Database Vault Oracle

Oracle Database Vault

Database Vault is used to restrict access from data. You can even restrict your administrator to avoid seen your data such as credit card number, Employee salary etc.

It’s protected data from super user privileges and allows them to maintain the database.

Database Vault Control Components: Way to implement security

Realms:  A realm is a functional grouping of database schemas, objects and roles that must be secured. To prevent privileged users from using special privileges to access application data.

Example:  you can group your schema/tables of secure data like Human Recourses, Sales and accounts data. Then you can use realms to control the access of data for securing data.

Command Rules: A command rule is a special rule that how user can execute any SQL statement. It check weather user allowed to execute SQL statement.  Special rules that control the execution of database commands

Factors: A factor is a environment variable such as IP address, Session user. Use this factor to restrict the data access and connect the database.

Rule Sets: A rule set is a collection of one or more rules through realms authorization, Command rules and factors assignment. You can check true or false

Secure application roles: enable from oracle database vault rule set.

Oracle Database Vault has two Schemas:

  1. DVSYS: Stores oracle object need to process oracle data for database vault
  2. DVF: help function for access control configuration

Effects when database audit implemented:

Some parameter in init file is changed eg AUDIT_SYS_OPERATION = TRUE , SQL92_SECURITY=TRUE

From DBA roles some privileges is revoked eg  Select any transaction, Create any job, Execute any program etc.

AUD$ table is moved from sys schema to system Schema

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.