My boss make a requirement in exist database as some user can view salary column at employment table by SQL and some user can view salary column at employment table by SQL.
The boss do not like to make changes front SQL. Ooracle 11g vault or Oracle Label Security is best for this requirement?
my oS is 2008 32 bit window and DB is 11.2.0.1
i have a column that contains 1 to 100 values but it has some missed data such as it does not has 50,45,34,23 etc..
so how could i find the missed data alone in a single query..
I created a test table with 4 columns(id, first_name,last_name, salary-number ) and then alter table to encrypted salary column . everything is OK.
I insert values into test table. However, I still can see salary value by select SQL.
What is wrong?
my db is oracle 11.2.01 in 2008 SP window
newdba
Any documentation supporting Oracle 11G and Advanced Security stating encryption at rest is FIPS 140-2 compliant?
View 3 Replies View RelatedI created a user and granted connect, resource to the user. but trying to select columns from the view USER_HISTORY$,it's showing no value, i tried to login the user several times, but it's displaying no value, any particular reason or any minor mistake?
View 1 Replies View RelatedI am receiving an "ORA-00942 Table or View does not exists" error message when I try to run the following SQL statement:
SELECT id_status INTO :ls_id_status
FROM USER_ADMINISTRATION
WHERERTRIM(user_id) = :as_userid;
where :as_userid is an argument passed to the SQL.
Here are some background facts in order to save time regarding actions already taken:
(1) The userid used to login successfully is the same one passed to the above SQL;
(2) I have confirmed that the table does exist - we are using it in an application;
(3) The case of the table name is upper case as seen above and is correct;
(4) The spelling of the table name is correct;
(5) The schema name was prefixed to the table and I still got the same error (not shown above);
(6) The userid that I used is assigned to a role and the role has SELECT permissions to the above table.
I have the following questions :
1. After creating a view, how do I associate that view with certain level of security. As in, only a few users must be allowed to access that view.
2. How can I create a new user-login and password for my database application?
We are trying to audit a view. We are currently seeing that view in production instance and trying to find out when exactly it got invalidated.
View 4 Replies View RelatedIs there a way to view/obtain the password once a database link has been created. Some sys dba table?
View 7 Replies View RelatedI'm writing a VPD function to be used for column masking. The predicate (WHERE-clause) it generates may take many different forms. In particular, it may contain inner-selects; for example,
"exists(select '*' from B where B.VAL = '123' and A.KEY = B.KEY)"
where A is the table that is associated to the VPD function, and B is some other table.
if this is OK for column masking? If not, my VPD function may sometimes work and sometimes fail, in unexpected ways.
The Oracle Database Security Guide (11g Release 1) says
Column-masking conditions generated by the policy function must be simple Boolean expressions, unlike regular Oracle Virtual Private Database predicates".
This seems to indicate that there are cases where a VPD function works for row-level security, but not for column masking.
an example of a 'regular Oracle VPD predicate' that doesn't work for column-masking?
I'm running a 10.2.0.4 database with auditing enabled:
SQL> show parameter audit_trail;
NAME TYPE VALUE
------------------------------------ -------- -------------
audit_trail string DB, EXTENDED
I have auditing enabled for create session:
SQL> select audit_option, success, failure from dba_stmt_audit_opts;
AUDIT_OPTION SUCCESS FAILURE
---------------------------------------- ---------- ----------
CREATE SESSION BY ACCESS BY ACCESS
My problem is that when I run a report against DBA_AUDIT_SESSION, the CLIENT_ID column is never populated, it's always blank. I've tried running a trigger to populate the client_identifier variable:
create or replace procedure capture_module
as
begin
dbms_session.set_identifier(sys_context('userenv','module'));
end;
/
[code]....
And if I put an access trigger on a table and create an audit event, the CLIENT_ID column from DBA_AUDIT_TRAIL and DBA_COMMON_AUDIT_TRAIL both show the updated value (module), but no matter what, I never get the CLIENT_ID column in DBA_AUDIT_SESSION to show anything - it's always null.
