Re: Transparent Data Encryption
Date: Thu, 22 Aug 2019 13:40:36 +0700
Message-ID: <CAP50yQ8Pq_wpRrJz2iYAA6dSXWiE5mADmbCsm4TYieAAt9WpGg_at_mail.gmail.com>
Oh, and of course, if you have the money, the Database Vault Option can also do this (Its primary purpose is to prevent sysadmin/dba folks from reading sensitive data, but have a look around as it can be fairly easily circumvented if local access to the database is available).
On Thu, Aug 22, 2019 at 1:37 PM Stefan Knecht <knecht.stefan_at_gmail.com> wrote:
> You can use VPD to restrict access to very specific columns and even rows.
> The conditions can be anything you can express in PL/SQL - even things such
> as connection IP addresses (to e.g. prevent certain data from being read
> remotely) and of course anything like roles or users.
>
> Stefan
>
>
>
>
> On Thu, Aug 22, 2019 at 1:22 AM Rusnak, George A CTR (US) DeCA HQ LEITC <
> george.rusnak.ctr_at_deca.mil> wrote:
>
>>
>> Oracle Version: 12.1.0.2
>>
>> We are installing a new system and it contains PII information. TDE was
>> suggested to protect the PII information, also a requirement exists that I
>> need to limit access to encrypted columns based on roles assigned to users.
>> For example, I would create an HR_ROLE and only those users with the
>> HR_ROLE can get to HR encrypted data columns.
>>
>> I have been researching but have not come across any article that covers
>> this so I am not sure if it even can be done.
>>
>> Any info or how to document would be greatly appreciated.
>>
>> Thanks,
>> Al
>>
>
>
> --
> //
> zztat - The Next-Gen Oracle Performance Monitoring and Reaction Framework!
> Visit us at zztat.net | _at_zztat_oracle | fb.me/zztat | zztat.net/blog/
>
-- // zztat - The Next-Gen Oracle Performance Monitoring and Reaction Framework! Visit us at zztat.net | _at_zztat_oracle | fb.me/zztat | zztat.net/blog/ -- http://www.freelists.org/webpage/oracle-lReceived on Thu Aug 22 2019 - 08:40:36 CEST