User Level Auditing

Hi Expert,
we are required to enable auditing . we will enable it at DB level . but we wan to audit only one specific user not all. how we can achieve this

This is on my windows 11.2.0.1.0 sqlplus cut and paste.
C:\WINDOWS>sqlplus sys/girish as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Fri Nov 18 19:10:12 2011
Copyright (c) 1982, 2010, Oracle.  All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> @getaud;
AUDIT STATEMENT
AUDIT ALTER ANY PROCEDURE  BY ACCESS ;
AUDIT ALTER ANY TABLE  BY ACCESS ;
AUDIT ALTER DATABASE  BY ACCESS ;
AUDIT ALTER PROFILE  BY ACCESS ;
AUDIT ALTER SYSTEM  BY ACCESS ;
AUDIT ALTER USER  BY ACCESS ;
AUDIT AUDIT SYSTEM  BY ACCESS ;
AUDIT CREATE ANY JOB  BY ACCESS ;
AUDIT CREATE ANY LIBRARY  BY ACCESS ;
AUDIT CREATE ANY PROCEDURE  BY ACCESS ;
AUDIT CREATE ANY TABLE  BY ACCESS ;
AUDIT STATEMENT
AUDIT CREATE EXTERNAL JOB  BY ACCESS ;
AUDIT CREATE PUBLIC DATABASE LINK  BY ACCESS ;
AUDIT CREATE SESSION  BY ACCESS ;
AUDIT CREATE USER  BY ACCESS ;
AUDIT DATABASE LINK  BY ACCESS ;
AUDIT DROP ANY PROCEDURE  BY ACCESS ;
AUDIT DROP ANY TABLE  BY ACCESS ;
AUDIT DROP PROFILE  BY ACCESS ;
AUDIT DROP USER  BY ACCESS ;
AUDIT EXEMPT ACCESS POLICY  BY ACCESS ;
AUDIT GRANT ANY OBJECT PRIVILEGE  BY ACCESS ;
AUDIT STATEMENT
AUDIT GRANT ANY PRIVILEGE  BY ACCESS ;
AUDIT GRANT ANY ROLE  BY ACCESS ;
AUDIT PROFILE  BY ACCESS ;
AUDIT PUBLIC SYNONYM  BY ACCESS ;
AUDIT ROLE  BY ACCESS ;
AUDIT SYSTEM AUDIT  BY ACCESS ;
AUDIT SYSTEM GRANT  BY ACCESS ;
29 rows selected.
SQL> audit select table by scott by access;
Audit succeeded.
SQL> @getaud;
AUDIT STATEMENT
AUDIT ALTER ANY PROCEDURE  BY ACCESS ;
AUDIT ALTER ANY TABLE  BY ACCESS ;
AUDIT ALTER DATABASE  BY ACCESS ;
AUDIT ALTER PROFILE  BY ACCESS ;
AUDIT ALTER SYSTEM  BY ACCESS ;
AUDIT ALTER USER  BY ACCESS ;
AUDIT AUDIT SYSTEM  BY ACCESS ;
AUDIT CREATE ANY JOB  BY ACCESS ;
AUDIT CREATE ANY LIBRARY  BY ACCESS ;
AUDIT CREATE ANY PROCEDURE  BY ACCESS ;
AUDIT CREATE ANY TABLE  BY ACCESS ;
AUDIT STATEMENT
AUDIT CREATE EXTERNAL JOB  BY ACCESS ;
AUDIT CREATE PUBLIC DATABASE LINK  BY ACCESS ;
AUDIT CREATE SESSION  BY ACCESS ;
AUDIT CREATE USER  BY ACCESS ;
AUDIT DATABASE LINK  BY ACCESS ;
AUDIT DROP ANY PROCEDURE  BY ACCESS ;
AUDIT DROP ANY TABLE  BY ACCESS ;
AUDIT DROP PROFILE  BY ACCESS ;
AUDIT DROP USER  BY ACCESS ;
