Column Masking in GUI _UPLOAD

Similar Messages

• VPD column-masking: unexpected results using masked column in WHERE?

  Hi everyone..
  We are considering implementing VPD column-masking (to hide sensitive columns from unauthorized users), but I am concerned that queries will return incorrect results if an unauthorized user submits a query using a masked column in a WHERE clause - particularly in a JOIN operation.
  Our initial experiment confirms my concern:
  - We have a VPD policy on TABLE_X.COLUMN_Y:
  DBMS_RLS.ADD_POLICY(
  object_schema => 'xxxx',
  object_name => 'TABLE_X',
  policy_name => 'policy_x',
  function_schema => 'xxxx',
  policy_function => 'function_x',
  sec_relevant_cols =>'COLUMN_Y',
  sec_relevant_cols_opt => dbms_rls.ALL_ROWS)
  - The VPD function determines whether the user is authorized (1=1) or not (1=0)
  - COLUMN_Y contains various values, including NULL
  - when an "authorized" user submits the query "SELECT COUNT(*) FROM TABLE_X WHERE COLUMN_Y IS NULL", COUNT=correct number of rows containing NULL
  - when an "unauthorized" user submits the same query, COUNT=the total number of rows in the table -- presumably because the WHERE clause was modified to WHERE NULL=NULL
  In my opinion, the unauthorized user's query should return an error, because any other result is either wrong (i.e. COUNT=all rows, or returns a null result set) or something the user is not permitted to know (i.e. COUNT=correct number of rows)
  Am I missing some feature/setting of VPD that could let me force an error? I hope there is something out there, since I don't see any discussion or warnings about this pitfall.
  We are currently using Oracle 10.2.0.4 but upgrading to 11.1 soon.
  Thanks!
  Betty
  p.s. I originally incorrectly posted this question on the Technologies / Security forum.

  Thanks - yes, we have a function that checks whether the user id is authorized or not.
  The column-masking works, that is, authorized users can see the data; unauthorized users cannot. The issue is what happens when unauthorized users use the masked column in a WHERE predicate.

• What restrictions apply to VPD functions for column masking?

  I want to understand the restrictions that apply to VPD functions when used for column masking, compared with their use for Row-Level Security.
  According to the Oracle Database Security Guide (11g Release 1)
  Column-masking conditions generated by the policy function must be simple Boolean expressions, unlike regular Oracle Virtual Private Database predicates.
  I have long understood the above as implying that column-masking conditions should not contain sub-queries (i.e. inner selects).
  However, we tested using a condition with a select inside another select (2-level nesting) and yet it worked. We were on 11g Release 2, by the way.
  So, I wonder, does anyone have experience with using sub-queries in column-masking conditions? Or, alternatively, does anyone have more information on what Oracle means with "regular VPD predicates" and "simple Boolean expressions" (of course, in the context of VPD)?
  Thanks,
  Pablo

  Thanks Harm,
  that was very useful.
  According to the grammar of CASE expressions, <predicate> is generated by the non-terminal "condition". This is the same non-terminal used for WHERE clauses in SELECT statements, and thus <predicate> can contain any number of nested SELECTs.
  Cheers,
  Pablo

• Column masking row level security in Peoplesoft Databases

  Hi
  How about the credibility of using VPD( for column masking,row level security) in People soft Databases?where the sensitive data is redundant across 100's of tables.
  My intention is to use the VPD across all the tables that contain the sensitive data ( ssn,bank accno, etc)
  Appreciate your help.
  Chelli

  Hi.
  I also have a trouble like yours,but mine is more simple.
  I'd tried to solve,and find that it's really hard and must lost a lot of time to solve,because some table have 2,3 or more derive information that to use VPD is not easy.
  Can i ask for any aspect to solve problem like this.
  Thanks for any answer and support.
  Thinhbk.

