This discussion is archived
8 Replies Latest reply: Aug 10, 2013 10:08 AM by 913089 RSS

Hiding Some DataBase Objects

IbrahimDarwiesh Newbie
Currently Being Moderated

i want a way or a product that can hide

packages body

specific Tables

,function and procedure

from being viewed,Altered  by /,System or sys

i will give this privileges to other users temporary and i will back again , it is just a while  

 

 

i hope you help me , Thanks @All

  • 1. Re: Hiding Some DataBase Objects
    Lalit Kumar B Explorer
    Currently Being Moderated

    Are you granted the privilege with the ADMIN OPTION?

  • 2. Re: Hiding Some DataBase Objects
    IbrahimDarwiesh Newbie
    Currently Being Moderated

    yes ADMIN OPTION is granted to then >>

         i want to prevent then from viewing Some Tables has critical data and also prevent then from Exporting this tables to DMP file

  • 3. Re: Hiding Some DataBase Objects
    Asif Muhammad Guru
    Currently Being Moderated

    Hi Ibrahim,

     

    If you wish to secure or prevent users with viewing certain data, why cant you go ahead creating a view.

     

    As far as I know, users with DBA role and the object owner can export them to dmp files, and the only options that I can think of securing these objects from the Object owner or the DBA role users is by creating an Oracle Wallet.

     

    Best Regards

  • 4. Re: Hiding Some DataBase Objects
    Justin Cave Oracle ACE
    Currently Being Moderated

    If you want to prevent DBAs from seeing data in the database, you'd need to license Oracle Database Vault

     

    Justin

  • 5. Re: Hiding Some DataBase Objects
    IbrahimDarwiesh Newbie
    Currently Being Moderated

    dear Justin , i have about 2 weeks testing ODV .. this is not secure with console session on the DB server and this not applicable with My BCase ..

    simply i want to prevent ( ANY ) access role with DBA (RDBMS , DBF ,CONF ,DLL)

    so if there is any other solution . i'll be glade again

  • 6. Re: Hiding Some DataBase Objects
    Justin Cave Oracle ACE
    Currently Being Moderated

    Sorry, I understand that you're having problems with Oracle Data Vault.  I can't quite figure out what problems you are having.  I don't understand what "bcase" stands for.  I don't understand why Data Vault is "not applicable".  I don't understand what the set of acronyms you posted has to do with anything.  DBF is a common extension for Oracle data files but I don't understand what that has to do with Data Vault.  I don't understand what a DLL has to do with anything.  Oracle is an RDBMS but, again, I don't see how that is relevant.

     

    Justin

  • 7. Re: Hiding Some DataBase Objects
    IbrahimDarwiesh Newbie
    Currently Being Moderated

    i am very sorry for misunderstanding ..

    i mean that : any user has OS privileges can edit ODV configuration file and disable or enable database and controlling oracle database physical component and this is the main problem in my business case .. how to prevent (ANYONE) controlling database and stopping DBA  control power in the Database ..

     

    thanks for reply  and again i am sorry for misunderstanding

  • 8. Re: Hiding Some DataBase Objects
    913089 Newbie
    Currently Being Moderated

    Taking a step back my POV would is  . . .

     

    Trusting your OS users that can control the database (SysAdmins and DBAs) would be a vetting process outside of any software.

    Use business policies such as Separation of Duties (SOD) so that only proper individual can modify ODV is a requirement.

    SOD should supply you with one form of checks and balances.

    ODV can and does supply methods to restrict and separate duties.

    My previous implementation of ODV was able to restrict DBA access to what is necessary to do their job and only their job.

    No access to schema data or code.

    You can always define your own roles to accomplish SOD within the database.

     

     

    FYI: Oracle Database 12c has a better SOD with additional granular roles of that breaks up SYSDBA privileges.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points