Oracle Database Vault Increases Security of SAP Application Data
By Roxana Bradescu on Nov 05, 2009
Oracle Database Vault is now certified for use with SAP applications. With Oracle Database Vault, protective realms around SAP application database objects can be established to prevent privileged database users from accessing sensitive data and to enforce separation of duties among privileged database users.
Oracle Database Vault provides the following default realms to protect the SAP application and data within the database:
- Application Protection Realms for ABAP™ and the Java stacks: Protects all the sensitive SAP business data against unauthorized access from the privileged database users, and maintains the integrity of the SAP database structures;
- Application Administration Realm for BR*Tools: Securely protects the integrity of all Oracle Database objects such as tables and indexes that are used by the BR*Tools and guards against unauthorized changes from other privileged database users;
- Application Protection Realm for Admin Roles: protects SAP administration roles including SAPCONN, SAPDBA, SAPCRED, and SAPSYS from being granted except by the authorized administrator, and provides separation of duty; and,
- Application Credential Protection Realm: protects the SAP application credential data from any unauthorized access or changes by privileged database user, and enhances separation of duty.
Using the certified Oracle Database Vault command rules for SAP, organizations can also ensure that database users cannot by-pass SAP application security features and access SAP application data directly using ad-hoc database query tools. Customers can further customize these default rules and add rules to address additional security requirements. Oracle Database Vault comes with numerous pre-defined command rule factors such as time of day, day of week and system address, and organizations can build custom factors using the Oracle Database Vault API.
SAP application data can be further protected using Oracle Advanced Security, which was previously certified for SAP. Oracle Advanced Security provides Transparent Data Encryption to prevent unauthorized access to SAP application data outside the database, and complements Oracle Database Vault protection for SAP application data within the database.
Download a free, evaluation version of Oracle Database Vault (terms, conditions and restrictions apply) and the Oracle Database Vault for SAP Resource Kit which includes demos, step-by-step tutorials, and more info to get you started.