Oracle Database 12c Security
Session 2 - Tutorial Agenda
John: Thank you. Thank you, David. Good afternoon, good morning, depending on the time zone, everybody. I'll run through now what I want to cover in this short session.
First, I'm going to go through the Virtual Private Database. Virtual Private Database also known by several other acronyms, some people actually refer to it as Row-Level Security. Other people use Fine Grained Access Control. So, VPD RLS FGAC.
A powerful facility. It's also bundled up by the way as Label Security. It was first introduced in release 8i and it's just about works. But back then it's had serious performance problems. Furthermore, it wasn't really suitable at all for a web environment. I think many people - myself included - tried it back with 8i and thought this doesn't work and gave up. However, in the later releases, particularly with changes that came in with 10g, it's become a very powerful capability indeed which I strongly advice everybody to look at.
VPD - we'll have a look at VPD - I should point out, it's Enterprise Edition. Then we'll move on to a 12c feature, your data redaction newly released 12.1. Positioning data redaction against VPD there is, as far as users are concerned, considerable functional overlap. But the underlying technology is in fact completely different. The protection you get with data redaction is not as comprehensive as that provided by the VPD.
In some cases, my attempt to reverse engineer it found it may be possible circumvented in certain circumstances if the user 1:58 inaudible privilege position. But compared to VPD, it is not simple to implement and I don't believe they're only performance issues. Redaction is licensed as part of the advanced security option from 12c onwards.
Thirdly, a brief mention of data masking. I don't think I'm going to have time to demonstrate data masking but for completeness I do want to mention it, because again there's an overlap with data redaction, with Virtual Private Databases, all in the same sort of area. But I won't have time to demonstrate that, I don't think.
The data masking briefly then, unlike the other two, data masking actually changes data. Virtual Private Database restricts the data that people see. Data redaction conceals or hides the data. A subtle difference there. Data masking actually changes the data in the database and it's a permanent change. That makes it suitable for long production systems. All those clones you'd make.
When you clone your databases to test systems, the development systems, the DSS query systems and so on, you have to clean the data. You have to remove all the personal references so that people can't see any of the personal indicators as you move your data from production to the warehouse for redaction development. That's where data masking comes in. A permanent change makes the data typically on cloned systems it's generated from your production boxes.
The reason I won't have time to demonstrate it is that with 12c it is pretty awkward. One data masking came in with 11g. There was a very nice graphical interface provided with 11g database control and no PL/SQL interface. With release 12c, database control no longer exists and there's not a data masking interface provided with database express. So to get data masking functioning nowadays, you need either grid control or cloud control. I don't think I'm going to have time to switch over to that environment. But, remember, it's there and those overlap with the other two functions.
Then lastly, we'll move on to Transparent Sensitive Data Protection, TSDP.
TSDP is a very good frontend, simplified the pain of implementing VPD or data redaction. So what I'll run through is VPD, redaction, and then Transparent Sensitive Data Protection, which will make it so much easier to configure.
Make an eye-catching cartoon video in five minutes with our free, easy-to-use online cartoon software.
You’re fighting for your customer’s attention on a crowded stage. The only way to get noticed is to be awesome and a little bit different — but how?
Make a sleek cartoon video. With our free online app you can make a stunning video in less time than it takes to drink a coffee.
Wait — aren’t your customers sophisticated grown-ups? Why should you even consider a cartoon video? Is animation still in? (Yes — but more on that later.)
A cartoon video transcends reality. It pulls us away from the scary real world and into a magical place where problems are solved by robots, bears, and other cute stuff you’ll never admit to liking in front of your friends.
It’s the perfect video format for:
Introducing playful, quirky businesses with personality and something to say Crafting cool looking ads for your latest social media campaign Educators and educational content creators who want to present information in a way that’s easy to digest Making training videos that don’t put the viewer to sleep Crossing cultural barriers (because everyone loves cartoons)
Ready to see what the fuss is about? Get started with one of our cartoon video templates below.
Biteable is ridiculously fun to use and keeps getting better. Really useful content too.
How to make a cartoon video.
Ready to make an awesome cartoon video of your own? Follow these super-simple steps.