Oracle Transparent Data Encryption undecrypted access

Question

Can I set up an Oracle Database in a way that all of the following statements are true

a) certain columns, potentially all columns are encrypted, so that direct file

Answer 1

Transparent Data Encryption only does (a). It is about preventing data breaches occuring because somebody stole the hard drive or backups, or ran strings against the DBF files. That's still useful, because it prevents your sysadmins using their privileged OS access to bypass all your database security.

If you want to enforce something like (b) the appropriate technology is the virtual private database - either DBMS_RLS with the Enterprise Edition or Oracle Label Security if you have the additional license.

If you want to implement (c) you will need Oracle's Database Vault product, which is again a chargeable extra on top of the Enterprise License.

As TDE requires the Advanced Security Option these options amount to a 75%(*) surcharge on the EE license. In which case you might as well go for broke and buy Audit Vault as well!

(*) Only 50% if you buy Label Security.