User Level Restriction For Security Fields/columns In CCB Database
(Doc ID 2017944.1)
Last updated on FEBRUARY 03, 2019
Applies to:Oracle Utilities Customer Care and Billing - Version 2.0.5 to 2.3.1 [Release 2.0 to 2.3]
Information in this document applies to any platform.
We need to hide some security fields like SSN no, Bank Account no. for particular CCB Application User. We need if we connect CCB Application to CISREAD Database which will have CIS_READ role. But still the CCB Application user can see that field from CCB Application front end.
We know that we have key store file for storing the fields in encryption mode which is available from CCB V2.40. But, for V2.3.1, is there any option available for us to hide the security objects/fields(Particular table/particular fields/particular column) in CCB database. Any sort of grant access through which can hide the fields/columns?
Or, any sort of CCB Application user restrictions through which we can hide those values from front end itself via that Application user.
Attempting to restate:
There is a group of low level users that require read-only access to the application and should not be able to see sensitive information in certain columns (e.g. bank account no). The implementation is willing to have an application server dedicated to this group of users and that application user can belong to a read-only role like CIS_READ.
Assuming above, a non-standard use of synonyms may be the ticket. Usually, the oragensec utility provides grants for three different users:
the schema owner, the read-write application user, and a read-only user (defaults are cisadm, cisuser, and cisread).
Attached is a document "Synonym_Scheme_for_CISREAD.doc" that describes altering the synonyms for CISREAD to use a view that masks a sensitive field at the database level.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!