I'm hoping you guys can help me out here as I'm dipping my toes in the Data Encryption pool. What I'm looking for is a high level answer to the questions below *while* I read through the Advanced Security documentation. I understand that TDE has 2 potential components - Tablespace Encryption and Table/Column Encryption. I understand (I think) that Tablespace Encryption is invisible to applications & users - the data in encrypted as it is written to database files and unencrypted when the database engine reads that data back into the database as part of a query. Now my questions are related to TABLE/COLUMN encryption and I'm a looking for a 10,000 foot view answer right now (not a highly detailed answer): Questions: 1.) With TDE on Tables/Columns, and using a wallet that is setup, how does a SPECIFIC user/application interface with the data that is encrypted and authenticate to see the unecrypted data? Example: UNauthorized UserA looks up a Credit Card Number in TableA and sees data that is encrypted and cannot read the number. AUthorized UserB/Application looks up a CC# in TableA and sees the unecrypted data and can continue processing it in a meaningful way. What I'm trying to figure out is if AUTHORIZED users/applications have to unlock the data (or re-authorize) each time they login to the database, or what? How do they "unlock" the data - an automated wallet setup, or do they have to execute a pl/sql block to authenticate? 2.) Can you use both Tablespace Encryption and Table/Column encryption? I'm curious how they work together if both are in use - is the data double encrypted when it gets written to disk? Thanks for any help!!! Chris Taylor