• Using VPD for Column Masking

  Hi ,
  Arup nanda demostrate [http://www.oracle.com/technology/pub/articles/10gdba/week14_10gdba.html]
  how to use Column Masking using VPD.
  I would like to use TDE+VPD for PCI DSS requirements.
  In order to protect the data from been stolen i am going to use TDE.
  Regarding the VPD , i need to allow few user to see the entire credir card number , and for some user to see just
  the last 4 digits of the credit card.
  As far as i understood from the link above , all i can do is to mask column valus to null value.
  I thought using dbms_crypto , but Tom Kyte suggested hir
  [http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:1631574900346651898]
  not to do it.
  My question is if it somehow possible to see just the last 4 digit using VPD.
  Thanks

  No you can't, Column level VPD is not ment to give a masking solution, I have filled a request to oracle to enhance VPD to support this feature, I didn't get any answer for it.
  You will have to find a nother way, VPD is not it.
  I suggest you to add another column to your tables that holds the credit card number, the new column will hold the masked value of the credit card - write PL/SQL function to do it, and update the table, then use simple views to control what data each user will see.
  Oded
  [www.dbsnaps.com]
  [www.orbiumsoftware.com]

• OLS    AND    VPD Column Masking.

  I have gone over a couple of sources on OLS and VPD.
  BTW I am working with Oracle 11g R1.
  What I am trying to accomplish is cell level protection. Where cell is defined as the intersection between a row and a column.
  OLS will get me the proper row restrictions.
  VPD has the ability to do Column Masking.
  Has anyone mix the two to accomplish cell level protection?
  Basic examples would be GREATLY appreciated.

  Hi again. Thank you for your reply, but I wanted to achieve cell-level security as I'm trying to create conception of fine-grained processing data with different levels of confidentiality. Here is what I have:
  - I created 3 levels of confidentiality: J < P < T (Unclassified < Confidential < Secret)
  - I created a table and here is how it looks for different users:
  User with T-level authorization:
  !http://img709.imageshack.us/img709/1847/screentj.png!
  User with P-level authorization (can't see T-level data):
  !http://img704.imageshack.us/img704/4002/screenp.png!
  I did that by creating two policies on two columns with data:
  CREATE OR REPLACE FUNCTION f_data01 (schema in varchar2, tab in varchar2) -- or "CREATE OR REPLACE FUNCTION f_data02" for second column
    RETURN varchar2 AS
      predicate         varchar2(2000);        -- the VPD 'where' clause
      session_lab        varchar2(4000);        -- the current user's session label
      session_tag        number;            -- numerical expression of session label
      t_sa_user_name    varchar2(2000);        -- only users with Labels are examined, others don't get access.
  BEGIN
    session_lab := sa_session.label('cells');        -- the current user's session label for that policy
    session_tag := char_to_label('cells',session_lab);    -- numerical expression of session label
    predicate := 'dominates(' || session_tag || ',CDATA01)=1'; -- or "predicate := 'dominates(' || session_tag || ',CDATA02)=1';" for second column
    return predicate;
  END;I asked if it is possible to create one policy with variable instead of column name (ex. CDATA01) or if there is another way to get that effect.
  And is it good practice to put column with labels in one table with data?
  Thank you in advance.
  Edited by: arc.undcvr on 2010-01-23 22:50

• Column masking table.

  Hi Guys,
  Need a bit of advise on how to best implement a table that masks it's columns.
  Here is what I am trying to do:
  I have a table which is initially empty, the table is populated by a data feed which will always start t seconds after the table is launched.
  The data feed will contain data for n number of columns ( n < 20 ) and m number of rows ( m < 50).
  Here n represents price tier for a given symbol.
  Initially, the table will only show 3 columns and all the rows.
  These 3 columns are Symbol, Bid, Ask (these bid/ask prices are associated with tier1).
  Now, upon click of a button, I can have the table in "full" mode, which will show all the n columns.
  These n columns will look like
  Symbol, Bid, Ask, Bid1, Ask1, Bid2, Ask2, ... , Bidn, Askn
  Here is what I have so far:
  I started out by creating a bean that holds bid, ask, tier for a every n (tier). So ultimately I have a list of beans.
  I also have a map that maps the symbol to the above list of beans.
  The point where I am stumped is do I initially remove all the columns except for Symbol and tier1 bid/ask.
  And then when the table is in full mode, iterate over my map and add all the columns.
  Or is there a better way to do this?
  Also, since I don't know the names of the columns before hand, how do I create columns when I actually receive the data.
  Any ideas, tips are much appreciated.
  Cheers,
  Vic

