||Oracle Tips by Burleson
Chapter 4 General Oracle Security
---------- --------- ------------ -
1 123456789 1200 P
2 234567891 1800 P
Note, only the claims with the PROVIDER_ID =
1234567 come back, not the one with 2345671. Why? Because that is
how the view is defined – to automatically filter the rows the user
is not authorized to see.
In a later chapter, we will explore another
concept called Virtual Private Database, or Fine Grained Access
Control, that provides even more functionality without the use of
views or complex definitions.
Combining the column masking and the view
filtering, we can provide the important functionality HIPAA
requires. The law says that users should not accidentally see the
data they are not supposed to see.
For instance, a senior claim analyst like JUDY
should be able to see all claims, but junior analysts like NATHAN
should see only the claims below $2000, according to the policies of
the company. Nathan can be granted select privileges on a view that
filters the claim amounts automatically. Similarly, creating a view
to mask the sensitive data also satisfies the requirement.
Action Plan: Identify the different visibility
requirements for various users and construct views for each group.
Revoke privileges from the base tables and grant on these views.
The above text is
an excerpt from:
Oracle Privacy Security Auditing
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only
and has an
immediate download of working security scripts: