You can use VPD to restrict access to very specific columns and even rows.
The conditions can be anything you can express in PL/SQL - even things such
as connection IP addresses (to e.g. prevent certain data from being read
remotely) and of course anything like roles or users.
Stefan
On Thu, Aug 22, 2019 at 1:22 AM Rusnak, George A CTR (US) DeCA HQ LEITC <
george.rusnak.ctr@xxxxxxxx> wrote:
Oracle Version: 12.1.0.2
We are installing a new system and it contains PII information. TDE was
suggested to protect the PII information, also a requirement exists that I
need to limit access to encrypted columns based on roles assigned to users.
For example, I would create an HR_ROLE and only those users with the
HR_ROLE can get to HR encrypted data columns.
I have been researching but have not come across any article that covers
this so I am not sure if it even can be done.
Any info or how to document would be greatly appreciated.
Thanks,
Al
