Data Privacy using Oracle Database vault

Oracle Database : 10.2.0.3

Oracle Database vault : 10.2.0.3

Oracle Database Vault delivers the first and only database access control solution for privileged users.

PeopleSoft Realm: This realm protects against unauthorized access by privileged users to business data.
It protects all objects owned the PeopleSoft Access Id in addition to some PeopleSoft database roles.
Access to this Realm is granted to PeopleSoft Access Id as well as the user PSFTDBA.

The user PSFTDBA is a new user designed to do administration activities on the PeopleSoft applications
(such as patching) but it is not allowed to access business data inside the PeopleSoft applications. This is
enforced using a security policy defined in the Limit PSFTDBA Rule Set and attached to the Select
Command Rule described below.

The PeopleSoft Access Id authorization is restricted to specific processes. This is enforced through the
PeopleSoft Access Rule Set.

Performance Statistics Realm: This realm provides the PeopleSoft Access id the ability to gather table
statistics to improve performance. Authorization is also given to the PSFTDBA.

Select Command Rule: This command restricts Select access to business data owned by the PeopleSoft
Access Id. Only PeopleSoft Access Id is allowed Select access. It prevents PSFTDBA and other users from
accessing business data.

Connect Command Rule: This command allows connection to the database by various users according
to specific security policies. The PeopleSoft Access Id is allowed to connect to the database using pre-
defined list of processes. These processes include middle tier processes, PeopleTools processes, and the
COBOL processes. As a customer you can add rules that specify which IP address or hostname these
processes should connect from. All other users are allowed to connect using any process.

Use Cases

Our main goal is to validate that customers can ensure a DBA and other privileged users (system
administrators) cannot view application data but can still perform necessary DBA and system
administration functions such as application rollout and system maintenance.
Oracle Database Vault can be used to help fulfill various compliance related requirements, such as the
following:

Database Vault (DBV) can help mitigate the risks of the following
regulations at the data tier level

Does DBV Mitigate

Regulatory Legislation Regulation Requirement This Risk?

Sarbanes-Oxley Section 302 Unauthorized changes to data Yes

Modification to data,
Sarbanes-Oxley Section 404 Unauthorized access Yes

Denial of service, Unauthorized

Sarbanes-Oxley Section 409 access Yes

Unauthorized access,
Gramm-Leach-Bliley modification and/or disclosure Yes

HIPAA 164.306 Unauthorized access to data Yes

HIPAA 164.312 Unauthorized access to data Yes

Basel II – Internal Risk

Management Unauthorized access to data Yes

CFR Part 11 Unauthorized access to data Yes

Japan Privacy Law Unauthorized access to data Yes

http://hcs-peoplesoft:6546/UPGFIN9/signon.html