To manage data access permissions and restrictions, Oracle database tools –the user roles – are used. We implemented two-phase management of role-based permissions, in which the database security administrator confirms the actions of the application system administrator configuring roles and granting role-based permissions to users.
In this case, the built-in Oracle RLS (Row Level Security) mechanism is used. The system does not use application for setting data access restrictions at the row level, because creating an applied security model greatly affects the system data querying.
We use the tools of data encryption during transmission via communication channels at the client-server protocol level, built into Oracle products, as well as encryption with session keys, symmetric and asymmetric algorithms using SSL certificates, when users access the system through a WEB application.
All user actions in the system can be logged in secure protocols in the database. The system administrator can independently configure the list of objects and set logging mode – transactional or daily. Logging users' accessing and viewing data is also configured - via reports and, if necessary, ordinary actions to view screen tabular forms with fixing the parameters of received reports and filters used.
We enabled applying electronic signature for documents and files, including those in WEB-applications, using almost all specialized software libraries certified by the state regulatory authorities of Ukraine, including the modern x509 standard.