AUDIT EXEMPT ACCESS POLICY  BY ACCESS ;
AUDIT GRANT ANY OBJECT PRIVILEGE  BY ACCESS ;
AUDIT STATEMENT
AUDIT GRANT ANY PRIVILEGE  BY ACCESS ;
AUDIT GRANT ANY ROLE  BY ACCESS ;
AUDIT PROFILE  BY ACCESS ;
AUDIT PUBLIC SYNONYM  BY ACCESS ;
AUDIT ROLE  BY ACCESS ;
AUDIT SELECT TABLE BY SCOTT BY ACCESS ;    <----------- New Row
AUDIT SYSTEM AUDIT  BY ACCESS ;
AUDIT SYSTEM GRANT  BY ACCESS ;
30 rows selected.
SQL> noaudit select table by scott;
Noaudit succeeded.
SQL> @getaud;
AUDIT STATEMENT
AUDIT ALTER ANY PROCEDURE  BY ACCESS ;
AUDIT ALTER ANY TABLE  BY ACCESS ;
AUDIT ALTER DATABASE  BY ACCESS ;
AUDIT ALTER PROFILE  BY ACCESS ;
AUDIT ALTER SYSTEM  BY ACCESS ;
AUDIT ALTER USER  BY ACCESS ;
AUDIT AUDIT SYSTEM  BY ACCESS ;
AUDIT CREATE ANY JOB  BY ACCESS ;
AUDIT CREATE ANY LIBRARY  BY ACCESS ;
AUDIT CREATE ANY PROCEDURE  BY ACCESS ;
AUDIT CREATE ANY TABLE  BY ACCESS ;
AUDIT STATEMENT
AUDIT CREATE EXTERNAL JOB  BY ACCESS ;
AUDIT CREATE PUBLIC DATABASE LINK  BY ACCESS ;
AUDIT CREATE SESSION  BY ACCESS ;
AUDIT CREATE USER  BY ACCESS ;
AUDIT DATABASE LINK  BY ACCESS ;
AUDIT DROP ANY PROCEDURE  BY ACCESS ;
AUDIT DROP ANY TABLE  BY ACCESS ;
AUDIT DROP PROFILE  BY ACCESS ;
AUDIT DROP USER  BY ACCESS ;
AUDIT EXEMPT ACCESS POLICY  BY ACCESS ;
AUDIT GRANT ANY OBJECT PRIVILEGE  BY ACCESS ;
AUDIT STATEMENT
AUDIT GRANT ANY PRIVILEGE  BY ACCESS ;
AUDIT GRANT ANY ROLE  BY ACCESS ;
AUDIT PROFILE  BY ACCESS ;
AUDIT PUBLIC SYNONYM  BY ACCESS ;
AUDIT ROLE  BY ACCESS ;
AUDIT SYSTEM AUDIT  BY ACCESS ;
AUDIT SYSTEM GRANT  BY ACCESS ;
29 rows selected.
SQL>Now your question :
Allright is i want to audit scott user's all activities ,DDL,DML ,Select logon login every thing then what shoul i do.So, just use audit statement with by clause and run above getaud script to see its impact.
here it is my getaud.sql which i obtained from [ http://www.myoraclesupports.com/content/script-generate-audit-and-noaudit-statements-current-audit-settings ] link.
select 'AUDIT '||m.name||decode(u.name,'PUBLIC',' ',' BY '||u.name)||
decode(nvl(a.success,0) + (10 * nvl(a.failure,0)),
1,' BY SESSION WHENEVER SUCCESSFUL ',
2,' BY ACCESS WHENEVER SUCCESSFUL ',
10,' BY SESSION WHENEVER NOT SUCCESSFUL ',
11,' BY SESSION ', -- default
20, ' BY ACCESS WHENEVER NOT SUCCESSFUL ',
22, ' BY ACCESS',' /* not possible */ ')||' ;'
