Oracle Database Vault has now been certified with Oracle JD Edwards EnterpriseOne and you can download default policies to make deployment even easier. The default policies will establish the following realms:
Application Protection Realm to prevent privileged users from accessing sensitive information;
Configuration Protection Realm to protect the application meta data against unauthorized changes; and,
Command Rule to authorize the JD Edwards application connections to the Oracle Database based on IP address and client application.
Whta do these policies do? The first one limits privileged database users like DBAs from accessing the application data. They can still perform operational database functions but just can't read or update the data.
The second one protects the application itself by making sure there are no unauthorized changes to the application meta data that determines application behavior.
The third policy prevents access to the application data stored in the database from their desktop using Toad or some other ad-hoc query tool they can just download off the Internet.
Database Vault works inside the Oracle database so it's transparent to the JD Edwards applications. The default policies are just to get you started and make deployment faster. You can also add additional policies or customize the default ones. With Database Vault you can pretty much control every aspect of who, how, where, and when data is accessed so you can enforce pretty much any database security policy. For example, one customer added a policy that prevents any JD Edwards EnterpriseOne schema changes during their business hours.
You can read the full announcement here and learn more about Oracle Database Vault by downloading our free resource kit.