Data Privacy Using Oracle Database Vault
Data Privacy Using Oracle Database Vault
Oracle Database Vault delivers the first and only database access control solution for privileged users.
PeopleSoft Realm: This realm protects against unauthorized access by privileged users to business data.
It protects all objects owned the PeopleSoft Access Id in addition to some PeopleSoft database roles.
Access to this Realm is granted to PeopleSoft Access Id as well as the user PSFTDBA.
The user PSFTDBA is a new user designed to do administration activities on the PeopleSoft applications
(such as patching) but it is not allowed to access business data inside the PeopleSoft applications. This is
enforced using a security policy defined in the Limit PSFTDBA Rule Set and attached to the Select
Command Rule described below.
The PeopleSoft Access Id authorization is restricted to specific processes. This is enforced through the
PeopleSoft Access Rule Set.
Performance Statistics Realm: This realm provides the PeopleSoft Access id the ability to gather table
statistics to improve performance. Authorization is also given to the PSFTDBA.
Select Command Rule: This command restricts Select access to business data owned by the PeopleSoft
Access Id. Only PeopleSoft Access Id is allowed Select access. It prevents PSFTDBA and other users from
accessing business data.
Connect Command Rule: This command allows connection to the database by various users according
to specific security policies. The PeopleSoft Access Id is allowed to connect to the database using pre-
defined list of processes. These processes include middle tier processes, PeopleTools processes, and the
COBOL processes. As a customer you can add rules that specify which IP address or hostname these
processes should connect from. All other users are allowed to connect using any process.
Use Cases
Our main goal is to validate that customers can ensure a DBA and other privileged users (system
administrators) cannot view application data but can still perform necessary DBA and system
administration functions such as application rollout and system maintenance.
Oracle Database Vault can be used to help fulfill various compliance related requirements, such as the
following:
Database Vault (DBV) can help mitigate the risks of the following
regulations at the data tier level
Modification to data,
Sarbanes-Oxley Section 404 Unauthorized access Yes
Unauthorized access,
Gramm-Leach-Bliley modification and/or disclosure Yes