Implementing

Data
Security
Measures
in Oracle DBMS
Prepared by:
Alla Abdulwahid
Abdulha
Elaf Nazm Anwar
Shanga Bashir
Muhammed
Ruya Saleem Kareem

Supervised
by:
Miss. Chinar
Table of
Contents
• Introductio
n
• Authentication & User
Management
• Authorization and Privileges

• Role Management

• Auditing and Monitoring

• Data Masking and Redaction

• Backup and Recovery Security

• implementing (FGAC)
• Conclusion
Introduction
• Importance of Data Security
⚬ Ensures data integrity, confidentiality, and availability.
• Role of Oracle DBMS
⚬ Provides robust security features.
⚬ Helps protect data against unauthorized access and
misuse.
Authentication
and User
Management
Key Security Measures
• Authentication: Verifies user
identity.
• Role-Based Access Control:
Limits access based on
assigned roles.
Purpose:
• Prevents unauthorized access
to sensitive data.
How It Works (Step-by-Step)
1. Create a User
• Command: CREATE USER hr_user IDENTIFIED BY
password;
• Purpose: Sets up a new user with a password.

2. Assign Roles:
• Command: GRANT connect, resource TO hr_user;
• Purpose: Grants access permissions and usage
rights.

3. Unlock Account:
• Command: ALTER USER hr_user ACCOUNT UNLOCK;
Example
Code:
CREATE USER hr_user IDENTIFIED BY password;
GRANT connect, resource TO hr_user;
ALTER USER hr_user ACCOUNT UNLOCK;
Overview of
Authorization and
Privileges
Purpose:
• Controls access to database objects.
• Limits user actions on specific data.
Key Terms:
• Privileges: Rights to perform
actions (e.g., SELECT, INSERT).
• Authorization: Process of granting
these privileges to users.
How It Works (Step-by-Step)
1. Granting Privileges:
• Command: GRANT SELECT, INSERT ON employees TO
hr_user;
• Purpose: Allows hr_user to view and add data in the
employee's table.

2. Revoking Privileges:
• Command: REVOKE INSERT ON employees FROM
hr_user;
• Purpose: Removes INSERT rights; hr_user can now only
view data.
Example
Code:
GRANT SELECT, INSERT ON employees TO hr_user;
REVOKE INSERT ON employees FROM hr_user;
Overview of Role
Management
Purpose:
• Simplifies user privilege
management by grouping
permissions.
• Helps administrators control user
access levels efficiently.

Benefits:
• Easier management of multiple
users.
• Centralized control over access
permissions.
How It Works (Step-by-Step)
1. Create a Role:
• Command: CREATE ROLE data_entry_role;
• Purpose: Establishes a role for managing specific permissions.

2. Grant Privileges to the Role:

• Command: GRANT SELECT, INSERT ON employees TO
data_entry_role;
• Purpose: Assigns permissions to the role, which can be given to
multiple users.
3. Assign Role to a User:
• Command: GRANT data_entry_role TO hr_user;
• Purpose: Gives hr_user the permissions assigned to data_entry_role,
providing controlled access to the employees table.
Example
Code:
CREATE ROLE data_entry_role;
GRANT SELECT, INSERT ON employees TO data_entry_role;
GRANT data_entry_role TO hr_user;
Importance of
Data Encryption
Purpose:
• Protects sensitive data by encrypting
it within the database.
• Ensures that only authorized users
can access decrypted data.

Oracle Solution:
• Transparent Data Encryption (TDE):
Enables encryption directly in Oracle
tables, simplifying data security.
How It Works (Step-by-Step)

1. Encrypt Sensitive Columns:

• Command: ALTER TABLE employees MODIFY (ssn ENCRYPT USING
'AES256');
• Purpose: Encrypts the ssn column in the employees table using
AES-256 encryption.
• Benefit: Ensures secure storage of sensitive data, making it
readable only to authorized applications or users.
Example
Code:
ALTER TABLE employees MODIFY (ssn ENCRYPT USING 'AES256');
Purpose of
Auditing and
Monitoring
Purpose:
• Tracks database activity to detect
unauthorized access.
• Supports enforcement of security
policies and compliance.

Oracle Solution:
• Offers options for auditing sensitive
actions, helping maintain data
integrity.
How It Works (Step-by-Step)

1. Enable Auditing for Specific Actions:

• Command: AUDIT SELECT ON employees BY ACCESS;
• Purpose: Audits SELECT operations on the employees table.
• Details Captured: Records user identity and timestamp each time
data is accessed.
• Benefit: Detects unauthorized or suspicious access patterns.
Example
Code:
AUDIT SELECT ON employees BY ACCESS;
Purpose of Data
Masking and
Redaction
Purpose:
• Conceals sensitive data from non-
privileged users.
• Prevents data exposure in test and
development environments.

Oracle Solution:
• Uses data masking and redaction
policies to protect confidential
information.
How It Works (Step-by-Step)

1. Adding a Redaction Policy:

• Command: DBMS_REDACT.add_policy(...)
• Parameters:
• object_schema => 'HR': Specifies the schema (e.g., HR).
• object_name => 'employees': Targets the employees table.
• column_name => 'ssn': Applies redaction to the ssn column.
• function_type => DBMS_REDACT.partial: Enables partial masking
to hide parts of the data.
• Benefit: Allows visibility of only non-sensitive parts of data for
non-privileged users.
 Example
Code:
BEGIN DBMS_REDACT.add_policy(
object_schema => 'HR',
object_name => 'employees',
column_name => 'ssn',
policy_name => 'ssn_redact',
function_type => DBMS_REDACT.partial,
function_parameters => '11, NULL, NULL, 1111'
);
END;
/
Importance of Backup
and Recovery Security
Purpose:
• Ensures data availability and
integrity in case of failures.
• Protects against data loss by
securing backups with encryption.

Oracle Solution:
• Provides secure backup routines with
options for encryption and safe
storage.
How It Works (Step-by-Step)

1. Full Database Backup with Archive Logs:

• Command: BACKUP DATABASE PLUS ARCHIVELOG;
• Purpose: Backs up the entire database and archive logs.
• Benefit: Archive logs enable point-in-time recovery, preserving
data even if the main database files are corrupted.
Example
Code:
BACKUP DATABASE PLUS ARCHIVELOG;
Purpose of Fine-
Grained Access
Control (FGAC)
Purpose:
• Provides row-level access control for
enhanced data security.
• Enables precise control over which
users can view specific rows of data.
Oracle Solution:
Virtual Private Database (VPD) policies are
commonly used to implement FGAC in
Oracle.
 How It Works (Step-by-Step)
1. Define an FGAC Policy:
Command: DBMS_RLS.add_policy(...)
Parameters:
• object_schema => 'HR': Specifies the schema containing the table.
• object_name => 'employees': Targets the employees table for row-
level access.
• policy_name => 'emp_policy': Names the policy as emp_policy.
• function_schema => 'HR': Specifies the schema for the policy
function.
• policy_function => 'emp_sec_policy': References the
emp_sec_policy function, which enforces access rules based on
user roles or session attributes.
• Benefit: Controls data access down to specific rows based on
 Example
Code:
BEGIN
DBMS_RLS.add_policy(
object_schema => 'HR',
object_name => 'employees',
policy_name => 'emp_policy',
function_schema => 'HR',
policy_function => 'emp_sec_policy'
);
END; /
 Conclusion
Data security in Oracle DBMS relies on techniques like authentication,
privilege management, encryption, and auditing. Together, these
measures protect sensitive data from unauthorized access and ensure
its integrity and confidentiality. Proper implementation strengthens
overall database security.
Thank You for
your Attention
any

Question