I want to run a report against DBA_AUDIT_SESSION that will tell me who logged in, when they logged in and out, where they logged in from and the one thing I can't get - what module they were running (SQLplus, Toad, etc). Why can't I get the CLIENT_ ID column to take the value I'm setting with the logon trigger?
--here's my set up
CREATE USER schemaowner IDENTIFIED BY schemaowner
DEFAULT TABLESPACE users TEMPORARY TABLESPACE temp;
GRANT connect, resource TO schemaowner;
CREATE USER user1 IDENTIFIED BY user1
DEFAULT TABLESPACE users TEMPORARY TABLESPACE temp;
GRANT connect, resource TO user1;
[Code] .....
my desired outcome for user 1
user1> select * from schemaowner.user_data;
user_id column1
1 USER1
my desired outcome for user2 are as follow:
user1> select * from schemaowner.user_data;
user_id column2
2 TESTER 2
the nearest solution is from with reference to [URL]
Quote:
Adding Policies for Column-Level VPD
....
SELECT ENAME, d.dname, JOB, SAL, COMM from emp e, dept d
WHERE d.deptno = e.deptno;
the database returns a subset of rows as follows:
ENAME DNAME JOB SAL COMM
-------------- -------------- ------------ ------------ -------------
ALLEN SALES SALESMAN 1600 300
WARD SALES SALESMAN 1250 500
MARTIN SALES SALESMAN 1250 1400
BLAKE SALES MANAGER 2850
TURNER SALES SALESMAN 1500 0
JAMES SALES CLERK 950
so how do I implement roll level and column level simultaneously?
I need encrypt column in the table (TDE) with 160 rows (PK) i'd like know what impact if i rn in time production this procedure. And as will be behavior the oracle database if this column is FK.
View 2 Replies View RelatedI would like to encode values in a column using SHA-2 (256 bit encryption). Does 10g support SHA-2 and if so how can i implement this?
View 2 Replies View RelatedI want to understand the restrictions that apply to VPD functions when used for column masking, compared with their use for Row-Level Security. According to the Oracle Database Security Guide (11g Release 1) Column-masking conditions generated by the policy function must be simple Boolean expressions, unlike regular Oracle Virtual Private Database predicates.
I have long understood the above as implying that column-masking conditions should not contain sub-queries (i.e. inner selects). However, we tested using a condition with a select inside another select (2-level nesting) and yet it worked. We were on 11g Release 2, by the way. So, I wonder about using sub-queries in column-masking conditions? Or, alternatively, what Oracle means with "regular VPD predicates" and "simple Boolean expressions" (of course, in the context of VPD)?
i have IR report page and download column as blob,how can security applied in specific column wise?e.g. Report page have more rows, and applied query in condition.
Select ID,dbms_lob.getlength(Blob_file) Download from Document_master
where Created_by=UPPER(:APP_USER)
OR
(exists (select '' from apex_workspace_group_users awgu
where awgu.user_name =:app_user AND awgu.GROUP_NAME='EMPLOYEE_GROUP'
)
)
Now all the rows with Download column to see EMPLOYEE_GROUP users,but i need control the download column only except Created_by=UPPER(:APP_USER) ,this case how can do the security.
Correct example
select
pp.IVA
, pp.CNR
, pp.POLO
,(pp.CNR-pp.POLO) diff
, ((pp.CNR-pp.POLO) * pp.IVA / 100) + (pp.CNR-pp.POLO) diva
from AB_PERIODI_PREZZI pp
Invalid example
select
pp.IVA
, pp.CNR
, pp.POLO
,(pp.CNR-pp.POLO) diff
, ((diff * pp.IVA / 100) + diff) diva
from AB_PERIODI_PREZZI pp
In my real view, the diff calculate column is very long (with case etc...) I must reuse many time the diff calculate column to calculate other columns.I do not want use subquery because there is many join to do in the same query. How can I reuse a calculate column in the same view?
