Erbil Polytechnic University

Erbil Technical Engineering College

Information System Engineering Department

DBMS
Report on:
Implementing Data Security
Measures in Oracle DBMS

Prepared By:
Elaf Nazm Anwar
Alla Abdulwahid
Shanga Bashir
Ruya Saleem - GB

Group: C Practical

Supervised By:
Miss. Chinar

2024 - 2025
Table of Contents
Introduction to Data Security in Oracle DBMS.............................................2

Authentication and User Management.........................................................2

Authorization and Privileges.........................................................................3

Role Management........................................................................................3

Data Encryption............................................................................................4

Auditing and Monitoring................................................................................5

Data Masking and Redaction.......................................................................6

Backup and Recovery Security....................................................................7

Implementing Fine-Grained Access Control (FGAC)...................................7

Conclusion....................................................................................................9

References.................................................................................................10
Introduction
Data security is an essential part of any database system to ensure the
integrity, confidentiality, and availability of data. Oracle DBMS offers
robust security features that help organizations protect their data against
unauthorized access and misuse.

Authentication and User Management

Authentication and role-based access control are fundamental security
measures in Oracle. Creating users and assigning roles can prevent
unauthorized access to sensitive data.

Code

CREATE USER hr_user IDENTIFIED BY password;

GRANT connect, resource TO hr_user;
ALTER USER hr_user ACCOUNT UNLOCK;

How it Works:

1. CREATE USER hr_user IDENTIFIED BY password; — Creates a new

user named hr_user with the specified password.

2. GRANT connect, resource TO hr_user; — Grants connect and resource

roles to the user, allowing basic database access and usage of certain
resources.

3. ALTER USER hr_user ACCOUNT UNLOCK; — Unlocks the account to

allow hr_user to log in, as accounts are sometimes created locked by
default.
Authorization and Privileges
Oracle DBMS uses privileges to control access to database objects. By
granting specific privileges, administrators can limit what actions a user can
perform on specific data.

Code

GRANT SELECT, INSERT ON employees TO hr_user;

REVOKE INSERT ON employees FROM hr_user;

How it Works:

1. GRANT SELECT, INSERT ON employees TO hr_user; — Grants the

hr_user the ability to view (SELECT) and add (INSERT) data into the
employees table.

2. REVOKE INSERT ON employees FROM hr_user; — Removes the

INSERT privilege from hr_user, so they can now only view data in the
employees table.

Role Management
Roles in Oracle allow administrators to manage user privileges efficiently
by grouping them together. This helps in controlling user access levels
more effectively.
 Code

CREATE ROLE data_entry_role;

GRANT SELECT, INSERT ON employees TO data_entry_role;
GRANT data_entry_role TO hr_user;

How it Works:

1. CREATE ROLE data_entry_role; — Creates a new role named

data_entry_role.

2. GRANT SELECT, INSERT ON employees TO data_entry_role; —

Assigns SELECT and INSERT privileges on the employees table to the
role, making it easier to manage access for multiple users.

3. GRANT data_entry_role TO hr_user; — Assigns the data_entry_role to

hr_user, so they inherit the role’s permissions on the employees table.

Data Encryption
Encrypting sensitive data is crucial for securing data in Oracle DBMS.
Transparent Data Encryption (TDE) allows encryption of sensitive data
within Oracle tables.

Code

ALTER TABLE employees MODIFY (ssn ENCRYPT USING 'AES256');

How it Works:

 ALTER TABLE employees MODIFY (ssn ENCRYPT USING 'AES256');

— Encrypts the ssn (social security number) column in the employees
table using the AES-256 encryption algorithm. This ensures sensitive
data is stored securely and can only be decrypted by authorized users
or applications.

Auditing and Monitoring

Auditing enables tracking of database activity to detect unauthorized
access and maintain security policies. Oracle provides several options for
enabling auditing on sensitive actions.

Code

AUDIT SELECT ON employees BY ACCESS;

How it Works:

 AUDIT SELECT ON employees BY ACCESS; — Enables auditing for

SELECT operations on the employees table. This tracks each time data
in the table is viewed, recording details like user identity and timestamp.
It helps detect unauthorized or unusual access patterns.
Data Masking and Redaction
Data masking and redaction allow data administrators to hide or mask
sensitive data from non-privileged users. This is useful for preventing
exposure of data in test and development environments.

Code

BEGIN
DBMS_REDACT.add_policy(
object_schema => 'HR',
object_name => 'employees',
column_name => 'salary',
policy_name => 'ssn_redact',
function_type => DBMS_REDACT.partial,
function_parameters => '11, NULL, NULL, 1111'
);
END;

How it Works:

1. DBMS_REDACT.add_policy(...) — Adds a redaction policy to partially

mask the ssn column in the employees table.

 object_schema => 'HR' — Specifies the schema containing the table.

 object_name => 'employees' — Targets the employees table.

 column_name => 'ssn' — Applies the redaction policy to the ssn column.

 function_type => DBMS_REDACT.partial — Specifies partial masking,

where only certain parts of the data are masked.
 function_parameters => '11, NULL, NULL, 1111' — Defines the masking
format, showing the first part (e.g., first 11 digits) and masking the rest.

Backup and Recovery Security

Securing database backups is vital to ensure data availability and integrity.
Backup routines should incorporate encryption and be stored securely.

Code

BACKUP DATABASE PLUS ARCHIVELOG;

How it Works:

 BACKUP DATABASE PLUS ARCHIVELOG; — Backs up the entire

database along with its archive logs. Archive logs allow recovery of the
database to a point in time and ensure no data loss, even if the main
database files become corrupted.

Implementing Fine-Grained Access Control (FGAC)

Fine-Grained Access Control (FGAC) enables row-level access control
using policies, providing higher precision for data security. Virtual Private
Database (VPD) policies are a typical FGAC use case in Oracle.
 Code

BEGIN
DBMS_RLS.add_policy(
object_schema => 'HR',
object_name => 'employees',
policy_name => 'emp_policy',
function_schema => 'HR',
policy_function => 'emp_sec_policy'
);
END;

How it Works:

1. DBMS_RLS.add_policy(...) — Adds a Fine-Grained Access Control

(FGAC) policy to the employees table to limit data access at the row
level.
 object_schema => 'HR' — Specifies the schema of the table.
 object_name => 'employees' — Targets the employees table for row-
level access control.
 policy_name => 'emp_policy' — Names the FGAC policy as emp_policy.
 function_schema => 'HR' — Specifies the schema for the policy
function.
 policy_function => 'emp_sec_policy' — Refers to a user-defined function
(emp_sec_policy) that enforces the access policy. This function typically
evaluates user roles, session attributes, or other parameters to
determine which rows a user can access.
Conclusion
Implementing data security in Oracle DBMS involves various techniques
such as user authentication, privilege management, data encryption, and
auditing. These measures, when applied appropriately, help secure
sensitive information from unauthorized access, maintaining data integrity
and confidentiality.
References
1. Bisht, A., & Mishra, D. (2021). Database Security: A Guide to Securing
Oracle Databases. Wiley.

2. Samar, V., & Lowenthal, R. (2024). Oracle Database Security: Best

Practices and Solutions. Oracle Corporation. Retrieved from
https://www.oracle.com/security/

3. Srinivasan, M. (2019). Protecting Oracle Databases: Advanced Security

Techniques. McGraw Hill.

4. Redacted Solutions. (2023). Oracle Database Security Essentials: Guide

to Data Protection. Ralantech. Available at https://www.ralantech.com

5. Gokhale, K. (2020). Database Encryption and Access Control in Oracle

DBMS. IEEE Communications Magazine, 58(11), 25-33.