 |
|
Oracle Tips by Burleson |
Chapter 4 General Oracle Security
SQL> select * from
vw_claims_no_ssn;
CLAIM_ID
SSN MEMBER PROVIDER_ CLAIM_AMOU PAID_ S
---------- --------- ------ --------- ----------- ----- -
1 XXXXXXXXX 12345 1234567 1200 1100 P
2 XXXXXXXXX 12345 1234567 1800 1700 P
2 XXXXXXXXX 12345 2345671 1400 1300 P
Note how the SSN field is masked by the Xs,
effectively blocking them from being seen. If a user needs to see
the member and other information, but the SSN cannot be disclosed,
this view can be provided to them so that they can freely select
anything but the protected health information.
Let's look at a little more complex
requirement. A provider, i.e. a doctor or a hospital, will want to
see the SSN number of his or her own patients for billing purposes,
and it should be allowed. This can be achieved by somehow linking
the provider's tables with their user names. Since we have a table
called providers, the usernames can be stored in a column. This is
how the provider table looks.
PROVIDER_ID
NUMBER
PROVIDER_NAME VARCHAR2(200) )
PROVIDER_USERNAME VARCHAR2(30)
Let's look at the data stored inside the table
providers.
The above text is
an excerpt from:
Oracle Privacy Security Auditing
The
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only
$39.95
and has an
immediate download of working security scripts:
|