"AUDIT STATEMENT"
FROM sys.audit$ a, sys.user$ u, sys.stmt_audit_option_map m
WHERE a.user# = u.user# AND a.option# = m.option#
and bitand(m.property, 1) != 1 and a.proxy# is null
and a.user# > 0
UNION
select 'AUDIT '||m.name||decode(u1.name,'PUBLIC',' ',' BY '||u1.name)||
' ON BEHALF OF '|| decode(u2.name,'SYS','ANY',u2.name)||
decode(nvl(a.success,0) + (10 * nvl(a.failure,0)),
1,' WHENEVER SUCCESSFUL ',
2,' WHENEVER SUCCESSFUL ',
10,' WHENEVER NOT SUCCESSFUL ',
11,' ', -- default
20, ' WHENEVER NOT SUCCESSFUL ',
22, ' ',' /* not possible */ ')||';'
"AUDIT STATEMENT"
FROM sys.audit$ a, sys.user$ u1, sys.user$ u2, sys.stmt_audit_option_map m
WHERE a.user# = u2.user# AND a.option# = m.option# and a.proxy# = u1.user#
and bitand(m.property, 1) != 1 and a.proxy# is not null
UNION
select 'AUDIT '||p.name||decode(u.name,'PUBLIC',' ',' BY '||u.name)||
decode(nvl(a.success,0) + (10 * nvl(a.failure,0)),
1,' BY SESSION WHENEVER SUCCESSFUL ',
2,' BY ACCESS WHENEVER SUCCESSFUL ',
10,' BY SESSION WHENEVER NOT SUCCESSFUL ',
11,' BY SESSION ', -- default
20, ' BY ACCESS WHENEVER NOT SUCCESSFUL ',
22, ' BY ACCESS',' /* not possible */ ')||' ;'
"AUDIT STATEMENT"
FROM sys.audit$ a, sys.user$ u, sys.system_privilege_map p
WHERE a.user# = u.user# AND a.option# = -p.privilege
and bitand(p.property, 1) != 1 and a.proxy# is null
and a.user# > 0
UNION
select 'AUDIT '||p.name||decode(u1.name,'PUBLIC',' ',' BY '||u1.name)||
' ON BEHALF OF '|| decode(u2.name,'SYS','ANY',u2.name)||
decode(nvl(a.success,0) + (10 * nvl(a.failure,0)),
1,' WHENEVER SUCCESSFUL ',
2,' WHENEVER SUCCESSFUL ',
10,' WHENEVER NOT SUCCESSFUL ',
11,' ', -- default
20, ' WHENEVER NOT SUCCESSFUL ',
22, ' ',' /* not possible */ ')||';'
"AUDIT STATEMENT"
FROM sys.audit$ a, sys.user$ u1, sys.user$ u2, sys.system_privilege_map p
WHERE a.user# = u2.user# AND a.option# = -p.privilege and a.proxy# = u1.user#
and bitand(p.property, 1) != 1 and a.proxy# is not null
/Regards
Girish Sharma
Edited by: Girish Sharma on Nov 18, 2011 7:18 PM
Just edited that bold fonts are not visible in code tags.
Edited by: Girish Sharma on Nov 18, 2011 7:22 PM
Another editing that "< >" are not visible, so i put it into code tags.
Edited by: Girish Sharma on Nov 18, 2011 7:24 PM
Please use and a.user# less than and greater than sign before 0; i mean not equal to...

