Oracle offers a comprehensive suite of database security solutions that aim to secure the databases and applications by protecting sensitive information, detecting threats and attacks, and managing security policies along the lines of organizational compliance. The defense-in-depth approach of Oracle can be categorized under preventive, detective, and administrative controls that ensure all the vulnerable areas of an application are covered. A powerful security strategy can be developed and laid down by using the right mix of security features. The factors impacting the formulation of a security strategy can be threat anticipation, data sensitivity, data distribution and user classification, compliance, and internal regulations.

Each of the above categories includes various products and technical features. The following diagram bifurcates the security pillars into security measures:

Oracle Database security feature under three categories

The Oracle Database...

In an enterprise application, user isolation or role-based multitenancy ensures that data is accessed by the authorized users only. In a Software as a Service (SaaS) model application, tenant isolation is one of the prime demands. Application users are authorized to access only their world of data and not peek into other user's data.

Fine-grained access control (FGAC) enables the enforcement of security policies on the access of rows and columns based on the user's role and authorization. For example, an HR representative is authorized to view the details of employees that belong only to his vertical. Similarly, a relationship officer in a bank is authorized to access the account details of those customers that belong to his branch. The FGAC feature provides you with the mechanism to expose the authorized piece of data only to the approved user.

The working principle of the Virtual Private Database technology is that users should have isolated and distinguished data access. Virtual Private Database (VPD) is a feature that is built on fine-grained access control and uses application contexts to define and add the predicates to the SQL queries. Similar to FGAC, Virtual Private Database lays down the security framework through the security policies in the Oracle Database and associates them directly to tables, views, or synonyms. The security policies act as a safety net on the objects, and by no means they can be bypassed.

Oracle captures the static and dynamic details of the VPD policies in dictionary views. You can query the following dictionary views to find the metadata about the Virtual Private Database security policies:

Oracle Database 12c Security enhancements

---

Oracle Database 12c introduced a number of features and enhancements to further strengthen the in-depth security collateral. In this section, you will understand some of the key security enhancements and features in Oracle Database 12c. The following is a summary of the new security features:

• Real Application Security(RAS): Oracle Database 12c introduces a data authorization solution to provide end-to-end security in a multitier application architecture. You can now declare and enforce the application-level security policies in the database kernel. The RAS security model understands the application-level security policy constructs, such as application users, privileges, and roles within the database, and enforces the security policies in the context of the application. As well as data access, RAS can help the applications to secure the access control operations of an application user.

• Oracle Data Redaction: The Data Redaction feature masks the sensitive...

Summary

---

In this chapter, we covered the fundamentals of database security solutions from Oracle. After an overview of the Oracle Database Security solution, we dived into the fine-grained access control and Virtual Private Database. The Virtual Private Database enforces row-level security through the policies and restricts the data access for unauthorized users. Depending on a user's identity and role, the application can set up multitenancy and ensure user isolation as well.

Oracle Database 12c made considerable enhancements to its security offering. The summary of these enhancements was included, while the Data Redaction feature was covered in detail along with demonstrations. In the next chapter, we will dive into another key area that has continuously gained more weight with time: handling of large objects in the Oracle Database. We will be focusing the majority of our discussion around SecureFiles and its optimizations.

Practice exercise

---

• Identify the correct statements about the working of Fine Grained Access Control.

  1. A table can have only one security policy.

  2. Different policies can be used to protect the SELECT, INSERT, UPDATE, and DELETE statements on a table, but not one.

  3. The policy function returns the predicate information as WHERE <Column> = <Value>.

  4. Once associated, the FGAC policy cannot be revoked from the table.

• A security policy can be associated to a group of objects by the DBA. State whether this is true or false.

  1. True

  2. False

• Choose the correct statement about DBMS_RLS.

  1. DBMS_RLS is used only for row-level security policies.

  2. The package is owned by SYS.

  3. It can create / drop / refresh policies and create/drop policy groups.

  4. Using DBMS_RLS to set the policy degrades the application performance.

• Identify the correct statements about the context of an application.

  1. A user who holds the CREATE CONTEXT privilege can create a context.

  2. It is owned by the SYS user.

  3. A user can check the context metadata in...

The rest of the chapter is locked

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Renews at $15.99/month. Cancel anytime

Start free trial

Previous Chapter

Chapter 12 of 19

Next Chapter

You have been reading a chapter from

Advanced Oracle PL/SQL Developer's Guide (Second Edition) - Second Edition

Published in: Feb 2016Publisher: ISBN-13: 9781785284809

© 2016 Packt Publishing Limited All Rights Reserved

Register for a free Packt account to unlock a world of extra content!

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Sign up now

undefined

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $15.99/month. Cancel anytime

Author (1)

Saurabh K. Gupta

Saurabh K. Gupta is a seasoned database technologist with extensive experience in designing high performance and highly available database applications. His technology focus has been centered around Oracle Database architecture, Oracle Cloud platform, Database In-Memory, Database Consolidation, Multitenant, Exadata, Big Data, and Hadoop. He has authored the first edition of this book. He is an active speaker at technical conferences from Oracle Technology Network, IOUG Collaborate'15, AIOUG Sangam, and Tech Days. Connect with him on his twitter handle (or SAURABHKG) or through his technical blog www.sbhoracle. wordpress.com, with comments, suggestions, and feedback regarding this book.
Read more about Saurabh K. Gupta

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages

Dictionary view	Comments
[ALL | USER | DBA]_POLICIES	The view captures the security policy on objects accessible to a user, owned by a user, or within a database.
[ALL | USER | DBA]_POLICY_ATTRIBUTES	The view captures the application context namespaces, their attributes, and their association with the Virtual Private Database policy.
[ALL | USER | DBA]_POLICY_CONTEXTS	The view captures information about the driving contexts for the objects.
[ALL | USER | DBA]_POLICY_GROUPS	The view captures information about the policy groups on the objects.
[ALL | USER | DBA]_SEC_RELEVANT_COLS	The view captures the specifications of the column-level Virtual Private Database policy on the objects.
V$VPD_POLICY	The dynamic view captures information about...