Transparent Data Encryption (TDE) is NOT about access control.

Transparent Data Encryption (TDE) is NOT about access control. This is to protect the data access from OS files. If someone has access to OS datafiles, with some utilities DBFs data can be read in text format.


Transparent Data Encryption (TDE) : in 10g  :We need to configure encryption on a column-by-column basis.

in 11g: We can do Tablespace encryption  instead of column-by-column.

Encryption algorithm can have one of the following values:
3DES168, AES128,AES192,AES256

The key lengths are included in the names of the algorithms themselves. If no encryption algorithm is specified, the default encryption algorithm is used. The default encryption algorithm is AES128.


1)We cannot use Tablespace encryption  for SYSTEM, SYSAUX, UNDO and TEMP tablespaces

2)We need to create new tablespace for encrption as Existing tablespace cannot be encrypted
3)An issue with any encryption method is the negative impact on performance.
4)SELECT  encrypted FROM dba_tablespaces ; --> will tell you if tablespace is encryped or not. (YES,NO)
5)cannot encrypt SYS owned objects
6) helpful query

SELECT NAME, ENCRYPTIONALG ENCRYPTEDTS

FROM V$ENCRYPTED_TABLESPACES, V$TABLESPACE
WHERE V$ENCRYPTED_TABLESPACES.TS# = V$TABLESPACE.TS#;



Historically, users have wanted to encrypt data because they want to restrict data access from their database administrators. However, this problem is more of an access control problem, not an encryption problem. You can address this problem by using Oracle Database Vault to control the access to your application data from database administrators.