Similar Messages

  • SCHEMA/USer Level Auditing

    Hi Experts,
    i need your guidence.. actulay if we enable user level auditing then it will log all DDL n DML in AUDIT_SYS$ table. but if the user being audited execute a procedure and in the procdure the are lot of DDL and DML then is these DDL and DML executed with in Procedure will also logged in AUDIT_SYS$ table or Just it will logged that procedure is executed,???????
    regards,

    Hi Experts,
    i need your guidence.. actulay if we enable user level auditing then it will log all DDL n DML in AUDIT_SYS$ table. but if the user being audited execute a procedure and in the procdure the are lot of DDL and DML then is these DDL and DML executed with in Procedure will also logged in AUDIT_SYS$ table or Just it will logged that procedure is executed,???????
    regards,

  • User administration auditing

    Hello,
    My audit_control file and relevant class end event lines follows. But adding user and deleting user activities doesn't come audit.
    what's wrong with it?
    Thanks,
    Osman
    -bash-3.00# less /etc/security/audit_control
    # Copyright (c) 1988 by Sun Microsystems, Inc.
    # ident "@(#)audit_control.txt 1.4 00/07/17 SMI"
    dir:/var/audit
    flags: lo,ss,ua,as
    #,ad,am,fc,fm,ua
    naflags: lo,ss,ua,as
    minfree:20
    -bash-3.00# grep user /etc/security/audit_event
    # 6144 - 32767 SunOS 5.X user level audit events
    134:AUE_GETUSERAUDIT:getuseraudit(2):no
    135:AUE_SETUSERAUDIT:setuseraudit(2):no
    233:AUE_FUSERS:utssys(2) - fusers:fa
    # user level audit events
    6196:AUE_usermgr_add:add user/user attributes:ua
    6197:AUE_usermgr_delete:delete user/user attributes:ua
    6198:AUE_usermgr_modify:modify user/user attributes:ua
    6207:AUE_create_user:create user:ua
    6208:AUE_modify_user:modify user:ua
    6209:AUE_delete_user:delete user:ua
    6210:AUE_disable_user:disable user:ua
    6211:AUE_enable_user:enable user:ua
    -bash-3.00# grep user /etc/security/audit_class
    0x00040000:ua:user administration

    I too suffer from this. However I have another related concern.
    I first noticed the original problem in Solaris 8 and overcame it as suggested by including exec events and parsing the results. It took a while but I got what I wanted - I needed exec events in any case to look for lp commands as well.
    However in Solaris 10 8/07 I have noticed that the affected users are no longer recorded in useradd/userdel/usermod/passmgt events.
    The output of praudit is simpler to parse because the variation in record lengths in reduced, but important information is missing, i.e the arguments of the commands are not included. Am I missing something?
    For the record I normally adopt the following approach to 'optimise' the audit trail.
    In /etc/security/audit_class I add several new masks. for example
    0x01000000:za:My Admin
    0x02000000:zf:My File
    0x0f000000:zz:My All
    Then in /etc/security/audit_event I add the za, zf etc to each line of interest.
    In /etc/security/audit_control I have the line
    flags:zz
    Whilst this may be frowned upon, and may break in future if the masks I use come into play, I find that it makes life easier in that I can fine tune which events should be recorded and it is easier to identify the customisations when comparing different versions of the supplied files.
    And for the record I have verified that without the above modifications the information I am seeking is still not present.
    To test this, without modifications to audit_event and audit_class, and flags:all in audit_control
    rm /var/audit/20*
    svcadm enable auditd
    useradd -u 1234 -g 1000 -d /tmp/user1 -s /bin/sh user1
    passwd user1
    passwd -l user1
    passwd -d user1
    userdel user1
    svcadm disable auditd
    auditreduce | praudit | grep user1The above returns just one line corresponding to the first passwd command.

  • How to set users level security profiles and auditing?

    hi,
    We are using EBS 12( 12.0.6 ) with database 10g (10.2.0.3) on Linux redhat 4.
    I want to set the all user level and site level security profiles like user login attempts, password attempts, case sensitivity, and all these
    infos and attempts should be audit.
    Please also explain the empact of audit on running system?
    Thx

