Mask Column Data - Can VPD do it?
519203Jun 20 2006 — edited Jun 20 2006Hi everyone.
My company is undertaking a project to hide a lot of sensitive data in our applications. However, our requirements seem to be outside of the reach of VPD.
Example - SSN field
Security Group A needs to see 123-45-6789
Security Group B needs to see ***-**-6789
Security Group C needs to see ***-**-****
Using column masking in VPD, it seems that the only two data options are 123-45-6789 (full access to the column) or NULL (no access at all to the column).
On this page, http://www.oracle.com/technology/pub/articles/jucan_security.html ,
there is a quote stating "However, with a minor change in the DBMS_RLS.ADD_POLICY call, the solution will hide (display as NULL) or mask (display as ****) the values of the protected column CARD_NO but display all the records with the values for the other columns." This has given me a glimmer of hope, but I cannot seem to find any documentation of the "mask (display as ****) behavior.
Is the article referenced above simply in error? Am I stuck to creating views in order to implement the security that my organization requires? Is there a 3rd option I'm not even thinking about?
Thanks in advance for your help!
-Brett Birschbach
Message was edited by:
hitman_in_wis