Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Oracle hide columns from certain users

Tags:

security

oracle

privacy

tns

The scenario : an Oracle 11g database containing some sensitive user data that could result legal liabilities if disclosed to the wrong party.

The desired effect : only a certain user, connecting from a certain IP, can see the column that contains this sensitive user data

I am not sure that hidden columns or virtual columns are the right ways to do this. It seems that Fine-Grained Access Control could help. I am not sure of what is the best solution. The restriction by IP is probably done at the listener level?

The question : How can we restrict the visibility of a column so it is only available only to a specific user? All the other users would never see the column, not even when doing a "DESC TABLE_WITH_SENSITIVE_DATA"

Thanks for any tips.

like image 706
emx Avatar asked Feb 13 '13 12:02

emx

People also ask

How to Hide column data in Oracle table?

To hide a column, click the name of the column in the Columns sub-menu. The sub-menu closes. When you display the Columns sub-menu again, the blue check-mark no longer appears next to the column name, indicating the column is now hidden in the table.

How do I restrict a column in Oracle?

Answers. Add a CHECK constraint to the column. You can add the constraint when you create the table if you want.

How do I make invisible columns visible in Oracle?

Columns can be made invisible in the CREATE TABLE statement or using an ALTER TABLE statement.By default columns are visible. Invisible columns can be made visible again using an ALTER TABLE statement. Any generic access of a table (such as a SELECT * FROM table or a DESCRIBE) will not show invisible columns.

2 Answers

Simplest way to do this is to create a view on the table that does not contain all of the columns. Don't grant select on the table, but only on the view.

like image 171
Rene Avatar answered Oct 01 '22 10:10

Rene

The "proper" way to do this is with Fine-Grained Access Control (Virtual Private Database), which can replace the contents of columns with a NULL if certain conditions are not met.

See the example here: http://docs.oracle.com/cd/B28359_01/network.111/b28531/vpd.htm#autoId17

You can probably build this sort of functionality yourself if you're feeling both impoverished and skilled.

like image 31
David Aldridge Avatar answered Oct 01 '22 12:10

David Aldridge
Sign in to Comment

Related questions

SQL Server Equivalent of Oracle 'CONNECT BY PRIOR', and 'ORDER SIBLINGS BY'
LINQ: How to get the Max Id with a group by clause?
Oracle Error When Creating View - ORA-01720
Oracle : How to update multiple columns from different table?
SQL Grant on - for multiple users
Oracle table change monitor
Is there a way to make Oracle recalculate a query plan for each query invocation?
Date Range in PL/SQL (Oracle)
Oracle Parameters with IN statement?
Oracle same table name on different schema?
Oracle PLSQL - Declare a cursor on a non-existing table
Fastest way to identify differences between two tables?
Oracle syntax error [duplicate]
Optimal way to create a histogram/frequency distribution in Oracle?
Oracle timestamp difference greater than X hours/days/months
How to create a oracle sql script spool file
Oracle SQL - Using joins to find values in one table, and not another
How to write a table literal in Oracle?
sqlalchemy Oracle schema
get runtime execution plan of a query

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!