Column security
Hi,
What is the best way to implement a column level security in Oracle Database 11g Standard edition, so even the SYS , SYSTEM and users with DBA privilege cant see it . Only the schema owner can view the column data.
thanks
I believe this is a continuation of your thread yesterday on Re: encryption.
If you encrypt the data using DBMS_CRYPTO and the encryption key is in the database or available to the database, the DBA is going to be able to get the key and decrypt the data. As we were discussing yesterday, you could keep the data from the DBA by moving the key outside the database but then you're building your own custom key management infrastructure. As the old adage goes, encryption is easy, key management is hard. Very few organizations that try to build their own key management infrastructure do so effectively-- those that do are generally security companies building their own key management systems.
Justin
Similar Messages
-
We are busy Upgrading our DB from 10g (10.2.0.4) to 11g (11.1.0.7).
We are currently using Oracle Application Server (10.1.2.0.2) with Form and Reports connecting to our 10.2.0.4 DB.
The Application Server is not being upgraded as there are compatable with 11g.
However when we point these 10g FORMS to the 11g DB we have huge performance issues on specific queries generated by FORMS if Block Propoerty "ENFORCE COLUMN SECURITY"=Y.
The query that 11g strugles with - for example is:
SELECT obj.object_type, obj.object_name, obj.owner
INTO :b0, :b1, :b2
FROM
(SELECT o.object_type, o.object_name, o.owner
FROM all_objects o,
all_synonyms s
WHERE s.synonym_name = :b1
AND s.owner = :b2
AND s.table_owner = o.owner
AND s.table_name = o.object_name
) obj
WHERE obj.object_type IN ('TABLE', 'VIEW', 'SYNONYM');
This query executes for almost 60 seconds - to check the Users Privs to access an Object.
Question:
HAS ANYONE ELSE EXPERIENCED THIS DURING thier 11G upgrade???
I would love to hear from other people with a similar technology if - hoe they have resolved these as it is NOT CODE THAT WE have CUSTOM written, IT IS ORACLE generated code that is performing so terrible on 11g*.
All feedback welcome.
PS: Our solution is to DISABLE Column Security on all our Forms as we control access via our own Security module.
WPI just stumbled across the same problem...
-
Column Security - Users can't see it, but need to use it in the query WHERE Clause
I am looking at possible solutions (if any) on column security. We need to be able to restrict users from seeing certain columns, however, they will need these columns in the WHERE clause of queries.
I thought about creating views, however, it would be a poor database design. Is there any way that this can be done on the database level. I know about Fine Granular Access Method, however, this just excludes the column completely. Which means that they can not be used in the WHERE clause.
Any help would be greatly appreciated.
PhilipI too added 2nd apple ID when I tried to get Free app from apple store just to get to NONE on the credit card needed. It said it sent confirmation email to my new apple ID email that I have to confirm. Problem is I can not get to the new apple ID email account. On my ipad it logs into my original email account and I see no where to log into another email account. If I go to my laptop, the new apple ID I created does not let me log into email where apple said it was sent to. It did not send to back up email account either.
Can I log into 2 email accounts on my ipad where it says mail at bottom?
Can I have 2 apple ids?
If I created a 2nd apple id to get to NONE on credit card needed, can't I log into it also on another laptop in gmail?
(won't let me)
If I used my original apple id I created when I got my new ipad, it will not let me get free app without credit card, there is no where it says NONE needed. I am too new to apple to start with credit cards etc until I get use to it. -
Tabular Models and Column Security
We have a tabular model that we need to implement column level security against and we continue to run into brick walls, as anything to do with role based security is centered around row level security (or filtering).
Our need is NOT for row level security, but hiding dimensional attributes based on who is viewing the model. In keeping with the popular sales data scenario's, please consider this:
Fact Sales
Customer Key
Item Key
Sales Amount
DimCustomer
Customer Key
Customer NameCustomerKey
DimItem
Item Key
ItemName
In the aboave example, let's say we would want our Sales Managers to see the VALUE in "Customer Name", but for our Sales Associates, we do not want them to see the value, either have the column hidden all together or at a minimum a value of "HIDDEN"
or "".
We have two roles (AD groups) defined: 1 for users allowed to see, the other for users NOT allowed to see. Our intention was to use role based security, but all it does is filter rows. So if we use that level of security, the user see's
nothing and 0 for sales dollars. If you are allowed to see the value, you see everything and all sales dollars.