    I want to set the all user level and site level security profiles like user login attempts, password attempts, case sensitivity, and all these
    infos and attempts should be audit. https://forums.oracle.com/forums/search.jspa?threadID=&q=Profile+AND+Option+AND+API&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
    https://forums.oracle.com/forums/search.jspa?threadID=&q=Profile+AND+Option+AND+Audit&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
    Please also explain the empact of audit on running system?https://forums.oracle.com/forums/search.jspa?threadID=&q=Auditing+AND+FND+AND+Profile+AND+Option&objID=c3&dateRange=all&userID=&numResults=15&rankBy=10001
    Try this in a TEST instance before you promote it to Production.
    You will need to bounce the application services and enforce the users to sign off/on after setting those profile options.
    Thanks,
    Hussein

  • Make all the forms at a user level or responsibility level to be read only

    Hi,
    Please suggest me to make all the forms at a user level or responsibility level to be read only. So that when a particular user logs in, he gets all the form in read only mode or at a particular responsibility all the forms are read only so that we can attach this responsibility to the user for the same purpose.
    Any ideas will be highly appreciated.

    check this blog,
    http://www.oracleappshub.com/11i/oracleapps-responsibility-vs-sap-functions/
    Re: How to change OM responsibility as read-only in oracle applications 11i
    read only responsibility-user

  • How to create a profile value at user level programatically

    Dear all,
    I want to create a profile value at user level programatically, I refer to the developer guide and try to use fnd_profile.put() to create a new value.
    But I find out the value is just created in session level, not be inserted into base table.
    So is there anyone know how to realize this function in PL/SQL?
    Any idea is appreciated.
    Best Regards,
    Kenny

    Check Note: 364503.1 - How to Set a System Profile Value Without Logging in to the Applications
    https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=364503.1

  • Error while performing Risk Analysis at user level for a cross system user

    Dear All,
    I am getting the below error, while performing the risk analysis at user level for a cross system (Oracle) user.
    The error is as follows:
    "ResourceException in method ConnectionFactoryImpl.getConnection(): com.sap.engine.services.connector.exceptions.BaseResourceException: Cannot get connection for 120 seconds. Possible reasons: 1) Connections are cached within SystemThread(can be any server service or any code invoked within SystemThread in the SAP J2EE Engine), 2) The pool size of adapter "SAPJ2EDB" is not enough according to the current load of the system or 3) The specified time to wait for connection is not enough according to the pool size and current load of the system. In case 1) the solution is to check for cached connections using the Connector Service list-conns command, in case 2) to increase the size of the pool and in case 3) to increase the time to wait for connection property. In case of application thread, there is an automatic mechanism which detects unclosed connections and unfinished transactions.RC:1
    Can anyone please help.
    Regards,
    Gurugobinda

    Hi..
    Check the note # SAP Note 1121978
    SAP Note 1121978 - Recommended settings to improve peformance risk analysis.
    Check for the following...
    CONFIGTOOL>SERVER>MANAGERS>THREADMANAGER
    ChangeThreadCountStep =50
    InitialThreadCount= 100
    MaxThreadCount =200
    MinThreadCount =50
    Regards
    Gangadhar

  • LaserJet P1505n printing slow just for user-level accounts in Win7

    I have several workstations running Win7 Pro 64-bit that have been installed as replacements for XP machines.  All of them print to one of several P1505n printers, and are using the latest drivers from HP.  Under XP there were no problems printing to these printers, but the Win7 machines have significant delays when trying to print.  The Windows test page prints instantaneously, but printing from any other application has a delay of up to a full minute before the job begins to print.  Once the job prints, it prints without issue.
    One thing that I have noticed during my testing seems to point to permissions.  If I am logged in using my admin-level account, everything prints as it should, with no delays at all.  Once I log in with a user-level account, however, the delays begin.  I found the driver files at C:\Windows\System32\spool\drivers\x64\3, but giving "everyone" full control over those files does not help.
    Is there anything else that I should be looking at?
    Thanks in advance!
    Donny

    In the end, I was able to resolve the problem by installing the Vista x64 drivers.  No playing with permissions necessary.

  • Windows Server 2012 Group Policy Block USB Storage devices @ User Level Not getting applied on a Domain Client machine with Windows Server 2008 R2. Why?