I'm having trouble creating a view that has a not null column. Using this script you can see that the resulting table doesn't have a not null constraint for the first column even though both source columns for that row are not null. Is there anyway to force the view to mark that first column as not null? (I need it for ODP.NET otherwise I get an error there)
DROP TABLE MYTABLE;
CREATE table MYTABLE
( COL1 NUMBER(2) NOT NULL,
col2 number(2)) ;
drop table mytable2;
CREATE table MYTABLE2
[code]....
I don't know what column name would there for my new view. so can i use dynamic SQL in View so that I can get correct column name?
View 2 Replies View RelatedI have table with values :
PROV_IDMEASURE_IDPERCENTAGE
Z0000221P114 45
Z0000135P115 68
For the column all possible values are ( P102,P101,P103 etc toP124). I want to create a view ( if possible ) from the above with data output as :
PROV_ID P101 P102 P103 ............................P124
z000234 23 45 60 72
basically this view has columns based on the previous tables column ( MEASURE_ID) values and the values will be corresponding value in column Percentage.
I have an issue in materialized view which has got one of the null able column and query on this column taking approximately 2 mins where as other indexed columns takes less than 10 sec.
Here is the summary
SQL> Select Count (1), Count (VAT_NO) From Mv_customer;
COUNT(1) COUNT(VAT_NO)
---------------------------------
2893561 1516
If an index is created on VAT_NO will that improve the performance. What kind of index can be created considering very less number of records has got VAT_NO
My DBA gave me a table with only one date column say Table1.Date. Its in the format of Date and say it is = 7/23/2012.
Now i have to create my own Reporting View(which is used for reporting) based on that date column like below:
It should be a column with values in the following format =
2012-07
2012-06
2012-05 etc....upto
2010-01
So i started out my creating like this:
select
to_char(Table1.Date,'yyyy-mm')
from Table1
Union
[Code]....
.and so on till i get 2010-01.
there has to be a better way to do this.
I need to create a materialized view with a clob column based on a varchar2 column of a table.This is because in the mv the clob column data gets appended one after another.
View 2 Replies View RelatedI'm doing online business of selling my manufacturing product to my customer through internet. It is so much easy way but with this there are some unwanted threads that might be disturb business working area. I want to keep my customer online data from hacker but have no strong software who minimize or protect them hackers.
View 1 Replies View RelatedCan i get some documents on oracle RAC database encryption.?what are the pros and cons of encryption?Does this comes with oracle Database or something we need to buy from oracle sales persons?
View 2 Replies View RelatedWe've a requirement to hide particular data set for users, until it's reviewed & approved by admin. This needs to be implemented in our live environment (BO WebI 3.1 and Oracle 10G). We explored below options on the db side but obviously it will increase the maintenance efforts:
1. Implement data level security using Virtual Private Database (VPD) and some flag indicators.
2. Storing approved and unapproved data in different db partitions
Is it possible to migrate everything (tables, indexes) from a unencrypted to encrypted tablespaces online i.e. while the database is being used (DML)?
View 3 Replies View RelatedI have the following requirement and we are on R12.1.3 with Oracle 11gR2 database on a Linux R5 machine.
1) Sensitive data such as SSN and credit card needs to masked in the oracle seeded table like per_all_people_f etc.
2) This original data should not be visible either from the database (apps user) or via the application. They should both provide the decrypted data to the users.
3) There are a set of users that need point # 2 overridden. That is, they should be able to see the decrypted data using sql on the tables or via the application (front end).
How to get the data access for a temp table ?
View 5 Replies View RelatedOur client is having requirements that data should be encrypted through-out the process (from transaction level to backup level).
Requirements are as below -
1) Data should be encrypted and can be access only through application (through front end).
2) Even if pl/sql, sql installed, developer user cannot able to fetch data from database.
3) Even DBA, should not have access to fetch the data from the database.
4) Only assigned DBA, should fetch details from database (provided he/she should have details of database as well as application's user / password).
5) It should be restricted by ip and user details (such as ip of application server with user/password of user).
6) Changes should be purely done from database level only.