What is needed is to have everyone see the sales dollars, but not everyone can see the names of the customers.
Though the above example is related to sales, we are actually in the medical field and dealing with some highly sensitive patient related data that needs to be regulated for obvious reasons.
Are there any idea's out there that could help us with this so we can continue with our tabular build out? Or are we looking at sticking with multi-dimensional cubes.
Thanks for your help!In a SSAS tabular model, we can achieve row level security which you can see on the link below.
Defining Row-Level Security in SSAS Tabular database
Getting Started with Row Level Security
However, currently there is no a functionally to set column level security based on my research. So I am afraid you requirement cannot be done. -
Discoverer9 and EUL column security
I am seeking suggestions to resolve my problem.
We're using OracleApps 11.5.7 + Discoverer9 and installed the BIS views.
Now it is time to create my EUL, works fine.
Then Securing the data... here we go. For the row security, the BIS views uses some packages to check if the current user has access to the data. Good! But what about columns?
Say I have a workbook in Discoverer with 5 columns, one of wich is very private to users under a specific responsibility. How can I maintain one EUL, one set of workbooks, while still using the apps security model but securing the columns? On the apps side, we managed this programming functions in the forms but in discoverer...
any suggestions would be appreciated.I just stumbled across the same problem...
-
NQSError: 27005 Unresolved Column - No Column Security Applied
I am facing this issue since last few days - I'll be thankful if anyone can help me out.
I am receiving the error:
Error Code: OPR4ONWY:U9IM8TAC:OI2DL65P
State: HY000 Code: 10058. [NQODBC][nQSError: 10058] A general error has occurred.
[nQSError: 43113] Message returned from OBIS. [nQSError: 27005] Unresolved Column: <Dimension Name>.<Column Name>. Please have your System Administrator look at the log for more details on this error. (HY000).
This error is occurring randomly on some analytics for all those users who do not belong to BI Administrator Role.
I have searched for the solution of this error and found that by setting the parameter PROJECT_INACCESSIBLE_COLUMN_AS_NULL in NQSConfig.ini will resolve this issue. But firstly this is the case when you have applied the security on column but I haven't applied security on any column. Secondly I have looked in NQSConfig.ini and the above mentioned parameter's value is already set to Yes.
When I gave the BI Administrator Role to any user than this error do not occurr.
Can anyone help.
Edited by: 970786 on Nov 12, 2012 6:31 AMThis is a bug in 11.1.1.6.0: Bug 13976546 - UNRESOLVED COLUMN ERROR IN 11G AFTER UPGRADE
It is scheduled to be fixed in 11.1.1.7.0. Refer to ID 1464961.1 on Oracle Support to get more information.
Please mark if helpful/correct. -
Hi All!
I have two blocks (Master and Detail) in detail block I want to make security on column level. Like I have three columns in detail block.
Item Code, Item Name, Packing Size
Now, I want to do that, when user enter Item Code 1 then second time Item Code 1 must not occure on form level not database level in that column. Please send me solution...
Help Me...Hi All!
I found this solution and I want to share this solution to all.
First of All,
You should take third block named CTRL and make two text fileds in that block with following specifications.
1. CHARSAVE its DataType CHAR(30)
2. MATCH_FOUND its DataType NUMBER(12)
Similarly, make MATCH_FOUND field in detail block with same description.
OK, These field's CANVAS must be null.
Now, you make a function named COMPARISON Like Following:
Function Comparison( val1 Varchar2, val2 Varchar2 ) Return Number Is
answer Number := 0;
Begin
If ( val1 = val2 ) Then
answer := 1;
End If;
Return( answer );
End;
Now, go to the MATCH_FOUND field from Object Navigator which you already make into the detail block and go to its Property Hi All!
I found this solution and I want to share this solution to all.
First of All,
You should take third block named CTRL and make two text fileds in that block with following specifications.
1. CHARSAVE its DataType CHAR(30)
2. MATCH_FOUND its DataType NUMBER(12)
Similarly, make MATCH_FOUND field in detail block with same description.
OK, These field's CANVAS must be null.
Now, you make a function named COMPARISON Like Following:
Function Comparison( val1 Varchar2, val2 Varchar2 ) Return Number Is
answer Number := 0;
Begin
If ( val1 = val2 ) Then
answer := 1;
End If;
Return( answer );
End;
Now, go to the MATCH_FOUND field from Object Navigator which you already make into the detail block and go to its Property Platte by pressing F4 Key.
