Hi Bill > One of my users sent me this URL for a paper on improving security, > http://www.oracle.com/technology/pub/articles/jucan_security.html. Be careful that paper covers/mixes different techniques. > The writer presents a technique for hiding columns using DBMS_RL to > create policies to hide data. Apparently one can even hide data from > a user with full DBA access. With RLS you cannot prevent DBA/users having sys priv EXEMPT ACCESS POLICY to see all data. If you want to do so I see only two options: - encrypt data outside the database - use Datatabase Vault and encrypt data inside the database > I had a conversation with one of my co-workers who had just attended > an Oracle taught security class and she reported that there are > numerous examples of users losing data when attenpting to do this. If you mean RLS, that is not possible. You never lose data. I guess such a comment is related with data encrypted outside the database. > Unfortunately I don't have a good enough understanding of the process > to give a concise explanation. I am interested in knowing if others > are familiar with this technique, have used it and what your > experiences were. You have to ask yourself an essential question: What kind of risk are you trying to mitigate/avoid? When that is clear it's much easier to know which features may help. HTH Chris -- //www.freelists.org/webpage/oracle-l