Oh, and of course, if you have the money, the Database Vault Option can
also do this (Its primary purpose is to prevent sysadmin/dba folks from
reading sensitive data, but have a look around as it can be fairly easily
circumvented if local access to the database is available).
On Thu, Aug 22, 2019 at 1:37 PM Stefan Knecht <knecht.stefan@xxxxxxxxx>
wrote:
You can use VPD to restrict access to very specific columns and even rows.
The conditions can be anything you can express in PL/SQL - even things such
as connection IP addresses (to e.g. prevent certain data from being read
remotely) and of course anything like roles or users.
Stefan
On Thu, Aug 22, 2019 at 1:22 AM Rusnak, George A CTR (US) DeCA HQ LEITC <
george.rusnak.ctr@xxxxxxxx> wrote:
Oracle Version: 12.1.0.2
We are installing a new system and it contains PII information. TDE was
suggested to protect the PII information, also a requirement exists that I
need to limit access to encrypted columns based on roles assigned to users.
For example, I would create an HR_ROLE and only those users with the
HR_ROLE can get to HR encrypted data columns.
I have been researching but have not come across any article that covers
this so I am not sure if it even can be done.
Any info or how to document would be greatly appreciated.
Thanks,
Al
--
//
zztat - The Next-Gen Oracle Performance Monitoring and Reaction Framework!
Visit us at zztat.net | @zztat_oracle | fb.me/zztat | zztat.net/blog/