    Hello,
    I have a Windows Server 2012 R2.
    I have configured the Group Policy on it to block the usage of USB - Storage Devices @ user level on the client machines. It works properly for my Windows 7 client machines but it's not working on one of the machine having Windows Server 2008 R2 installed
    on it (this machine is also a domain client in the same domain).
    I will really be thankful if anyone can suggest some solution to this issue.
    Please feel free to write back in-case I have missed anything obvious to be shared.
    Thanks!
    -Vinay Pugalia
    If a post answers your question, please click "Mark As Answer" on that post or
    "Vote as Helpful".
    Web : Inkey Solutions
    Blog : My Blog
    Email : Vinay Pugalia

    Hi,
    Any update?
    Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
    Best Regards,
    Andy Qi
    TechNet
    Subscriber Support
    If you are TechNet
    Subscription user and have any feedback on our support quality, please send your feedbackhere.
    Andy Qi
    TechNet Community Support

  • Issue in User Level Simulation in GRC 10.0

    Hello Every one,
    Before i Jump into the question, please find below the screen shot which tells about the B.P(Business process),Functions created in test system(GRC 10.0), where as the roles and corresponding users which have been created in back end system connecting to GRC 10.0.
    Now when i am trying to run a risk analysis on user TEST_RISK(TEST_ROLE_RISK role is assigned and pfa the authorizations in the role), i will be shown the Risk R001.
    Now i am trying to run user Level Simulation on the above user TEST_RISK and i am trying to simulate by adding a new role TEST_ROLE_RISK3 as shown in the below screenshot at Action level,Permission Level,Critical Action level ,Critical permission level.
    Even though i select the option, Risk from Simulation only, when i try to execute at action level , it is also showing me the risk which coming from the actual role assigned but not from the simulating one.
    Thanks and Regards,
    Naga.

    Hi Naga,
    there are some notes which might help to fix the problem. Especially the first might fix your problem.
    http://service.sap.com/sap/support/notes/1895502
    http://service.sap.com/sap/support/notes/1953347
    Please let us know if it helped.
    Regards,
    Alessandro

  • Permissions set at USER level

    Can I just confirm, that if I open a User within Server settings and I see any of the Global permission tickboxes ticked then these have at some point been set at the User Level. If however, best practice has been observed and users have only ever been
    selected against groups then I should NOT see any boxes in any of the Users permissions ticked at all?  Is that correct?
    Thanks in advance,
    Steve

    Steve --
    You are absolutely right, my friend.  If you see ANY checkboxes selected in the Categories or Global Permissions sections of a User page, then these selections represent an override to the permissions specified by the Groups to which the user belongs.
     Best practice dictates that permissions for each user be controlled by adding the user to Groups, which makes for a simpler and easier to understand security model.  This is a GREAT question, my friend, and I applaud you for asking it.  :)
    Dale A. Howard [MVP]

  • How to forbid command field at user level?

    Does anyone know how can i forbid at user level the command field?
    Thanks
    M.

    Hi marco,
    1. In normal SAPGUI,
       there is some REGISTRY Value, (when gui installation is done)
    2. If that setting/value in registry is changed,
       then the command field won't come.
    3. For PORTALS,
        the setting is done in the ICF/Service parameter
       ~NOHEADEROKCODE=1
      (By doing this, it will come in SAP GUI,
      but won't come if we access r/3 from portal/internet explorer)
    regards,
    amit m.

  • How to hide the columns at the end user level thru personalization

    Hi all
    how I can hide the columns that are displayed on the portal. Any personalize option for the end user? Any righ click or some thing?
    I am looking at hiding columns not while developing the iViews / Pages, But in the browsers as the end user.
    i can hide the columns what ever i want while creating the iViews for MDM data. but we cant provide the content administrator role to the end user for hiding the columns what ever they want. they want to hide the columns thru pesonalization option at the end user level.
    Can you please let me know whether we can able to hide the columns at the end user level thru personalization ?? is it posible with standard iViews??
    Regards
    Sunil

    Hi Sunil,
    I understood your requirement properly and seems valid and I tried this at my end but i didnt get the solution. Field list is not visible in Personalize option. I dont think it is possible with MDM standard iViews.
    I was thinking an alternative is if some how we manage to give the permissions to end user only on Result Set iView but if it would be possible it will not be a good design.
    Lets wait for some inputs from others.
    Regards,
    Jitesh Talreja

  • What is Execution Count in User Level Analysis?