Go to Calculation---->Calculation Mode--->Formula
Go to Calculation---->Formula--->Comparison(:CTRL.CHARSAVE, :DETAIL_BLOCK.FIELD_WHICH_YOU_WANT)
Now, go to the MATCH_FOUND field from Object Navigator which you already make into the CTRL BLOCK and go to its Property Platte by pressing F4 Key.
Go to Calculation---->Calculation Mode--->Summary
Go to Calculation---->Sumary Function---->Sum
Go to Calculation---->Sumrized Block----> Detail_Block
Go to Calculation---->Sumrized Item---->MATCH_FOUND
Now, finally you should make a Trigger in detail block level named WHEN-VALIDATE-RECORD or a Button which you want and type this code into PL/SQL Editor.
:CTRL.CHARSAVE := :DETAIL_BLOCK.:DETAIL_BLOCK.FIELD_WHICH_YOU_WANT;
IF :CTRL.MATCH_FOUND > 1 THEN
MESSAGE( 'This record is duplicated.' );
RAISE FORM_TRIGGER_FAILURE;
END IF;
Now, compile the form and run the form and give similar values into same column in different rows then you will receive error message.
Nice Guys. This is the trick point.... -
Does Discoverer support Column Security
I'm developing some Reports from payroll Data, Obviously the data is Xtremely Sensitive, Is there any way I can restrict certain Column Information from Certain Users in the same Report/Worksheet.
well the abstaction is supported in tha admin edition and there u double click on the column for which the properties open up. then there one parameter hide from user or sth of that sort is there fill that as yes then that particular column will not be visible to the user (version)
cheers.,
sampath -
How to implement authorisation on table columns
Can anyone suggest a smart way to use Weblogic platform capabilities to implement
a table column security/authorisation "control". ie. control on a column by column
basis who can view or update a column? Scenario - a primary data owner "owns"
a set of records in a database, but would like to give (or delegate) selected
access to groups of users to view and/or update the content of certain fields
in the recordset.
Seems like this is probably not that uncommon a requirement but can't seem to
find any design patterns for this.Dean Tine wrote:
Can anyone suggest a smart way to use Weblogic platform capabilities to implement
a table column security/authorisation "control". ie. control on a column by column
basis who can view or update a column? Scenario - a primary data owner "owns"
a set of records in a database, but would like to give (or delegate) selected
access to groups of users to view and/or update the content of certain fields
in the recordset.
Seems like this is probably not that uncommon a requirement but can't seem to
find any design patterns for this.The first question is, if you are going through an application server
why do you need to do anything clever at all? You can check the role of
authenticated users and grant or deny access based on that (i.e. some
dynamically generated SQL dependent on role)?
If you really need support at the DBMS level, you can use SQL VIEWs.
Create a view containing the appropriate columns and grant permissions
to that view to the appropriate users. With an app server you will need
multiple connection pools though and it quickly gets messy.
Alternatively use stored procedures. Depending on your DBMS this might
be required (if views aren't updatable) or could give better
performance. Or worse performance.
Robert -
Vertical scrollbar not showing all the records when I scroll down.
Vertical scrollbar not showing all the records when I scroll down.
Using Oracle forms 10g , operating system windows
I have two fields with number of items dispayed = 15.
I have a vertical scroll bar with them. There are 34 records in the table but the scrollbar only shows 15 records.
Here are the properties for block / scrollbar.
WORK_CATEGORY
- Subclass Information
- Comments
* Navigation Style Same Record
- Previous Navigation Data Block
- Next Navigation Data Block
- Current Record Visual Attribute Group
- Query Array Size 0
- Number of Records Buffered 0
* Number of Records Displayed 60
* Query All Records No
- Record Orientation Vertical
* Single Record No
- Database Data Block Yes
- Enforce Primary Key No
- Query Allowed Yes
- Query Data Source Type Table
* Query Data Source Name WORK_CATEGORY
* Query Data Source Columns
* Column Name JOB_TYPE
* Column Type VARCHAR2
- Column Type Name
- Parent Column
* Length 30
* Precision 0
* Scale 0
* Mandatory Yes
* Column Name WORK_CATEGORY
* Column Type VARCHAR2
- Column Type Name
- Parent Column
* Length 30
* Precision 0
* Scale 0
* Mandatory Yes
- Query Data Source Arguments
- Alias
- Include REF Item No
* WHERE Clause
* ORDER BY Clause job_type
- Optimizer Hint
- Insert Allowed Yes
- Update Allowed Yes
- Locking Mode Automatic
- Delete Allowed Yes
- Key Mode Automatic
- Update Changed Columns Only No
- Enforce Column Security No
- Maximum Query Time 0
* Maximum Records Fetched 0
- DML Data Target Type Table
- DML Data Target Name
- Insert Procedure Name
- Insert Procedure Result Set Columns
- Insert Procedure Arguments
- Update Procedure Name
- Update Procedure Result Set Columns
- Update Procedure Arguments
Don't know where am I going wrong. I'll really appreciate if you can help me in this.
