ORACLENERD: Poor Man's Data Vault

Poor Man's Data Vault

Wednesday, March 4, 2009

That's what I'm calling it anyway.

Part I.

Part II.

Part III.

I've started the project on Google Code

The goal is simple, have a simple, easy to use version of Oracle's Data Vault. By no means is this trying to replace their product, it's just a simple solution to helping lockdown your Oracle database.

I've read through a bit of Oracle's documentation on Data Vault and it seems like pretty cool stuff. I started this as something simple for our environment and was told it resembles (loosely) Data Vault by a friend.

So check it out if you want. Feedback, both good and bad, is welcome and appreciated. As the Generalissimo stated, I'm a big boy.

Labels: oracle, pmdv, security

¶ 3/04/2009 10:12:00 PM

Comments:

Yeah, you missed a great presentation at SOUG in Feb. David Knox talked up Data Vault heavily. I wouldn't have drawn the connection between what you have there and Data Vault on my on ... but YEAH I can see the connection now. The one big difference I see is that while your solution restricts DDL, Data Vault has the ability to restrict the range of activity from (least restrictive) only certain DDL requests all the way up to simple selects (most restrictive).

# posted by

Mike : March 5, 2009 at 12:39 PM

Mine doesn't go that far yet. It did start out as DDL only but it's morphed into roles now. I imagine privileges, both system and table level, will be right behind.

I know auditing picks up a lot of this stuff, but for those privileges that only need to be temporary, you can easily see the report or have some job automatically go through and expire (revoke) those privileges. I've read somewhere (maybe Pete Finnegan's site) that that's a big hole, the revoking of privileges.

I did miss that presentation. I was all set to go when everything got railroaded.

# posted by

oraclenerd : March 5, 2009 at 12:47 PM