-
Is this possible in Oracle
I have a table where a particular column needs to be invisible when users query that table, say like Date of birth, SSN columns.
Manager says even this col has to be invisible to dba's too.
Is this some thing related to encryption and decryption? and what all is needed to put this into working?
"What is past is PROLOGUE"
-
If users and DBAs aren't supposed to be able to access that data, why is it even stored?
Hiding data from a DBA is very difficult as they must be able to back up the database. You can obfuscate it with the DBMS_CRYPTO, but your application will have to know to use the encrypted value.
-
HR related data should be seen only by HR associates.
By the way this is for Oracle 9i. I came accross DBMS_OBFUSCATION_TOOLKIT package, which can do the above for me.
any valid suggestions..............?
"What is past is PROLOGUE"
-
"The person who says it cannot be done should not interrupt the person doing it." --Chinese Proverb
-
Originally Posted by LKBrwn_DBA
unfortunately those arent invisible to DBAs
you might have a look at Data Vault, not sure if it works for 9i though
-
I know information is not hidden from DBA's, but I assumed jhmartin's post had clarified that issue.
"The person who says it cannot be done should not interrupt the person doing it." --Chinese Proverb
-
Does the manger wants to Hide the contents of data from being visible by DBA?
IF such, A view can be created for users without those two columns, and dbms_obfuscation_toolkit can be used to encrypt and decrypt the values to be stored in the table.
Below is the example link which might be helpful
http://www.databasejournal.com/featu...le.php/3358671
-
Originally Posted by tabreaz
IF such, A view can be created for users without those two columns, and dbms_obfuscation_toolkit can be used to encrypt and decrypt the values to be stored in the table.
Still a dba can access the data by executing the DESDecrypt procedure.
Any user who runs the DESDecrypt procedure can see the data. How this works to make data secure and hide from normal users?
Create the encrypt and decrypt procedures from a user and grant execute to the privileged users. But this will not hide the data from dba's view, as requested by my manager.
"What is past is PROLOGUE"
-
How about using such encryption mechanism from Outside Oracle, and only manager has the control of that application (Both Encryption and Decryption)?
-
Originally Posted by tabreaz
How about using such encryption mechanism from Outside Oracle, and only manager has the control of that application (Both Encryption and Decryption)?
Sounds good, do you suggest any
"What is past is PROLOGUE"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|