Oracle Virtual Private Database (VPD) allows you to create security policies to control the access at the row and column level. These security policies are enforced by the database rather than an application, which means that use of a different application will not bypass the security policy.
Oracle adds dynamically and transparently a WHERE clause( predicate ) to a SQL statement that is executed against the object (table, view or synonym) to which a VPD policy was applied. The predicate (WHERE clause) is returned by a custom function which implements the security policy. It is your responsability to write correctly this function so that it will return the expected predicates in various scenarios.
An example on my blog may help to understand the concept.