Re: Transparent Data Encryption

You can use VPD to restrict access to very specific columns and even rows. The conditions can be anything you can express in PL/SQL - even things such as connection IP addresses (to e.g. prevent certain data from being read remotely) and of course anything like roles or users.

Stefan

On Thu, Aug 22, 2019 at 1:22 AM Rusnak, George A CTR (US) DeCA HQ LEITC < george.rusnak.ctr_at_deca.mil> wrote:

>
> Oracle Version: 12.1.0.2
>
> We are installing a new system and it contains PII information. TDE was
> suggested to protect the PII information, also a requirement exists that I
> need to limit access to encrypted columns based on roles assigned to users.
> For example, I would create an HR_ROLE and only those users with the
> HR_ROLE can get to HR encrypted data columns.
>
> I have been researching but have not come across any article that covers
> this so I am not sure if it even can be done.
>
> Any info or how to document would be greatly appreciated.
>
> Thanks,
> Al
>

-- 
//
zztat - The Next-Gen Oracle Performance Monitoring and Reaction Framework!
Visit us at zztat.net | _at_zztat_oracle | fb.me/zztat | zztat.net/blog/

--
http://www.freelists.org/webpage/oracle-l