Security Guidelines for Database Objects and Database Options
This section describes security guidelines for OHTR's database objects and database options.
Parent topic: Security Guide
Oracle Healthcare Translational Research objects
You can use DDL scripts and PL/SQL procedures and functions to create database objects and DML scripts to create seed data. These files are part of the media pack.
The guidelines for installing and configuring Oracle Database Server are available on Oracle Help Center:
http://docs.oracle.com/database/122/nav/install-and-upgrade.htm
Oracle Database options
The Oracle Database has options that provide additional security features. OHTR may include data that falls under HIPAA guidelines in the United States and similar guidelines elsewhere. These features can help you comply with those guidelines.
Database Vault
Note:
Database Vault requires a separate license.With such sensitive data, only those with a valid need to know anything about it should have access to it. To prevent DBAs and others from seeing this data, it is recommended that Oracle Database Vault be used to limit users' access to the OHTR schema. This prevents DBAs and other superuser accounts from accessing data.
Audit Vault
Note:
Oracle Audit Vault requires a separate license.Oracle Audit Vault automates the audit collection, monitoring, and reporting process, turning audit data into a key security resource for detecting unauthorized activity.
Consider using this feature to satisfy compliance regulations such as SOX, PCI, and HIPAA, and to mitigate security risks. OHTR sets the client identifier in the database session to allow identification of the end user.
Transparent Data Encryption
Transparent Data Encryption is one of the three components of the Oracle Advanced Security option for Oracle Database 12c Enterprise Edition. It provides transparent encryption of stored data to support your compliance efforts. If you employ Transparent Data Encryption, applications do not have to be modified and continue to work seamlessly as before. Data is automatically encrypted when it is written to disk and automatically decrypted when accessed by the application. Key management is built in, eliminating the complex task of creating, managing and securing encryption keys. Note that the Advanced Security Option is licensed separately from the database.
Tablespace Encryption
Tablespace Encryption is another component of the Oracle Advanced Security option for Oracle Database 12c Edition. Tablespace encryption facilitates encryption of the entire tablespace contents, rather than having to configure encryption on a column-by-column basis. It encrypts data at the data file level to keep users from viewing the Oracle data files directly. Oracle recommends that you perform tablespace encryption for maximum protection.
User Management
WebLogic Server supports several authentication security providers, for example, LDAP. For more information, see the Oracle® Fusion Middleware Administering Security for Oracle WebLogic Server at
http://docs.oracle.com/middleware/12212/wls/SECMG/conf-security-for-domain.htm#SECMG777
OHTR supports any authentication security providers supported by WebLogic Server 12c (12.2.1.4).
Virtual Private Database
OHTR now uses Row Level Security (also referred to as Virtual Private Database or VPD) to store identifiable attributes. The policies created on the tables containing identifiable attributes are always controlled by policies to prevent any user from being able to query this information. The Row Level Security option used will return null values for any column value that a user does not have permission to view. OHTR now has views on all of these patient tables to use a NVL function on each identifiable attribute to show an obfuscated value instead of the real value. If a user has permission to see the real value, then the real value will be returned in the view. Earlier versions of OHTR only showed obfuscated values and never stored real identifiable attributes.
There is an optional configuration to hide the rows of data that any user does not have permissions to view. By default this option is not enabled, meaning that users can query the data and see obfuscated values for all protected attributes. There is a default configuration that allows access to all identifiable data. Specific users that have proper credentials can be assigned access to this configuration. All control to the assignments of users is allowed to only users that have the VPD_ADMIN role assigned, and all calls use the CDM.VPD_UTIL package. For more information, see the Oracle Healthcare Translational Research Administrator's Guide.