Thanks.
Edited by: 831050 on Sep 14, 2011 8:05 AMOne of the items is a list item.. here are it's properties:
* Name JOB_TYPE
* Item Type List Item
- Subclass Information
- Comments
- Help Book Topic
- Enabled Yes
* Elements in List
* Label
* List Item Value LIST20
* List Style Combo Box
- Mapping of Other Values
- Implementation Class
- Case Restriction Mixed
- Popup Menu
- Keyboard Navigable Yes
- Mouse Navigate Yes
- Previous Navigation Item
- Next Navigation Item
- Data Type Char
- Data Length Semantics Null
- Maximum Length 30
- Initial Value
* Required Yes
* Copy Value from Item
- Synchronize with Item
- Calculation Mode None
- Formula
- Summary Function None
- Summarized Block
- Summarized Item
- Current Record Visual Attribute Group
- Distance Between Records 0
* Number of Items Displayed 15
- Database Item Yes
* Column Name JOB_TYPE
- Primary Key No
- Query Only No
- Query Allowed Yes
- Insert Allowed Yes
- Update Allowed Yes
- Update Only if NULL No
- Visible Yes
* Canvas CANVAS2
- Tab Page
* X Position 47
* Y Position 137
* Width 187
* Height 18
- Visual Attribute Group DEFAULT
- Prompt Visual Attribute Group DEFAULT
- Foreground Color
* Background Color white
- Fill Pattern
- Font
* Font Name Tahoma
* Font Size 10
* Font Weight Demilight
* Font Style Plain
* Font Spacing Normal
* Prompt Job Type
- Prompt Display Style First Record
* Prompt Justification Start
* Prompt Attachment Edge Top
- Prompt Alignment Start
* Prompt Attachment Offset 10
* Prompt Alignment Offset 0
- Prompt Reading Order Default
- Prompt Foreground Color
- Prompt Font
* Prompt Font Name Tahoma
* Prompt Font Size 10
* Prompt Font Weight Bold
* Prompt Font Style Plain
* Prompt Font Spacing Normal
- Hint
- Display Hint Automatically No
- Tooltip
- Tooltip Visual Attribute Group
- Direction Default
- Initial Keyboard State Default
- Keyboard State Any
-
Tabular - Model vs Perspective
Hi,
I have a tabular model which has been in production for over a year with 30-some tables and reports in the 100's. Now I have been asked to add 10-15 new columns in the tabular model but they should only be available to a handful of people. Up until now I
have not had any Perspectives but I thought now is probably the time to add it. New columns are not "super sensitive" but I have been asked that they should not be available for everyone.
My question is this: is it possible to restrict access to these columns (hide them) in the Model "perspective" and show them in the new FullAccess perspective? If I choose "hide from client tools" the columns are not visible in any of
the perspectives and it seems I can't hide them in the default perspective in the perspective designer...
Lumbago
www.thefirstsql.comHi Lumbago,
According to your description, you added 10-15 new columns in the tabular model but they should only be available to a handful of people, right?
To secure data, you can define security roles. Roles can limit viewable metadata and data to only those objects defined in the role. Here is a blog which describes how to implement Column Security with #SSAS Tabular and #DAX, please see:
http://geekswithblogs.net/darrengosbell/archive/2014/04/22/implementing-column-security-with-ssas-tabular-and-dax.aspx
Regards,
Charlie Liao
TechNet Community Support -
Does anyone know of any examples anywhere of a way to group rows and create subtotal rows as well as total rows. In the table, I want to create a different look for the subtotal rows, possibly even with a different layout than the other rows.
For instance, My db has a list or orders for securities. I want to display in the table a row in the table for each row in the db with columns Security, quantity, and security description.
Then I want to break on security and show the total quantity for that security AND the total dividend. I also would like a group header that will display the security, so I dont have to display it on every line.
