Real Application Security with centrally-managed users
Date: Tue, 13 Feb 2024 13:31:22 -0800
Message-ID: <4d2ea3f2-9a74-41f0-b1c0-fa19596f39fa_at_gmail.com>
Friends and colleagues,
I'm working on a problem involving two somewhat obscure -- but vitally important -- pieces of functionality in Oracle19c...
- Real Application Security (RAS)
- Centrally-managed users (CMU)
In general, RAS is the successor to virtual private databases (VPDs), which was introduced way back in Oracle8i for fine-grained row-level security and column-level security. CMU is the management of database users by a centralized external authority such as Microsoft Active Directory, rather than an Oracle DBA using CREATE USER commands in each Oracle database.
There is copious documentation and support for either mechanism, but I am hard-pressed to find anything indicates that both can be used together.
We've already started down the road of devising a custom solution for integrating the two, but it is hitting difficulties, so I would like to find out if anyone on this list has any experience -- or knows of someone who has experience -- using both RAS and CMU together?
If anyone from the security or identity-management product groups at Oracle could offer any advice, it would be gratefully accepted!
Please let me know what you think?
Thanks!
-Tim
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Feb 13 2024 - 22:31:22 CET