An Oracle DB user has SELECT permission on all the tables of a DB schema. Can i restrict the user to view the table data.The user should be able to select the table but should not be able to see the data. This specific requirement is required for user who reviews DB design and generates ALTER script for DB using Oracle Data Modeler 3.3 where he can just see the table design and can compare it with ERD Can i achieve it using FGAC or RLS?
Thank you for response.
You can use Database Vault. Oracle Database Vault provides powerful security controls to help protect application data from unauthorized access, and comply with privacy and regulatory requirements.
Controls can be deployed to block privileged account access to application data and control sensitive operations inside the database using multi-factor authorization.
More information about database Vault Please check below link:
First, does this user actually need to have SELECT access on the table? If he's just looking at the structure of the table but not the data, you could grant the user SELECT ANY DICTIONARY. That would allow them to see the structure of any table in the database without being able to actually query any of them. That might not work with a particular GUI (which will often query ALL_TABLES, ALL_TAB_COLUMNS, etc rather than DBA_TABLES, DBA_TAB_COLUMNS, etc.). But the user would be able to do things like generate the DDL for a table using the DBMS_METADATA package or write queries that compare the data dictionary across environments.
Second, if the user does need SELECT access on the table, you don't need to license Database Vault. You can create a VPD policy on the table that returns a predicate of 1=0 for the user in question. That will suppress all the data when the user queries the table.