This seems like pretty basic application logic, but I cant find any examples anywhere of grouping and summing with subtotal and total headers and footers for JTable.There is no built-in support for doing what you want. But keep in mind that the model is the heart of the JTable - do your grouping there and then notify the table when things changed. So you need a custom model that either shows or hides the subtotals (and the subheaders/footers as well). One approach would be to have a tableModel for each group and a master tableModel that' a combination of all the group table. Then let the master tableModel be the listener to the group tables (similar to the TableMap that comes with the jfc examples) update itself on showing/hiding the subtotals - and any other changes in the group table as well - and make it the model of the JTable.
Greetings
Jeanette -
Are publications supported when reporting off of SAP ECC using Crystal Reports? I'm trying to figure out how best to handle view time security (row level security and/or object level security) when reporting directly off of ECC tables.
You're correct that the Security Editor or ECC security will work with scheduling, but the security is applied at schedule time and we need to have security applied at view time based upon the user id of the person viewing the report instance. That's why I'm thinking I'll need to use something like Publications to apply additional viewtime security to the instance.
Do Publications support column security like the Universe does? I know it applies row level security but we have a need to suppress certain columns for HR and Financial reporting.
BTW - this all applies to Crystal Reports 2008 only and we're running BO Edge 3.1. Thanks. -
mixed bag
1. I have a security app on my computer, Flashbrief. I have it checked in the hide column but whenever I turn on the computerit appears in the top menu line.
2. Whenever Iturn on the computer, a new blank document window in MS Word 2011 appears. I do not have this listed in the login items.
3. I have a current model of Apple wireless mouse. It keeps getting stuck in text or e-mails and I have to somehowotherwise move the cursor to break it free.
Help with any of these will be appreciated.
BF1. I have a security app on my computer, Flashbrief. I have it checked in the hide column but whenever I turn on the computerit appears in the top menu line.
I've never heard of this software, and cannot find any reference to it online, which is a bit concerning. What is it supposed to do? There really isn't much need for security software on a Mac.
2. Whenever Iturn on the computer, a new blank document window in MS Word 2011 appears. I do not have this listed in the login items.
In Mac OS X 10.7, any applications left open when you shut down or restart are re-opened at startup, and any documents left open in an app when you quit are re-opened when you launch them again. The former can be controlled by unchecking the box in the restart/shutdown alert:
You will need to do this each time you shut down or restart, it won't remember that setting.
The latter can be deactivated by unchecking the box in System Preferences -> General:
3. I have a current model of Apple wireless mouse. It keeps getting stuck in text or e-mails and I have to somehowotherwise move the cursor to break it free.
That does not sound normal, but I don't use a mouse with my MBP, so I can't provide a solution, other than to try replacing the batteries in the mouse. -
Grand Total not displaying correctly on Column level security.
Hi All,
I have implemented the Column level security for three columns. But in dashboard report. The grand total is not displaying correctly. The grand total values are still displayed for the hidden columns.
Is there any work around for this.
The sample how my report looks like after column level security is.
ColumnA Metric1 Metric2 Metrics3(to be hidden)
A 100 200
B 150 100
GrandTotal 250 300 400( this includes the value of A = 300, B = 100).
Regards,
BhavikAny pointers please.
Maybe you are looking for
-
What happened to that extension that allowed one to duplicate a tab?
Hi-- I recently upgraded to Yosemite (and thus the new version of Safari). There used to be a great extension that allowed on to click it (it had a rudimentary graphic with a + sign within it -- though I can't remember the name!) -- and it allowed y
-
How to Take Out Default Buttons on Calendar ?
Hi, Does anybody know how to hide/remove the default "Previous" and "Next" buttons on a calendar ? Any advice is greatly appreciated !! Dorothy
-
Hello, I have installed XI 3.0, have patched the ABAP & JAVA stack to SP14. During SLD configuration we are getting error in RZ70, while collecting data for transfer it gives RFC error for destination SLD_UC. Also in http://dqxicom5702:50000/sld whil
-
Pages quit while using pages plug in
I can't open anything from Pages. And get the following : Pages quit unexpectedly while using the pages plug in.
-
I am using the NMH300 and find the file transfer speed very slow using Windows Explorer. I have the following setup: Fast Win7 x64 desktop computer with Gigabit NIC Dlink 10/100 switch (unmanaged) NMH300 connected directly to the Dlink 10/100 switch