Security :: Restrictions Apply To VPD Functions For Column Masking?
Sep 10, 2013
I want to understand the restrictions that apply to VPD functions when used for column masking, compared with their use for Row-Level Security. According to the Oracle Database Security Guide (11g Release 1) Column-masking conditions generated by the policy function must be simple Boolean expressions, unlike regular Oracle Virtual Private Database predicates.
I have long understood the above as implying that column-masking conditions should not contain sub-queries (i.e. inner selects). However, we tested using a condition with a select inside another select (2-level nesting) and yet it worked. We were on 11g Release 2, by the way. So, I wonder about using sub-queries in column-masking conditions? Or, alternatively, what Oracle means with "regular VPD predicates" and "simple Boolean expressions" (of course, in the context of VPD)?
View 2 Replies
ADVERTISEMENT
Sep 12, 2013
I'm writing a VPD function to be used for column masking. The predicate (WHERE-clause) it generates may take many different forms. In particular, it may contain inner-selects; for example,
"exists(select '*' from B where B.VAL = '123' and A.KEY = B.KEY)"
where A is the table that is associated to the VPD function, and B is some other table.
if this is OK for column masking? If not, my VPD function may sometimes work and sometimes fail, in unexpected ways.
The Oracle Database Security Guide (11g Release 1) says
Column-masking conditions generated by the policy function must be simple Boolean expressions, unlike regular Oracle Virtual Private Database predicates".
This seems to indicate that there are cases where a VPD function works for row-level security, but not for column masking.
an example of a 'regular Oracle VPD predicate' that doesn't work for column-masking?
View 5 Replies
View Related
Nov 26, 2012
I am looking for Masking options/techniques to mask few columns. I am aware of the option Oracle Data Masking Pack. But its costly.
View 6 Replies
View Related
Nov 2, 2011
i have masked the values of some columns in an oracle table,how do i see its effect in an oracle form?
View 1 Replies
View Related
Mar 10, 2010
I am Hvg a table with two columns one is Emp_name Varchar2Another is age Number
i want a simple insert that should restrict the entry if the age exceeds 50
View 8 Replies
View Related
Mar 23, 2011
Can I apply Referential Integrity to only selected rows of a particular column? This is the reference key to the primary key to another table. But, the issue is, this reference column is not having mandatory data for all the rows. So, whenever this is null, I dont want it to be referred by parent table.
no, and it makes no sense to do so either
We have an appointment form in our HIS, where patients take telephonic appointment. That time they may not know their user id given by hospital. So, it remains blank & name is entered manually. But if the user-id is entered, it must fetch patient name from the master.
The candidate key must be unique within its domain.The candidate key can not hold NULL values.
ALTER TABLE HLTHCHKAPPOINTHD ADD (
CONSTRAINT SYS_C007145
FOREIGN KEY (N_PATIENTMR_ID)
REFERENCES MRREGISTRTNHD (N_PATIENTMR_ID));
MRREGISTRTNHD is a patient master & has a primary key named N_PATIENTMR_ID.
HLTHCHKAPPOINTHD is a appointment table & has a foreign key named N_PATIENTMR_ID which references N_PATIENTMR_ID of MRREGISTRTNHD.
Also, N_PATIENTMR_ID of HLTHCHKAPPOINTHD is not a unique key & it can contain null values also. I want to define constraint or any other method such that only the not null values are referenced to the master i.e. it should validate in the master. And null values should skip this reference.
Now, what happens is due to this constraint, when I'm trying to edit & update the rows having null value in N_PATIENTMR_ID, it gives the following error.
ORA-02291: Integrity constraint (SYS_C007145) violated - parent key not found
So, can I give some condition in the above constraint saying, apply this constraint to table HLTHCHKAPPOINTHD only having the not-null values in N_PATIENTMR_ID coulmn?
View 2 Replies
View Related
Jul 6, 2012
Is the identifier functions UID always correlated with the column dba_users.user_id ?
View 4 Replies
View Related
May 21, 2013
I just want to know whether we can mask salary column of number datatype into text ,like we used to_char(to_date(<column_name>,'j'),'jsp') in sql? for example
Name Salary
SMITH 800
to
Name Salary
SMITH EIGHT HUNDRED
View 5 Replies
View Related
Sep 26, 2013
I have question regarding data masking. Currently we are using Oracle 11g database , we are thinking of implementing data-masking feature in 11g. Is this can be done by adding any package to it.
View 4 Replies
View Related
Jul 25, 2012
My boss make a requirement in exist database as some user can view salary column at employment table by SQL and some user can view salary column at employment table by SQL.
