Oracle Database Vault
Database Vault is used to restrict access from data. You can even restrict your administrator to avoid seen your data such as credit card number, Employee salary etc.
It’s protected data from super user privileges and allows them to maintain the database.
Database Vault Control Components: Way to implement security
Realms: A realm is a functional grouping of database schemas, objects and roles that must be secured. To prevent privileged users from using special privileges to access application data.
Example: you can group your schema/tables of secure data like Human Recourses, Sales and accounts data. Then you can use realms to control the access of data for securing data.
Command Rules: A command rule is a special rule that how user can execute any SQL statement. It check weather user allowed to execute SQL statement. Special rules that control the execution of database commands
Factors: A factor is a environment variable such as IP address, Session user. Use this factor to restrict the data access and connect the database.
Rule Sets: A rule set is a collection of one or more rules through realms authorization, Command rules and factors assignment. You can check true or false
Secure application roles: enable from oracle database vault rule set.
Oracle Database Vault has two Schemas:
- DVSYS: Stores oracle object need to process oracle data for database vault
- DVF: help function for access control configuration
Effects when database audit implemented:
Some parameter in init file is changed eg AUDIT_SYS_OPERATION = TRUE , SQL92_SECURITY=TRUE
From DBA roles some privileges is revoked eg Select any transaction, Create any job, Execute any program etc.
AUD$ table is moved from sys schema to system Schema