Oracle Cloud offers a broad portfolio of software as a service applications, platform as a service, and social capabilities, all on a subscription basis. Oracle Cloud delivers instant value and productivity for end users, administrators, and developers alike through functionally rich, integrated, secure, enterprise cloud services.
 Get a Free Magzine ...Profit:The Executive's Guide to Oracle Applications

Subscribe to the OracleAppsHub to receive notifications when there are new posts:

 get RSS feed
 Oracle Fusion Applications (OFA) is a portfolio of next generation suite of software applications from Oracle Corporation. It is distributed across various product families; including financial management, human capital management, customer relationship management, supply chain management, procurement, governance, and project portfolio management
 Get a Free Magzine ...Profit:The Executive's Guide to Oracle Applications

Security : Oracle Database Vault

Posted on August 20th, 2011 by Sanjit Anand ||Email This Post Email This Post

Have you tried OracleappsHub in ipad/iphone/smart Phone? Don't wait. try it today

Oracle Database Vault restricts access to specific areas in an Oracle database from any user, including users who have administrative access. For example, you can restrict administrative access to employee salaries, customer medical records, or other sensitive information.

This enables you to apply fine-grained access control to your sensitive data in a variety of ways. It hardens your Oracle Database instance and enforces industry standard best practices in terms of separating duties from traditionally powerful users.

Oracle Database Vault this addresses common regulatory compliance requirements and reduces the risk of insider threats like.

  • Preventing highly privileged users (DBA) from accessing application data.
  • Enforcing separation of duty (DBA can’t create users, view data).
  • Providing controls over who, when, where and how applications, data and databases can be accessed.
  • Can be added to existing application environments without changes to the existing application code.

For Consulting people, lets try to understand three most important concept required from security .

1) Realms – These are boundaries within the Oracle database that act like a firewall to prevent privileged users from using their special privileges to access application data.

The realms can be used to protect an entire application or a specific set of tables within an application, providing highly flexible and adaptable security enforcement.

Look at the following diagram the DBA has been denied access to view the application data, in spite of the special privileges.

Oracle Databse Vault

2) Command Rules – Security rules that can be created for creating, dropping and altering tables inside the database and decide whether to block a command.

Factors – It can also reference out-of-the-box factors such as IP address, authentication method and program name.

In the diagram below, Database Vault has denied access as the applications are accessed either through wrong IP address or tool.

Oracle Audit Vault-2

3) Separation of duty – Oracle Database Vault systematically separates DBA duties to strengthen security controls and helps satisfy requirements found in many regulations.

Out-of-the-box, Database Vault creates following 3 distinct responsibilities within the database

  • Account Management :A user with account management responsibility can create, drop, or modify database users
  • Security Administration :A security administrator can manage realms, command rules, factors etc., but prevented from self-authorizing access to secured business data
  • Database Administration :Database administration responsibility enables a user to continue performing normal management and maintenance, such as backup and recovery without having access to secured business data

Therefore, Oracle Database Vault is an integral component of your enterprise.Typically companies configure Oracle Database Vault to manage the security of an individual Oracle Database instance.

Related Posts

Posted in Security | No Comments »Email This Post Email This Post |

Have you tried OracleappsHub in ipad/iphone/smart Phone? Don't wait. try it today
Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.