This content has been marked as final. Show 4 replies
If users have sysdba access, I'll advise database Vault, but if they are not I'll advise VPD (http://docs.oracle.com/cd/B28359_01/network.111/b28531/vpd.htm)
The most robust approach would be to use Oracle VPD (Virtual Private Database). Specifically the column masking functions in VPD.
You could also create a view that didn't expose the salary information and grant access only on that view to the users that shouldn't be seeing salary information but that tends not to scale as well.
These are all correct ... just adding that OLS by itself cannot control access to columns, only rows.
More info about VPD: http://www.oracle.com/technetwork/database/security/index-088277.html
More info about OLS: http://www.oracle.com/technetwork/database/options/label-security/index.html
and how OLS and VPD can be combined to get access controls on columns based on OLS labels:
Thanks for all experts help.
I am reviewing VPS solution. our condition is front application was done and my boss does not like to make any changes in front side.
However, i do not find how to configure column database policy at Oracle Virtual Private Database ? but I saw row level example.
Any example of column data display policy?
Does DBA need to install or configure database components for Oracle Virtual Private Database ?
Edited by: Oradb on Jul 26, 2012 11:27 AM