The boss do not like to make changes front SQL. Ooracle 11g vault or Oracle Label Security is best for this requirement?
my oS is 2008 32 bit window and DB is 11.2.0.1
View 4 Replies
View Related
Apr 28, 2011
I'm running a 10.2.0.4 database with auditing enabled:
SQL> show parameter audit_trail;
NAME TYPE VALUE
------------------------------------ -------- -------------
audit_trail string DB, EXTENDED
I have auditing enabled for create session:
SQL> select audit_option, success, failure from dba_stmt_audit_opts;
AUDIT_OPTION SUCCESS FAILURE
---------------------------------------- ---------- ----------
CREATE SESSION BY ACCESS BY ACCESS
My problem is that when I run a report against DBA_AUDIT_SESSION, the CLIENT_ID column is never populated, it's always blank. I've tried running a trigger to populate the client_identifier variable:
create or replace procedure capture_module
as
begin
dbms_session.set_identifier(sys_context('userenv','module'));
end;
/
[code]....
And if I put an access trigger on a table and create an audit event, the CLIENT_ID column from DBA_AUDIT_TRAIL and DBA_COMMON_AUDIT_TRAIL both show the updated value (module), but no matter what, I never get the CLIENT_ID column in DBA_AUDIT_SESSION to show anything - it's always null.
I want to run a report against DBA_AUDIT_SESSION that will tell me who logged in, when they logged in and out, where they logged in from and the one thing I can't get - what module they were running (SQLplus, Toad, etc). Why can't I get the CLIENT_ ID column to take the value I'm setting with the logon trigger?
View 13 Replies
View Related
May 4, 2011
--here's my set up
CREATE USER schemaowner IDENTIFIED BY schemaowner
DEFAULT TABLESPACE users TEMPORARY TABLESPACE temp;
GRANT connect, resource TO schemaowner;
CREATE USER user1 IDENTIFIED BY user1
DEFAULT TABLESPACE users TEMPORARY TABLESPACE temp;
GRANT connect, resource TO user1;
[Code] .....
my desired outcome for user 1
user1> select * from schemaowner.user_data;
user_id column1
1 USER1
my desired outcome for user2 are as follow:
user1> select * from schemaowner.user_data;
user_id column2
2 TESTER 2
the nearest solution is from with reference to [URL]
Quote:
Adding Policies for Column-Level VPD
....
SELECT ENAME, d.dname, JOB, SAL, COMM from emp e, dept d
WHERE d.deptno = e.deptno;
the database returns a subset of rows as follows:
ENAME DNAME JOB SAL COMM
-------------- -------------- ------------ ------------ -------------
ALLEN SALES SALESMAN 1600 300
WARD SALES SALESMAN 1250 500
MARTIN SALES SALESMAN 1250 1400
BLAKE SALES MANAGER 2850
TURNER SALES SALESMAN 1500 0
JAMES SALES CLERK 950
so how do I implement roll level and column level simultaneously?
View 3 Replies
View Related
Jun 12, 2012
I need encrypt column in the table (TDE) with 160 rows (PK) i'd like know what impact if i rn in time production this procedure. And as will be behavior the oracle database if this column is FK.
View 2 Replies
View Related
May 30, 2013
i have a column that contains 1 to 100 values but it has some missed data such as it does not has 50,45,34,23 etc..
so how could i find the missed data alone in a single query..
View 4 Replies
View Related
Jul 19, 2012
I created a test table with 4 columns(id, first_name,last_name, salary-number ) and then alter table to encrypted salary column . everything is OK.
I insert values into test table. However, I still can see salary value by select SQL.
What is wrong?
my db is oracle 11.2.01 in 2008 SP window
newdba
View 7 Replies
View Related
Jan 10, 2011
I would like to encode values in a column using SHA-2 (256 bit encryption). Does 10g support SHA-2 and if so how can i implement this?
View 2 Replies
View Related
Apr 24, 2013
i have IR report page and download column as blob,how can security applied in specific column wise?e.g. Report page have more rows, and applied query in condition.
Select ID,dbms_lob.getlength(Blob_file) Download from Document_master
where Created_by=UPPER(:APP_USER)
OR
(exists (select '' from apex_workspace_group_users awgu
where awgu.user_name =:app_user AND awgu.GROUP_NAME='EMPLOYEE_GROUP'
)
)
Now all the rows with Download column to see EMPLOYEE_GROUP users,but i need control the download column only except Created_by=UPPER(:APP_USER) ,this case how can do the security.