  Thx Camickr, your this and a few previous posts gave an idea which seems to be working pretty well now.
  Firstly, I stopped the table from auto-magically creating columns from the model.
  I then created two lists of columns, one corresponding to initial mode and another one for the full mode.
  When I first receive the data, I set the table's column to the initial list and call fireTableStructureChanged().
  Similarly, when the table is expanded, I set table's column to the expanded list and fire the event again.
  Many thanks.
  Edited by: CaptainHastings on Apr 8, 2009 8:59 PM

• Need Help with Column Masking

  Hi All,
  I am looking for Masking options/techniques to mask few columns.
  I am aware of the option Oracle Data Masking Pack. But its costly. Can you please suggest some other way/technique using which I can achieve this?
  Thanks in Advance

  You can always try manual masking using datapump and sql and pl/sql (export original data and then create function that will put some random/other data instead of real ones). I have seen some clients that have implemented this type of masking. However, be aware that this will not give the best results, and that it will not come anywhere near quality of Oracle Data Masking Pack's masked data.
  Zoran

• How shall i mask the columns

  We need to mask one column to group of users and allow to other users. The requirements are as below:-
  Schema name - SCOTT
  Table name - EMP
  Users - u1,u2,u3
  SQL>DESC EMP
  Name Type
  EMP_NAME VARCHAR2(30)
  DEPT VARCHAR2(30)
  ACCOUNT_NO NUMBER(9)
  DATE_OF_JOINING DATE
  Requirements:-
  a) u1 and u2 cannot see the column Account_no
  b) Only u3 can see the column Account_no
  c) u1,u2,u3 shall run the queries as select * from scott.emp
  and they cannot change this code (Schema name.table name)
  4) For u1 and u2 if they run
  select * from scott.emp - the output should be
  EMP_NAME DEPT ACCOUNT_NO DATE_OF_JOINING
  Alex Sales 9999999999 01-Mar-2004
  5) For user u3 if they run
  select * from scott.emp - the output should be
  EMP_NAME DEPT ACCOUNT_NO DATE_OF_JOINING
  Alex Sales 00480151560 01-Mar-2004
  Please let me know how do we implement the above column masking, without using VIEWS. The user queries shall have schemaname.tablename and that cannot be changed.
  Thanks in Advance..

  Depending on your database version, you could use TDE.
  http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:44742967463133
  If that is not an option, have a look at this thread:
  http://asktom.oracle.com/pls/ask/f?p=4950:8:::::F4950_P8_DISPLAYID:1969395750585#8111076100623
  C.

• Unable to fetch columns; Invalid state/No Suitable Driver

  Hi!
  I'm trying to populate a combo box with data from a MySQL database (or any other database for that matter), I create a JDBC connection source, and set the following:
  URL = jdbc:mysql://localhost:3306/test
  Driver = org.mysql.jdbc.Driver (i have also tried org.gjt.mm.mysql.Driver)
  Username = anonymous
  Password = <blank>
  Next I create a NBJdbcRowSet and set:
  Command = SELECT * FROM foo
  Connection Provider = connectionSource1 (the above connection source)
  Now if I click the elipses next to Default Column Values, I get the message 'Unable to fetch columns; Invalid State'
  If I replace the NBJDBCRowSet with a NBCachedRowSet, the error becomes 'Unable to fetch columns; No Suitable Driver'.
  The database is browseable in the runtime tab, and the table exists (I can run SQL queries and get the expected results). The anonymous account exists and has access to the tables in question (the same setup is used in a few different applications, all of which work fine). Using the root account gives the same results. Using the PointBase example database gives the same results:
  Driver: com.pointbase.jdbc.jdbcUniversalDriver
  URL: jdbc:pointbase:server://localhost:9092/sample
  Details of setup:
  OS: Windows XP Pro SP2
  IDE: Sun Java Studio Enterprise 7 2004Q4
  Java version in use: 1.4.2_05 (as packaged with the studio)
  MySQL: v5.0.7-beta-nt
  Connector: MySQL Connector/J 3.0.17-ga
  PointBase: As came with Studio Enterprise
  I should mention that I can get DB connectivity in my app, I can create a comboBox and set the model to 'nBCachedRowSet1: name' and the contents of that field appears in my comboBox, however I need to create about a dozen tables and I don't relish the thought of manually creating models for each one ;)
  Any suggestions are appreciated!
  Cheers!
  Darren

