Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Oracle Database 12c Security Cookbook
  • Toc
  • feedback
Oracle Database 12c Security Cookbook

Oracle Database 12c Security Cookbook

By : Maja Veselica & Zoran Pavlovic, Pavlovic, Veselica
4.7 (3)
close
Oracle Database 12c Security Cookbook

Oracle Database 12c Security Cookbook

4.7 (3)
By: Maja Veselica & Zoran Pavlovic, Pavlovic, Veselica

Overview of this book

Businesses around the world are paying much greater attention toward database security than they ever have before. Not only does the current regulatory environment require tight security, particularly when dealing with sensitive and personal data, data is also arguably a company’s most valuable asset - why wouldn’t you want to protect it in a secure and reliable database? Oracle Database lets you do exactly that. It’s why it is one of the world’s leading databases – with a rich portfolio of features to protect data from contemporary vulnerabilities, it’s the go-to database for many organizations. Oracle Database 12c Security Cookbook helps DBAs, developers, and architects to better understand database security challenges. Let it guide you through the process of implementing appropriate security mechanisms, helping you to ensure you are taking proactive steps to keep your data safe. Featuring solutions for common security problems in the new Oracle Database 12c, with this book you can be confident about securing your database from a range of different threats and problems.
Table of Contents (13 chapters)
close
close
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Conventions
Reader feedback
Customer support
Free Chapter
1
1. Basic Database Security
chevron up
1. Basic Database Security
Introduction
Creating a password profile
Creating password-authenticated users
Changing a user's password
Creating a user with the same credentials on another database
Locking a user account
Expiring a user's password
Creating and using OS-authenticated users
Creating and using proxy users
Creating and using database roles
The sysbackup privilege – how, when, and why should you use it?
The syskm privilege – how, when, and why should you use it?
The sysdg privilege – how, when, and why should you use it?
2
2. Security Considerations in Multitenant Environment
2. Security Considerations in Multitenant Environment
Introduction
Creating a common user
Creating a local user
Creating a common role
Creating a local role
Granting privileges and roles commonly
Granting privileges and roles locally
Effects of plugging/unplugging operations on users, roles, and privileges
3
3. PL/SQL Security
3. PL/SQL Security
Introduction
Creating and using definer's rights procedures
Creating and using invoker's right procedures
Using code-based access control
Restricting access to program units by using accessible by
4
4. Virtual Private Database
4. Virtual Private Database
Introduction
Creating different policy functions
Creating Oracle Virtual Private Database row-level policies
Creating column-level policies
Creating a driving context
Creating policy groups
Setting context as a driving context
Adding policy to a group
Exempting users from VPD policies
5
5. Data Redaction
5. Data Redaction
Introduction
Creating a redaction policy when using full redaction
Creating a redaction policy when using partial redaction
Creating a redaction policy when using random redaction
Creating a redaction policy when using regular expression redaction
Using Oracle Enterprise Manager Cloud Control 12c to manage redaction policies
Changing the function parameters for a specified column
Add a column to the redaction policy
Enabling, disabling, and dropping redaction policy
Exempting users from data redaction policies
6
6. Transparent Sensitive Data Protection
6. Transparent Sensitive Data Protection
Introduction
Creating a sensitive type
Determining sensitive columns
Creating transparent sensitive data protection policy
Associating transparent sensitive data protection policy with sensitive type
Enabling, disabling, and dropping policy
Altering transparent sensitive data protection policy
7
7. Privilege Analysis
7. Privilege Analysis
Introduction
Creating database analysis policy
Creating role analysis policy
Creating context analysis policy
Creating combined analysis policy
Starting and stopping privilege analysis
Reporting on used system privileges
Reporting on used object privileges
Reporting on unused system privileges
Reporting on unused object privileges
How to revoke unused privileges
Dropping the analysis
8
8. Transparent Data Encryption
8. Transparent Data Encryption
Introduction
Configuring keystore location in sqlnet.ora
Creating and opening the keystore
Setting master encryption key in software keystore
Column encryption - adding new encrypted column to table
Column encryption - creating new table that has encrypted column(s)
Using salt and MAC
Column encryption - encrypting existing column
Auto-login keystore
Encrypting tablespace
Rekeying
Backup and Recovery
9
9. Database Vault
9. Database Vault
Introduction
Registering Database Vault
Preventing users from exercising system privileges on schema objects
Securing roles
Preventing users from executing specific command on specific object
Creating a rule set
Creating a secure application role
Using Database Vault to implement that administrators cannot view data
Running Oracle Database Vault reports
Disabling Database Vault
Re-enabling Database Vault
10
10. Unified Auditing
10. Unified Auditing
Introduction
Enabling Unified Auditing mode
Configuring whether loss of audit data is acceptable
Which roles do you need to have to be able to create audit policies and to view audit data?
Auditing RMAN operations
Auditing Data Pump operations
Auditing Database Vault operations
Creating audit policies to audit privileges, actions and roles under specified conditions
Enabling audit policy
Finding information about audit policies and audited data
Auditing application contexts
Purging audit trail
Disabling and dropping audit policies
11
11. Additional Topics
11. Additional Topics
Introduction
Exporting data using Oracle Data Pump in Oracle Database Vault environment
Creating factors in Oracle Database Vault
Using TDE in a multitenant environment
12
12. Appendix – Application Contexts
12. Appendix – Application Contexts
Introduction
Exploring and using built-in contexts
Creating an application context
Setting application context attributes
Using an application context

