Oracle hide columns from certain users

emx picture emx · Feb 13, 2013 · Viewed 8.4k times · Source

The scenario : an Oracle 11g database containing some sensitive user data that could result legal liabilities if disclosed to the wrong party.

The desired effect : only a certain user, connecting from a certain IP, can see the column that contains this sensitive user data

I am not sure that hidden columns or virtual columns are the right ways to do this. It seems that Fine-Grained Access Control could help. I am not sure of what is the best solution. The restriction by IP is probably done at the listener level?

The question : How can we restrict the visibility of a column so it is only available only to a specific user? All the other users would never see the column, not even when doing a "DESC TABLE_WITH_SENSITIVE_DATA"

Thanks for any tips.

Answer

Rene picture Rene · Feb 13, 2013

Simplest way to do this is to create a view on the table that does not contain all of the columns. Don't grant select on the table, but only on the view.