Security Policy
The Security Policy section provides centralized control for defining how OneDB protects sensitive data and manages trusted query exceptions.
Through this section, administrators can configure protection behavior for database queries, define rules for sensitive field handling, and manage specific queries that are allowed to bypass protection rules when required by application functionality.
Security Policy helps ensure that access to sensitive data remains controlled, auditable, and aligned with business or compliance requirements.
Purpose
The Security Policy section is designed to help administrators manage data protection rules at the database access layer.
It allows OneDB to control how sensitive fields are handled when applications, users, or services access the database through OneDB.
This section is commonly used to:
| Purpose | Description |
|---|---|
| Protect sensitive data | Apply protection rules to sensitive database fields. |
| Control query behavior | Define how OneDB handles queries that access protected fields. |
| Manage exceptions | Allow specific trusted queries to bypass protection rules when required. |
| Support audit and governance | Help administrators review and manage protection policies in a centralized place. |
Available Menus
The Security Policy section includes the following menus:
| Menu | Description |
|---|---|
| Query Whitelist | Allows administrators to define trusted SQL queries that can bypass protected field rules under controlled conditions. |
| Protection Rules | Allows administrators to manage protection rules used to control how OneDB handles sensitive data access. |
Query Whitelist
The Query Whitelist menu is used to register trusted SQL queries that are allowed to bypass protected field rules.
This is useful for application queries that must access protected fields for valid technical or business reasons, such as login validation, authentication checks, or internal system queries.
A whitelist rule can be limited by database connection, client address, and connection username.
Protection Rules
The Protection Rules menu is used to manage rules that define how OneDB protects sensitive data.
These rules help determine how OneDB should handle queries that access protected fields, including whether the query should be protected, restricted, or handled according to specific security logic.
Protection Rules provide the foundation for enforcing database security policies consistently across supported database connections.
Recommended Usage
Security Policy should be managed carefully because it directly affects how OneDB protects sensitive database access.
Administrators should:
- Define protection rules based on actual sensitive data requirements.
- Use Query Whitelist only for trusted and necessary queries.
- Add clear descriptions when creating whitelist rules or policy exceptions.
- Review active policies regularly.
- Disable or remove unused rules.
- Ensure only authorized administrators can create, update, or delete security policies.
Security Considerations
Security Policy settings may affect how sensitive data is protected or exposed.
For that reason, any changes should be reviewed carefully before being applied in production environments.
A whitelist rule, for example, may allow a query to bypass protected field rules. This can be necessary for application compatibility, but it should only be used when there is a clear business or technical justification.
Summary
The Security Policy section acts as the control center for OneDB data protection behavior.
By combining Protection Rules and Query Whitelist, administrators can enforce strong database security while still allowing controlled flexibility for trusted application queries.