View 5 Replies
View Related
Dec 26, 2012
Any documentation supporting Oracle 11G and Advanced Security stating encryption at rest is FIPS 140-2 compliant?
View 3 Replies
View Related
Nov 16, 2010
Lost Windows password? Forgot Windows password? Your PC was hacked? Therefore, it is a basic step for every Windows users to enhance the security of Windows password. In the networks, it is found that a number of user's passwords are easy to guess. Only the smallest groups are the most security conscious and select passwords that are mixed lowercase and uppercase letters, numbers and punctuation to create cryptic passwords. Adopting strong password is one of the most effective ways to ensure system security. Here are several methods for you to enhance the security of your passwords in Windows 7/2000/XP/Vista and so on. You'd better remember the methods below unless you want to reset Windows password from time to time.
1. Is random password a great password?
A common myth is that totally random passwords like Ht3&e#L%5d@$B are the best passwords. This is not true. While they may be strong passwords, they are usually difficult to remember, slow to type, and sometimes vulnerable to attacks against the password generating algorithm. It is easy to create passwords that are strong but much easier to remember by using a few simple techniques. For example, consider the password "Luck-73@Better?". This password utilizes uppercase and lowercase letters, two numbers, and three symbols. The password is 15 characters long and can be memorized with very little effort. Moreover, this password can be typed very fast. The portion"Luck" and "Better" alternate between left and right-handed keys on the keyboard, improving speed, decreasing typos, and decreasing the chances of someone being able to discover your password by watching you.
2. Create the long Windows password
Although a password may eventually be discovered through some means, it is possible to create a password that cannot be cracked in any reasonable time. If a password is long enough, it will take so long or require so much processing power to crack it. That is essentially the same as being unbreakable (at least for most hackers).
3. Create the Windows password constantly?
This may be good advice for some high-risk passwords, but it is not the best policy for every user. It is frustrating for a user to have to constantly think of and remember new passwords every 30 days. It may be better to focus on stronger passwords and better user awareness rather than limiting password age. A more realistic time for the common user may be 90-120 days.
4. Write down Windows password in a proper place
Sometimes it is necessary for some users losing and forgetting complex passwords easily to write down them somewhere proper. However, it is important to educate users on how to write down passwords properly. Obviously, a sticky note on the monitor is not a good idea, but storing passwords in a safe or even a locked cabinet may be sufficient.
5. 14 characters is the optimal password length
Each character that you add to your password increases the protection. Your passwords should be 8 or more characters in length; 14 characters or longer is the Optimal Password Length. Many systems also support use of the space bar in passwords, so you can create a phrase made of many words. It is not easier to forget and lose, as well as longer than a simple password, and harder to guess.
6. Try not to use the same Windows password for all accounts
Some users always make the same passwords for every account to make it easy to remember. In that case, when any one of them lost, your other information protected by that password will be in danger as well. It is serious to use different passwords for different systems and accounts.
7. Do not use some common words that other users maybe guess
Most of users prefer to use some common words to remember easily, for example, login name, birth date, driver's license, passport number, pets' name and other words contained their personal information someone knows. In that case, your Windows system will not be safe anymore. Moreover, do remember not to use some words spelled backwards, abbreviations, sequences or repeated characters and adjacent letters, such as, asdfgh, 123456, 888888, abcdef and so on.
You can smoothly use your Windows now because the strong and powerful Windows password is created successfully, Certainly, I believe that many users lost Windows password and forgot Windows password, then you need have to reset Windows password or recover Windows password. It is a big problem for plenty of Windows users that how to reset Windows password. how to recover Windows password and they are puzzled by resetting windows password, for instance, reset Windows 7 password, recover password Windows XP, remove Windows Vista password and other operating systems after they create the password with complex letters, numbers and symbols. However, it is unnecessary to worry and it is said that things will eventually sort themselves out. There are many ways to reset forgotten Windows password, including use windows password reset disk and windows password reset software, like Super Windows Password Reset, a professional windows password reset software which could enable you to logon to Windows smoothly without reinstalling system.
View 1 Replies
View Related
Aug 18, 2010
In Sybase, my application was using system tables to perform application login security. Those tables obviously don't exist in Oracle. I am looking for ways to provide the following functionality in an Oracle world:
1. How to determine 'x' days of inactivity based on "last login date"?
2. How to determine when a new user logs in for the first time and force them to change their password?
3. If we need to reset a users password, how can we require the user to change their password?
4. Is there any other option other than storing a user-id/password in the application code for locking a user's account if their account needs to be locked due to inactivity?