    Hi,
    Can anyone through a light on that what is Execution Count Column means in User Level Analysis Report ,If it is the number of counts of the users execte the action then how we can discover or from when it counts the number of count ....??
    is it count from the starting of the user using that tcode or action?

    Hi Pranjal,
    Yes, Prashant is correct it counts from the first job run, but as it takes data from STAD, so the counting is actually as per the STAD data store setting.
    So if STAD store data for 4 days and if you run job in today it will count from 17.05.2014, make sure you have this job running regularly, if you miss this job run for more days than the retention period of STAD data, you may miss execution count for those days.
    Hope this clears your query.
    BR,
    Mangesh

  • Can we create wallet at User Level to implement TDE in Oracle 10g

    Hi
    I am going to use a Oracle 10g TDE security feature for data security.I have gone through with lots document.Everywhere there is mention to open or close a Wallet at system level.I mean ALTER SYSTEM..that means except DBA no one can see the encrypted column.
    But my requirement is bit different,I want to encrypt the column based on user.
    lets take example- Suppose we have one table TEST with C1,C2,C3,C4,C5,C6 column and there is U1,U2,U3 user.I want to encrypt C1 and C3 for U1 , C2 and C5 for U2 , C4 and C6 for U3 and U1,U2 and U3 can see only all columns except encrypted column.
    My question is Can we apply TDE at User level rather than system level.
    Any ideas or thought would be appreciable.
    Thanks in advance.
    ANwar

    The idea of TDE is to provide data protection on storage media, so when your backup tapes drop from the truck or the hard disk of a stolen laptop is sold online, encrypted data remains encrypted and can't be read by anyone.
    It seems to me as if you try to achieve access control by encryption, which you don't need: If users have sufficient privileges or the business need to see data, then they should be granted access and see the data de-crypted. Otherwise, access control mechanisms (roles, views, VPD, OLS) should kick in and hide the rows from them.
    So, for day-to-day business of your database, the wallet needs to be open, so that the database can de-crypt data for users who have been granted to see credit card numbers etc., but then limit access to credit card numbers they are not allowed to see with other measures. There is a little hands-on for TDE and VPD here:
    http://www.oracle.com/technology/obe/10gr2_db_vmware/security/tde/tde.htm
    Hope this helps,
    Peter

Maybe you are looking for

  • Text slanted on new hp 8610

    I'm printing text on the flap of lined envelopes. Have a new HP Officejet 8610 printer. All text lines up on unlined evelopes but not on the lined. I have a home business. Spent 4 1/2 hours on with HP and noe talking to Apple. Help!!!

  • How do I order an Album in US to be deliver to Canada? They suppose to be compatible countries according tho their list.

    I spent a lot of time making an album for my son's wedding, I live in US and he lives in Canada. When I try to order the book, on the shipping section, I can't change the country (United States) for Canada, so it gives me an error on the address. I c

  • Firefox is opening a tad labled Custom search. How do you turn this off?

    Without my asking Firefox stated opening Google Custom Search instead of regular search. I would like to get back to regular search.

  • Thread safe Queue implementation

    Dear all, I have implemented Queue functionality using Blocking concurent linked list based java queue, but i am facing problem of deadlock/program hang. There are 10 threads which are trying to see that is there any object in Queue, they get that ob

  • I Tunes is gone

    I have downloaded many songs and podcasts to my ipod. I have purchased from the I Tunes store. The other day I went to synch my ipod and I have no songs, no albums nothing................there must be an easy answer....right? HELP