Databases Reference
In-Depth Information
rerouting from the failed instance to the instance that is available with fast reconnect
and automatically captures diagnostic data.
Database Security Features
Oracle includes basic security for managing user access through roles and privileges.
These can be managed through Enterprise Manager on a local basis or on a global basis
by leveraging Oracle's enterprise user security, a feature in the Advanced Security
Option.
Database security features allow you to implement a Virtual Private Database (VPD)
using Oracle by creating and attaching policies to database tables, views, or synonyms.
These policies are then enforced by placing a predicate WHERE clause on SELECT,
INSERT, UPDATE, DELETE, and/or INDEX statements.
New in Oracle Database 12
c
, you can redact or mask data queried by users or applica‐
tions, taking into account assigned privileges. Full data redaction, partial data redaction,
or random data redaction of specified columns in tables or views is supported.
Many organizations face the need to meet more stringent compliance requirements for
improved data protection, although database usage now can extend beyond organiza‐
tional boundaries. Oracle has added several options to the database to enable secure
deployment in such challenging environments. These options include the Advanced
Security Option, Label Security Option, Database Vault Option, and Audit Vault and
Database Firewall Option.
Advanced Security Option
The Advanced Security Option (ASO) enables data encryption of tablespaces and col‐
umns in the database via Transparent Data Encryption (TDE), which encrypts and
decrypts data without requiring any code in the applications that access this data. Data
encrypted in TDE remains encrypted when backed up using RMAN. ASO also provides
strong authentication services to the database through two-tier key management con‐
sisting of a master encryption key and one or more data encryption keys. Oracle Da‐
tabase 12
c
further enhanced the range of TDE key management capabilities available.
Standards-based network encryption is provided with authentication to the database
through Kerberos, KPI, or RADIUS. Industry standard network encryption, enabling
more secure Oracle Net connections, includes support for the Advanced Encryption
Standard (AES) and the U.S. Triple Data Encryption Standard (3DES).
Label Security Option
Oracle Label Security controls access to data by comparing labels assigned to rows of
data with label authorizations granted to users through their privileges. Multiple
