ORA-28133 When encrypt column if the table has Fine Grained Audit Policy

(Doc ID 1326857.1)

Last updated on OCTOBER 12, 2016

Applies to:

Oracle Database - Enterprise Edition - Version 10.2.0.1 to 11.2.0.3 [Release 10.2 to 11.2]
Information in this document applies to any platform.

Symptoms

When trying to encrypt a column in a table, if the table already has an FGA Policy with statement type UPDATE. It throws error ora-28133 "full table access is restricted by fine-grained security". This error only occurs when statement_type is UPDATE.

An example of a typical sequence of events is as follows:

SQL> create table scott.test_table(id number,name varchar2(32));

Table created.

SQL> begin
2 dbms_fga.add_policy(
3 object_schema=> 'SCOTT',
4 object_name => 'TEST_TABLE',
5 policy_name => 'FGA_TEST_TABLE',
6 audit_condition => NULL,
7 handler_schema => NULL,
8 handler_module => NULL,
9 statement_types => 'UPDATE');
10 end;
11 /

PL/SQL procedure successfully completed.

SQL> commit;

Commit complete.

SQL> alter table scott.test_table modify (name ENCRYPT 'NOMAC' NO SALT);
alter table scott.test_table modify (name ENCRYPT 'NOMAC' NO SALT)
*
ERROR at line 1:
ORA-28133: full table access is restricted by fine-grained security

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms