Back to Database Security homepage

Protecting Applications and Databases

Maintaining properly configured databases and applications is important in today's highly regulated environment. Auditors commonly look for undocumented database users and unapproved changes to applications. Application tables may change during patching and upgrades but rarely is a new table created except during major upgrades and product installations. A common security requirement facing organizations today is how to control usage of DDL commands by those who have these privileges, such as the database schema that owns the application. For example, internal development or support personnel may approach a junior DBA and request a temporary account in a production database to debug an open issue. Creating a new account in a production database can raise alarms with internal and external auditors.

The business drivers for this security requirement include:

Separation of duty
Secure configuration
Strong internal control mandates in regulations such as Sarbanes-Oxley
Protection of personally identifiable information (PII)

Oracle Database Vault provides security to address this common security requirement.

Separation of duty
Command Rules
Multi-factor authorization

Click here to learn how these can be used to protect your application and database environments:

Protecting Applications and Databases with Oracle Database Vault

Oracle Database Vault Customers

Absa Group Ltd.
(Success Story | Press Release)
National Marrow Donor Program (OpenWorld 2011 Daily Newspaper)
ROSS Stores (Listen)


Protect Application Data from DBA and Privileged Users (Viewlet | Oracle by Example)
Restrict DBA commands based on IP address (Viewlet | Oracle by Example)

Security Features

Data Encryption
Virtual Private Database
Database Auditing
Backup Encryption
Export file encryption
Proxy Authentication
Enterprise User Security
Secure Application Roles
Fine Grained Auditing

Related Technologies

Database Firewall
Audit Vault
Data Masking (pdf)
Secure Backup
Oracle Database Lifecycle Management
Identity Management

Technical Information

Overview Whitepaper
Oracle Database Vault Best Practices
DBA Administrative Best Practices with Oracle Database Vault
Database Vault certified with SAP: (Overview Whitepaper | Datasheet)
Database Vault certified with E-Business Suite
Database Vault certified with Peoplesoft (Datasheet | Red Paper | Security policies)
Database Vault certified with Siebel (Security policies)
Database Vault certified with JD Edwards EnterpriseOne (Security policies)
Database Vault certified with Oracle Financial Services (iFlex)
Database Vault certified with Infosys Finacle
Flash Demo
Business Whitepaper
Oracle Database Vault FAQ

Security Options

Oracle Database Vault
Oracle Advanced Security
Oracle Label Security

Discussion Forums

Audit Vault

Oracle has a very active research organization (Oracle Labs) that is charged to 'Identify, explore, and transfer new technologies that have the potential to substantially improve Oracle's business'. One part of the organization is the External Research Office (ERO). The ERO is charged to ' ... invest in research collaborations that fit Oracle's long-term strategic goals. These collaborations are between university researchers and engineers/researchers throughout Oracle's various organizations'. The ERO webpage lists numerous current and past collaborations. Oracle provides funds and direct interactions with highly experienced developers.

If you are interested in the ERO program please contact Steve Jeffreys at

If you would like to explore opportunities for a research collaboration with the database team please contact Dieter Gawlick at

or Garret Swart at
Oracle Database Cloud