Security Guidelines for Database Objects and Database Options
This section describes security guidelines for CDM and Oracle Database database objects and database options:
Cohort Data Mart and Omics Data Bank Objects
To create CDM and Oracle Database database objects, use DDL scripts, PL/SQL procedures and functions. To create seed data, use DML scripts. These files are part of the media pack.
For guidelines on installing and configuring the Oracle Database Server, see Oracle Database Security Guide.
Oracle Database Options
The Oracle Database has options that provide additional security features. CDM and Oracle Database may include data that falls under HIPAA guidelines in the United States and similar guidelines elsewhere. These features can help you comply with those guidelines.
Database Vault
Oracle Database Vault restricts access to specific areas in an Oracle database from any user, including those with administrative access. For example, you can restrict administrative access to employee salaries, customer medical records, or other sensitive information.
Note:
Oracle Database Vault requires a separate license.CDM and Oracle Database include data that may fall under HIPAA or other regulations outside the United States. This data is highly sensitive and only those with a need to know should have access to it. To prevent database administrators and other superuser accounts from accessing the data, Oracle recommends that you use Oracle Database Vault to limit access to these schemas.
Oracle Audit Vault
Oracle Audit Vault automates collecting and monitoring data, and reporting for the audit process. Audit data is turned into a key security resource for detecting unauthorized activity.
Consider using this feature to satisfy compliance regulations such as SOX, PCI, and HIPAA, and to mitigate security risks.
Note:
Oracle Audit Vault requires a separate license.Transparent Data Encryption
Transparent Data Encryption is one of the three components of the Oracle Advanced Security option for Oracle Database 12.2.0.1 Enterprise Edition. It provides transparent encryption of stored data to support your compliance efforts. If you employ Transparent Data Encryption, applications do not have to be modified and continue to work seamlessly as before. Data is automatically encrypted when it is written to disk and automatically decrypted when accessed by the application. Key management is built in, eliminating the complex task of creating, managing and securing encryption keys.
Note:
The Advanced Security Option is licensed separately from the database.
Tablespace Encryption
Tablespace Encryption is another component of the Oracle Advanced Security option for Oracle Database 12c Release 12.2.0.1 Enterprise Edition. Tablespace encryption facilitates encryption of the entire tablespace contents, rather than having to configure encryption on a column-by-column basis. It encrypts data at the datafile level to keep users from viewing Oracle datafiles directly. Oracle recommends performing tablespace encryption for maximum protection.
User Management
Oracle WebLogic Server supports several authentication security providers, for example, LDAP. For more information, see the Oracle Fusion Middleware documentation for Administering Security for Oracle WebLogic Server at the following location:
http://docs.oracle.com/middleware/12212/wls/SECMG/default_atn.htm#SECMG174
Oracle Healthcare Foundation supports any authentication security providers supported by WebLogic Server 12c (12.2.1.4).
Virtual Private Database
CDM now uses Row Level Security (also referred to as Virtual Private Database or VPD) to store identifiable attributes. The policies created on the tables containing identifiable attributes are always controlled by policies to prevent any user from being able to query this information. The Row Level Security option used returns null values for any column value that a user does not have permission to view. CDM now has views on all of these patient tables to use a NVL function on each identifiable attribute to show an obfuscated value instead of the real value. If a user has permission to see the real value, then the real value will be returned in the view. Earlier versions of CDM only displayed obfuscated values and did not store real identifiable attributes.
An optional configuration is available enabling you to hide rows of data that any user does not have permissions to view. By default this option is not enabled and hence users can query the data and see obfuscated values for all protected attributes. There is a default configuration that allows access to all identifiable data. Specific users that have proper credentials can be assigned access to this configuration. Control to assign users is allowed to only those users that have the VPD_ADMIN role. All calls use the CDM.VPD_UTIL package. For more information on the Virtual Private Database, see the Oracle® Health Sciences Translational Research Center Administrator's Guide.