every query sent to the database, Oracle will rewrite the SQL sentence adding the policies defined by the VPD rules.

DBPrism CMS defines rules for select/insert/update/delete operation. The code below shows an original and the re-writed version of a tipical CMS query

SQL Origen:

select path,name,current_version from pages where id_page=10

Query re-writed:

select path,name,current_version from pages where id_page=10 and

((o_read='Y') or

(g_read='Y' and sys_context('cms_context','group_list') like '%|'||g_id||'|%') or

(u_read='Y' and u_id=sys_context('cms_context','user_id')))

It means that, this sequence of validation is applied:

1. if the read flag for others is Y the lazzy evaluator for an OR function will return true for all the where sentence.
2. If not, if the read flag for the group is Y and the group owner of the pages is in the list of groups for the logged CMS user, return true.
3. If not, if the read flag for the owner is Y and the id of the logged user is equal to the owner of the page, return true.
4. If no, the OR concatenation will return false and the select will no return rows.

next section Application Context Component