0 Replies Latest reply: Jul 6, 2012 10:47 AM by 947860 RSS

    Oracle Database Vault, issue working with domain and different rules

    947860
      Hello
      I am working with Oracle Database Vault (11gr2)
      I create a realm and I add all sensible data, (owner-object-and type of object).
      I include, in the section user privileges, the role DBA with a rule; I can control the access to sensible data to different users with DBA privilege. DVSYS.DBMS_MACUTL.USER_HAS_ROLE_VARCHAR(' DBA ')='Y'
      If a user needs access to sensible data, this user must have granted the role CPERFIL
      I include, in user privileges, the role CPERFIL with a rule.
      In this rule, I deny the access with DVSYS.DBMS_MACUTL.USER_HAS_ROLE_VARCHAR(' CPERFIL ')!='Y'.
      I cannot control the access to sensible data to different users with privilege.
      I tried to manage the command, example SELECT, and join a rule. But If I use this way I restrict the SELECT to all user.
      Other test, DBA user created a new role called TEST and grantee CPERFIL and TEST role to a user, then in the rule ask for this rule, but don’t work. This user can access to sensible data. DVSYS.DBMS_MACUTL.USER_HAS_ROLE_VARCHAR(' TEST ')!='Y'