My Oracle Support Banner

ORA-28133 When encrypt column if the table has Fine Grained Audit Policy (Doc ID 1326857.1)

Last updated on FEBRUARY 23, 2023

Applies to:

Oracle Database - Enterprise Edition - Version 10.2.0.1 to 11.2.0.3 [Release 10.2 to 11.2]
Oracle Database Cloud Schema Service - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Information in this document applies to any platform.

Symptoms

When trying to encrypt a column in a table, if the table already has an FGA Policy with statement type UPDATE. It throws error ora-28133 "full table access is restricted by fine-grained security". This error only occurs when statement_type is UPDATE.

An example of a typical sequence of events is as follows:

SQL> create table USER1.test_table(id number,name varchar2(32));

Table created.

SQL> begin
2 dbms_fga.add_policy(
3 object_schema=> 'USER1',
4 object_name => 'TEST_TABLE',
5 policy_name => 'FGA_TEST_TABLE',
6 audit_condition => NULL,
7 handler_schema => NULL,
8 handler_module => NULL,
9 statement_types => 'UPDATE');
10 end;
11 /

PL/SQL procedure successfully completed.

SQL> commit;

Commit complete.

SQL> alter table USER1.test_table modify (name ENCRYPT 'NOMAC' NO SALT);
alter table USER1.test_table modify (name ENCRYPT 'NOMAC' NO SALT)
*
ERROR at line 1:
ORA-28133: full table access is restricted by fine-grained security

 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Changes
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.