starting from ArcGIS version 10.1 while upgrading your ArcSDE Geodatabase in Oracle, one of the pre-requisite required “sde” user privilege is direct execution to the Package DBMS_CRYPTO.

grant execute on SYS.DBMS_CRYPTO to sde;

according to esri documentation: http://resources.arcgis.com/en/help/main/10.1/index.html#//002n0000002v000000

This granting has a relation to st_geometry configuration:

1. Allows the creation of a map member function for the ST_Geometry type, which is called whenever a spatial union or intersection is performed.

2. Upgrade a map member function for the ST_Geometry type, which is called whenever a spatial union or intersection is performed.

the question is: has this privilege has any relation with data encryption ?

Most Probably ‘YES ‘ : according to Oracle Documentation “DBMS_CRYPTO provides an interface to encrypt and decrypt stored data, and can be used in conjunction with PL/SQL programs running network communications. It provides support for several industry-standard encryption and hashing algorithms, including the Advanced Encryption Standard (AES) encryption algorithm.”

So, if you enable data encryption at rest on your database management system, then sde will be able to decrypt data for your geodatabase system.

Oracle Reference Link:http://docs.oracle.com/cd/B19306_01/appdev.102/b14258/d_crypto.htm