- Role vs Responsibility -

The Responsibility has been used not only to define the application navigation menus, but also to define privileges and permissions. Using this definition of responsibility, it is necessary to create several similar responsibilities in order to effectively carve out data and functional security access for a group of users.

Going forward (from EBS 11.5.10 onwards), Users will no longer need to be directly assigned the lower level permissions and responsibilities, as these can be implicitly inherited based upon the roles assigned to the user. Roles can now be defined to consolidate responsibilities and other roles through role inheritance, as well as lower level permissions (functions) and data security policies.

The benefits of implementing Role Based Access Control (RBAC) are
- Structured user access control
- Reduced cost of administering user access control system
- Streamlined setup and implementation of security policies and rules

Refer System Administrator's Guide – Security document for more details.

- Virtual Private Database vs Label Security -

Protect the data and processes from unauthorized modification, destruction, disclosure, or delay is very important for any organization. Oracle provides Oracle Label Security (OLS) and Virtual Private Database (VPD) tools to address the full spectrum of data and process security issues.

Most of us are confused to identify the right tool for data security and find difficult to distinguish OLS and VPD. Hope the following table will help to identify the right tool to enforce the data security.

Comparison between OLS and VPD

Reference:

http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96578/labels.htm

Metalink Notes: 213684.1/234599.1/230980.1