Forum Stats

  • 3,840,371 Users
  • 2,262,594 Discussions


Using TDE in Oracle

GoldenData Member Posts: 3 Bronze Badge
edited May 28, 2020 11:58PM in Database Security - General


We would like to use Oracle TDE (Transparent Data Encryption) for the encryption of sensitive data (RDBMS

We already have the Advanced Security license , so it's ok

We should secure access to sensitive data in 2 databases:

- A source database.: DB1

- A target  database (DB2)  copy from DB1 by using DataStage tool.

Application users USER_APP_1, USER_APP_2 use the same single oracle user USER_ORACLE to connect to the DB1 database.

The user USER_APP_1 has the privileges  to see the data encrypted in clear (Decrypted).

User USER_APP_2 does not have privileges to see encrypted data.

1 / How to apply this strategy on the 2 users USER_APP_1 and USER_APP_2 if they use the same Oracle connection via the user USER_ORACLE?

2 / Should the same key be used in the 2 databases DB1 and DB2? if so, should you share this key for each database or duplicate it for each of the 2 databases DB1 and DB2 (DataStage copy of DB1).

Thanks for your help.

Best regards.



  • Emad Al-Mousa
    Emad Al-Mousa Member Posts: 716 Bronze Trophy
    edited May 28, 2020 2:41PM


    i didn't understand you question.....if you are using TDE the encryption is on "rest" on the physical data files levels, once you perform a SQL query the data is "decrypted". Are you performing a "column" level encryption ?


  • pmdba
    pmdba Member Posts: 103 Bronze Badge
    edited May 28, 2020 11:58PM

    TDE won't prevent any user from reading the data once they log into the database. It only encrypts the datafiles (or portions of them) themselves. Any data selected by any query is automatically decrypted as it is read into memory from the file (thus "transparent"). If you want to allow one user to see data and prevent another user, then consider Virtual Private Database. VPD is access control, not encryption.