This content has been marked as final. Show 2 replies
if you use Transparent Data Encryption you can choose between column encryption and tablespace encryption (or a mix)
and the master key for both can only be stored in the same wallet (in 11gR2 we have a unified master key for both).
Also an important concept of TDE is that it is tranparent: application users do not need to know any encryption key (passphrase),
when you are asking that
need to encrypt certain columns and these columns should be accessible to certain users who know a "key phrase" - and not othersthen you are making a common conceptual mistake, which is to confuse encryption with access control, there's actually a good
statement about this in the security guide here: Principle 1: Encryption Does Not Solve Access Control Problems
So if some users should not have access to certain data, please solve this with access controls in combination with VPD,
trying to solve it with encryption is simply ill-advised,
Harm ten Napel
Edited by: hnapel on Jan 24, 2013 8:14 AM
Thanks for the pointers, it does help us go in the right direction..