  Hi Thanks for your reply.
  I've retried with PointBase and the Sample DB:
  * New project. New JFrame.
  * Create ConnectionSource, NBJdbcRowSet, ComboBox
  * Config ConnectionSource:
  - Driver: com.pointbase.jdbc.jdbcUniversalDriver
  - URL: jdbc:pointbase:server://localhost:9092/sample
  - Username/pass: as per PointBase setup
  * Config NBJdbcRowSet
  - ConnectionProvider: connectionSource1
  - Command: SELECT * FROM CUSTOMERINFO
  - Default Column Values: <open GUI>, <Fetch Columns>, "Unable to fetch columns; Invalid State"
  So this is where I get the problem, I'm not sure if i've buggered it up though, so I continue to see if I can get data:
  - Add Column: NAME
  - OK, Close
  * Config ComboBox
  - Open Model dialog
  - Select Mode: ComboBoxEditor
  - RowSet: nBJdbcRowSet1 (this throws the error again)
  - Column: NAME (entered manually, dropdown is empty)
  - OK, Close
  * Run app
  Errors!
  Seems like the GUI builder did something wrong - it generated a bunch of functions for each thing i added, like this:
  public void setJComboBox1(JComboBox val) {
  this.jComboBox1 = val;
  and the project won't compile. I figure out it should be like this:
  public void setJComboBox1(javax.swing.JComboBox val) {
  this.jComboBox1 = val;
  but the functions aren't doing anything anyway, so I delete them all. I'm starting to think my installation is borked.
  Project now compiles and runs, but there's no data, and I get:
  ClassNotFoundException: com.pointbase.jdbc.jdbcUniversalDriver
  At this point i should probably find the jar with that driver in it and mount this/add it to the classpath, but the boss has decided we'll use Borland Delphi 2005 .NET anyways, so I won't take this any further...
  Thanks for your help guys!
  Darren

• Adding/removing columns in jtable

  Hello everyone,
  i was looking for a way to add/remove columns from a jtable. The way i envision it working is... Initially have a predefined number of columns, of these only show the user say 5 of those on startup. but then provide a drop down (or list box etc) of the other column headings, so that when the user selects one... it adds it to the jtable. also to remove ..... is there a way to have a pop-up when the user right-clicks the table header and put a option to remove that column there? if not what is the best way to trigger a remove of a column? So i need a way to keep track of all the columns in case the user wants to add it again. anyone know how this can be done or any part of it?

  I need a intutive way for the user to remove a column from the gui (like with adding could be a dropdown box with column headers as labels).Create a custom ComboBoxModel. This model would simply contain TableColumns and display the header value in the combo box. The first combo box would display the currently showing columns. When you click on an item in the combo box:
  a) remove the TableColumn from the TableColumnModel
  b) remove the TableColumn from the model
  c) add the TableColumn to the "hidden" combo box model
  The same basic logic (but in reverse) would then apply when you click on the "hidden" combo box.

• Column Level VPD

  Hello all,
  Am I correct in thinking that if the parameters below are added to the policy, column masking will be invoked:
  ,sec_relevant_cols => 'sensitive_column_name'
  ,sec_relevant_cols_opt => DBMS_RLS.ALL_ROWS
  As 'sensitive_column_name' has been marked as securty relevant, is the value always returned as NULL or can I return the actual value for appropriate users?
  Thanks,
  Rhys David

  By making use of sec_relevant_cols_opt => DBMS_RLS.ALL_ROWS, all rows will get displayed. However, sensitive column values will be returned as NULL.
  If a query references a sensitive column, then the default action of column-level Oracle Virtual Private Database restricts the number of rows returned. With column-masking behavior, all rows get displayed, even those that reference sensitive columns. However, the sensitive columns display as NULL values. To enable column-masking, set the sec_relevant_cols_opt parameter of the DBMS_RLS.ADD_POLICY procedure.
  Coming to your second point:
  Rhys David wrote:
  As 'sensitive_column_name' has been marked as securty relevant, is the value always returned as NULL or can I return the actual value for appropriate users?Actual values will be displayed for the appropriate users(as implemented in your policy function) for all the other users who are not supposed to have access to the sensitive column NULL will be displayed.
  Cheers,
  AA

• Store an encrypted numeric value and make the unencrypted value visible to just some users in Apex

  I'm looking for a way to store an encypted numeric value in one field in a table (so that it appears encrypted even to a DBA) and to display the unencypted value in Apex forms and interactive reports for some users but not others.
  Any suggestions as to how I could achieve this?
  Thanks in advance.
  Martin

  Try these documents:
  Using Column Masking to Display Sensitive Columns as NULL Values
  Using VPD in an APEX Application
  Securing Stored Data Using Transparent Data Encryption
  The features you request are Database Features.
  You could use DBMS_CRYPTO for data encryption instead of TDE, but you will have to create a package for your insert,update, deletes along with a view that allows decryption based on v('APP_USER').
  Also, you won't be able to search on that column if you use DBMS_CRYPTO.

