Oracle hide columns from certain users

oracle security privacy tns
emx picture emx · Feb 13, 2013 · Viewed 8.4k times · Source

The scenario : an Oracle 11g database containing some sensitive user data that could result legal liabilities if disclosed to the wrong party.

The desired effect : only a certain user, connecting from a certain IP, can see the column that contains this sensitive user data

I am not sure that hidden columns or virtual columns are the right ways to do this. It seems that Fine-Grained Access Control could help. I am not sure of what is the best solution. The restriction by IP is probably done at the listener level?

The question : How can we restrict the visibility of a column so it is only available only to a specific user? All the other users would never see the column, not even when doing a "DESC TABLE_WITH_SENSITIVE_DATA"

Thanks for any tips.

Answer

Rene picture Rene · Feb 13, 2013

Simplest way to do this is to create a view on the table that does not contain all of the columns. Don't grant select on the table, but only on the view.

Related questions

How to find the privileges and roles granted to a user in Oracle?

I am using Linux, Oracle10g. I have created one user called test. and granted create session and select any dictionary permission to the same user. i also granted sysdba and sysoper roles to the same users. Now i want …

Read More
How do I turn off Oracle password expiration?

I'm using Oracle for development. The password for a bootstrap account that I always use to rebuild my database has expired. How do I turn off password expiration for this user (and all other users) permanently? I'm using Oracle 11g, …

Read More
What is the recommended way to encrypt in Oracle?

I need some help from Oracle/Security experts. I'm going to make functions for encryption/decryption in our Oracle DB. I intend to use dbms_crypto with AES256. I understand that I should store the key file in the O/…

Read More