5. In the USER_USERS view there is a status column. What the different status's can be?
View 3 Replies
View Related
Jul 27, 2010
Provide me the script which would track all the users security violations like ... say for example i want to find which users logged in and what he did in database prospective.
View 1 Replies
View Related
Jun 17, 2012
Does we need to apply the patches in sequence. i installed oracle 11g r2 today only, then which patch i can install. if i like to install CPU, then does i need to install all the previous or only the latest one. if only latest one only, then how can i find the CPU patch number.
of course, instead of cpu i can install psu patch, then which one has to install. only latest one or all previous also. if latest one only how to find latest psu patch that has to apply.
View 4 Replies
View Related
Sep 20, 2012
How to apply patchset (10.2.5) with no downtime?
My db version is 10.2.4 and OS is hp-ux
View 10 Replies
View Related
Mar 3, 2012
I need to migrate a 500 GB 10.2 database from windows to linux. Of course I found Alejandro Vargas paper on how to do that ("Database Migration From Windows to Linux Using RMAN"). My problem is that the source database will be up again for 7 days and I need to apply all changes made to the source database to the migrated linux database.
Can I just take all redo log files generated from the source database and apply those to the destination database? I might have a problem with a) file conversion and that the redo log are not in sync with the target database (different check points?).I just found that on an exotic website: "The contents of a redo log file depend on a combination of Oracle version, operating system and server architecture. In general redo logs written on one architecture cannot be read on another. There are a few exceptions to this rule. For example, in Oracle 10.2 a redo log written in Linux can be read by a Windows database."
So if this is true, does it also work the other way AND will the database migration from window to linux create a perfect clone of the database where those redo log files actually can be applied to?
View 1 Replies
View Related
Jul 20, 2012
We need to apply the the 11.2.0.2 database server patch and this is a 12i Ebusiness suite env. Do we need to take any precautions(other than stopping the apps) on the APPS side when we are applying the patch on the database?
View 2 Replies
View Related
Oct 5, 2011
I have created Replication process for a single table using the below mentioned script.
connect sys/afccv@afccv as sysdba
show parameter open_cursor
create user STRMADMIN identified by STRMADMIN;
ALTER USER STRMADMIN DEFAULT TABLESPACE USERS TEMPORARY TABLESPACE TEMP QUOTA UNLIMITED ON USERS;
GRANT CONNECT, RESOURCE, AQ_ADMINISTRATOR_ROLE,DBA to STRMADMIN;
execute DBMS_STREAMS_AUTH.GRANT_ADMIN_PRIVILEGE('STRMADMIN');
connect sys/vxmldb@vxmldb as sysdba
[code]....
According to Alert log file Replication process started( Refer Alert log content below
Wed Oct 05 12:45:53 2011
Streams CAPTURE CP01 for STRMADMIN_CAPTURE started with pid=256, OS id=8692
Starting persistent Logminer Session with sid = 41 for Streams Capture STRMADMIN_CAPTURE
Wed Oct 05 12:46:20 2011
LOGMINER: Parameters summary for session# = 41
[code]....
Now When I am checking the apply status then it is showing Dequeue message
SQL> l
1* select apply_name,state,DEQUEUE_TIME from V$STREAMS_APPLY_READER
SQL> /
APPLY_NAME STATE DEQUEUE_TIME
------------------------------ ----------------- --------------------
STRMADMIN_APPLY DEQUEUE MESSAGES
when I am checking the number of rows on both tables (source and destination) , at destination it is not applying any thing.
View 5 Replies
View Related
May 22, 2012
How To Apply Group by Command in Forms 6i at block level for example in data block a field name is code,quantity and code replicate many times it is not working with out commit but i want to calculate sum of quantity in data block by code group before commit
if we apply this command at sql level then command is
select code,sum(nvl(quantity,0)) from sal_detail group by code and its work very well
View 11 Replies
View Related
Aug 6, 2012
I will begin to install Oracle Clusterware (11gR2), but I need to know how much space should I apply for the ASM instance? What size should I apply the shared disk to the nodes?
View 5 Replies
View Related
Jun 27, 2013
Can we apply LPAD in NUMBER datatype?
View 11 Replies
View Related
Nov 29, 2012
how can we mask value of some columns in table? For example: user A is supervisor, he can query salary column in employee table, but for user B, he is staff member, he can query salary column but system just shows ***** or something like that for salary value.
View 6 Replies
View Related