• Row Level Security (VPD)

  We are enhancing our corporate security model using VPD fine grain access to allow more flexible policies. This will provide different levels of row level access on each set of mart fact tables (Health Board level access on Mart A, GP Practice level on Mart B etc). We also want different column level security (masking) on common dimensions depending on which mart is being queried, e.g. a user might be allowed to see confidential patient columns when querying Mart A, but not on Mart B.
  OID groups hold user attributes, and we can retrieve these via logon trigger and policy functions and then set user contexts accordingly.
  When a query is submitted to the database (via Business Objects), it triggers the policy function on a particular mart fact table(s), which applies the particular row level constraint based upon the users context. So far so good. Problem is, when any dimension policy functions are being triggered (at the same time), they need to know which particular Mart is being queried, so that they can retrieve the correct user context to apply either confidential or non-confidential column masking.
  I basically need a means of interrogating the SQL before (or as) it reaches the dimension policy functions, from which the function can identify the Mart from the named tables in the SQL FROM list. Is there a way of doing this, or some other mechanism entirely for delivering this level of access control?
  One solution is to have a separate dimension view specific to each Mart. A particular view would join to a particular mart (in Business Objects), and the policy function amended for each. However we would rather avoid this as it could mean up to 20 + views for each dimension, and require a substantial maintenance overhead.
  Thanks
  Simon
  Edinburgh

  Why would you want a situation where USER1 cannot see any of the data in the table but owns a procedure that allows him to update any row in the table? That would basically defeat the purpose of using VPD-- if USER1 can circumvent the VPD policy in this procedure, USER1 can circumvent the policy in any procedure and can create procedures that allow him to view and manipulate the data.
  Can you provide a bit more background about what problem you're trying to solve? Why does USER1 need to own the procedure if USER1 isn't allowed to see any of the data? Are you trying to write a procedure that will apply the caller's VPD policy (i.e. when USER2 calls the procedure, he can only update the rows that his VPD policy allows him to see)? Or do you want the procedure code to bypass the VPD policy entirely? Why are you fine with granting USER2 the ability to bypass the VPD policy but you are not OK granting USER1 that same privilege?
  Justin

• VPD method?

  Hi Everyone,
  After reading several VPD whitepapers on the OTN I couldn't get the right method to solve my problem.
  It's clear that I've to create a policy function and to define the dbms_rls.add_policy. However, each whitepaper describes a method with a customized threshold.
  My problem is focused on the released statistics. Statistics have to be suppressed if the query result in a value of less then 4 (for example).
  Let's put my case. A query has only to release the surnames only if it exist in the table four times or more, otherwise suppress the values like: <null>. (<sec_relevant_cols / sec_relevant_cols_opt)
  Can you please help me by describing the correct method / the right steps? More detailed information about the function which provides the solution is even appreciated.
  Please help me in this bottleneck of the final project.
  Regards,
  Wim Schouten

  Toon,
  Let's put an example. http://www.oracle.com/technology/pub/articles/10gdba/week14_10gdba.html
  describes us about the VPD - Column Masking method. This is exactly what I want to achieve.
  ACCTNO ACCT_NAME BALANCE
  1 BILL CAMP 1000
  2 TOM CONNOPHY <null>
  3 ISRAEL D 1500
  In above query result the balance of Tom is suppressed since the user is not supposed to see accounts with balances over 1,600. Note the difference between this threshold and my case in where I want to suppress statistics if the surname doesn't exists in the table (column) for at least four times.
  More detailed in what I have to achieve. You can enter a surname and get the next result:
  +++
  Area Frequency in surnames
  Catalunya 10.126 47
  Barcelona 6.474 35
  Mauresme 8.651 <
  < lower then frequency 4.
  +++
  Is this query result more clear, or is more info necessary?