Creating password-authenticated users

In this task, you will create several users.

Getting ready

To complete this recipe, you'll need an existing user who has create user privilege (you may use the OS-authenticated user who has the DBA role).

You'll use Oracle Enterprise Manager Database Express 12c (EM Express). To learn more about it (for example, how to configure an HTTPS port for EM Express and how to start it), see the third chapter of the official Oracle guide -Oracle Database 2 Day DBA, 12c Release 1.

How to do it...

  1. Connect to the database as a user who has create user privilege:
           $ sqlplus /
  2. Create a password-authenticated user (for example, username: jessica, password: oracle_1) as follows:
           SQL> create user jessica identified by oracle_1;
  3. Create a password-authenticated user with a more complex password:
           SQL> create user tom identified by "Qax7UnP!123*";
  4. Create a user that uses a specific password profile:
           SQL> create user mike identified by test1 profile
userprofile;
  5. Create a user and force it to change password upon the first login:
           SQL> create user john identified by password1
password expire;
  6. Create a user richard, whose default tablespace is users, temporary tablespace is temp, and who has their quota set to unlimited on the users tablespace:
           SQL> create user richard identified by oracle_2 default
tablespace users temporary tablespace temp quota unlimited
on users;

How it works...

In step 1, you used OS authentication to connect to the database.

In step 2, you created a password-authenticated user jessica with simpler password.

In step 3, you created a password-authenticated user tom with more complex password. In this case (because a password contains special characters), you are using quotation marks (") to enclose the password.

Both of these users are using the default password profile.

In step 4, you created a password-authenticated user with the assigned password profile userprofile.

In step 5, you created user john. This user has to change his password at the first database login.

In step 6, you created the user richard. In the create user statement, quota unlimited on users means that you want to let the user allocate space in the tablespace without bound. The quota clause lets you define the maximum amount of space the user can allocate in the tablespace. You can have multiple quota clauses for multiple tablespaces within one  create user statement. The unlimited tablespace system privilege enables users to have an unlimited quota on all tablespaces in the database.

Note

If you grant unlimited tablespace system privilege to a user and afterwards you revoke it, all explicitly granted quotas will also be revoked.

There's more...

You can also create users using Oracle Enterprise Manager Cloud Control 12c or Oracle Enterprise Manager Database Express 12c (EM Express). Oracle Enterprise Manager Database Control is no longer available in Oracle Database 12c.

How to create a user using EM Express

  1. Start EM Express and log in to it using the user that has either EM_EXPRESS_BASIC or EM_EXPRESS_ALL role (you can use sys or system users, but that isn't recommended):
    How to create a user using EM Express
  2. Select Users from the Security drop-down menu:
    How to create a user using EM Express
  3. Click on the Create User tab:
    How to create a user using EM Express
  4. Enter user details in the pop-up dialog (for example, username: ted, password: oracle_123, here you can also choose the authentication method, password profile, lock account, expire password) leave the default values and click on the Nextbutton (see image here) as follows:
    How to create a user using EM Express
  5. In this step, you can choose default tablespace and temporary tablespace from the drop-down lists. Leave the default values, as shown in the following screenshot:
    How to create a user using EM Express
  6. In this step, you can grant privileges to user ted by selecting them in the left pane and moving them to the right pane (use > button). If you want to revoke privileges, do the opposite (select them in right pane and use < button). When you are satisfied with the list of privileges in the right pane (the ones you are going to grant to user ted), click on the OK button as follows:
    How to create a user using EM Express
  7. A pop-up window confirmation should appear with the following message: SQL statement has been processed successfully.

Click on the OK button to close the window.

See also

  • Creating and using OS-authenticated users
End of Section 4
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete