Jeffrey, I suppose you are calling hiding information and protecting information two different things. VPD and security policies will work well to hide data. If you are speaking of sensitive data of the nature that compliance needs to be a consideration, then that is a different question altogether. If protecting this data is indeed part of your dilemma, then an encryption option is likely necessary. I use custom encryption using DBMS_CRYPTO through custom encrypt and decrypt functions at my current workplace. Sharon mentioned Oracle's Database Vault for encryption, which seems to be transparent to the user. Either way, be careful how you access the data if you need it to stay protected. I have identified a way that protected data can be captured by the AWR through bind variables. Take a look at my blog post on that if you are more interested: http://iamsys.wordpress.com/2010/03/16/how-to-protect-sensitive-bind-data-in-redo-logs/ <http://iamsys.wordpress.com/2010/03/16/how-to-protect-sensitive-bind-data-in-redo-logs/> Thanks, Michael Wehrle Oracle Certified DBA On Thu, Mar 25, 2010 at 8:35 AM, Jeffrey Beckstrom <JBECKSTROM@xxxxxxxxx>wrote: > My question is how are people hiding sensitive information in a > Production database. For example, we are running Oracle Applications 11i > and would like to protect some fields so that only a few people can see the > column. In such an instance, would you setup a virtual private database > with column level security or what? Since this is a packaged application, > there is no access to the code. > > > Jeffrey Beckstrom > Database Administrator > Greater Cleveland Regional Transit Authority > 1240 W. 6th Street > Cleveland, Ohio 44113 >