Difference between TDE/VPD/Data Masking/OLS – Oralce

oraclerow-level-securitySecurity

I've come across many kinds of data masking techniques used in Oracle database.. some are licensed some are included in enterprise edition itself.. leaving the licenses thing behind as it is restricted to ask about it here..

I would like to know what is the difference between

Transparent Data Encryption

Virtual Private Database

Oracle Label Security

Data Masking pack

Oracle Vault

Ultimately each one of the above does the same job – mask the data right?

What are the differences between them??

If data masking pretty much only overwrites the data which I actually need to mask, won't a simple SQL update statement do that trick on a particular table? Why buy a tool for that?

Thanks!

Best Answer

Actually they don't do the same.

TDE encrypts the data in the database, you need to configure the wallet and have it open before you can see/use the data after that.

VPD is an Access Control Mechanism, it allows you to define sub-datasets that will be owned by different users, allowing them to see/use only the data that they actually own (even if the same set of tables are shared among different VPDs)

To have more detailed information about each tool, please review the documentation on https://docs.oracle.com/en/database/

Related Solutions

Oracle – Performance Difference Between < and <=

Yes, there is a difference, and the issue is that the estimated selectivity (thus cardinality) will be different in the 2 cases.

For a simple example, lets say the year column has years in it from 2000 (low_value) to 2014 (high_value), so there are 15 distinct values (num_distinct), they are evenly distributed, 1000 rows for each, 15000 rows (num_rows) in total in your table.

In the first case, where year < 2010 (limit = 2010), the estimated selectivity will be:

(limit - low_value) / (high_value - low_value) = (2010 - 2000) / (2014 -2000) = 10 / 14

Cardinality = 10/14 * 15000 = 10714

For the second case, where year <= 2009 (limit = 2009), selectivity is calculated as:

(limit - low_value) / (high_value - low_value) + 1/num_distinct = (2009 - 2000) / (2014 - 2000) + 1/15 = 9/14 + 1/15

Cardinality = (9/14 + 1/15) * 15000 = 10642

Not a big difference, but it can still affect the optimizer so that it choses another plan.

Above is explained in detail by Jonathan Lewis in his book "Cost-Based Oracle Fundamentals".

What is the difference between data file and data block in oracle

The Logical Storage Structures section in the Oracle Concepts Guide has a good explanation of both data blocks and data files (pages 259 - 296). There is quite a bit of good information including illustrations, but here are some excerpts:

data block
Smallest logical unit of data storage in Oracle Database. Other names for data blocks include Oracle blocks or pages. One data block corresponds to a specific number of bytes of physical space on disk.

data file
A physical file on disk that was created by Oracle Database and contains the data for a database. The data files can be located either in an operating system file system or Oracle ASM disk group.

Best Answer

Related Solutions

Oracle – Performance Difference Between < and <=

What is the difference between data file and data block in oracle

Related Question