Re: Securing data from Database Admin

[postmaster <postmaster () impole com>]

Oracle 11g has added a suite of security functions. Ask your DBA to help 
you. S/he should not have any issue with helping you secure your data to 
whatever level you want or need to, including restricting their own 
access. For instance, you can still patch the database without being 
able to look at the data and you can still back up and restore data even 
if it's encrypted.

http://www.oracle.com/database/database-vault.html
http://www.oracle.com/database/advanced-security.html
http://www.oracle.com/technology/deploy/security/database-security/secure-application-roles/index.html
http://www.oracle.com/technology/deploy/security/database-security/virtual-private-database/index.html
http://www.oracle.com/technology/deploy/security/database-security/transparent-data-encryption/index.html

I haven't implemented these in 11g myself and don't have any plans to.

-Mike

WALI wrote:
> Is there a way we can secure data within (Oracle 9i) database? 
> Supposingly there is an application developed by internal developers 
> and it's backend database is administered by a DB Admin. There is no 
> segregation of duties between development and live environments due to 
> resource constraints.
>
> Is there a way data can be protected from being revealed to or being 
> tempered by DB Admin? He would only be called in when there's some 
> kind of malfunction that too under the watchful eyes of project team 
> leader.
>
> Any thoughts to bring in preventive/detective controls over DB Admin 
> activities?