Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.
-
Upload
blaze-lloyd -
Category
Documents
-
view
217 -
download
4
Transcript of Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.
![Page 1: Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649f305503460f94c4a6a2/html5/thumbnails/1.jpg)
Nitin Singh/AAO RTI ALLAHABADNitin Singh/AAO RTI ALLAHABAD 11
DATABASE SECURITYDATABASE SECURITY
![Page 2: Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649f305503460f94c4a6a2/html5/thumbnails/2.jpg)
Nitin Singh/AAO RTI ALLAHABADNitin Singh/AAO RTI ALLAHABAD 22
OBJECTIVESOBJECTIVES
• What is Database security
• Creating user
• Modifying user
• Dropping user
• Creating profile
• Previliges and roles
• Granting of roles to user
![Page 3: Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649f305503460f94c4a6a2/html5/thumbnails/3.jpg)
33Nitin Singh/AAO RTI ALLAHABADNitin Singh/AAO RTI ALLAHABAD
Database SecurityDatabase Security
(a) Manage Users(a) Manage Users
(b) Manage Resource(b) Manage Resource
(c) ROLEs & PRIVILEGEs(c) ROLEs & PRIVILEGEs
![Page 4: Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649f305503460f94c4a6a2/html5/thumbnails/4.jpg)
Nitin Singh/AAO RTI ALLAHABADNitin Singh/AAO RTI ALLAHABAD 44
CREATE USERCREATE USERCREATE USER test IDENTIFIED BY test DEFAULT TABLESPACE USERS TEMPORARY TABLESPACE TEMP PROFILE DEFAULT
QUOTA 1M ON USERS
QUOTA 2M ON TEMP;
![Page 5: Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649f305503460f94c4a6a2/html5/thumbnails/5.jpg)
Nitin Singh/AAO RTI ALLAHABADNitin Singh/AAO RTI ALLAHABAD 55
Considerations Considerations
• Specify DEFAULT & TEMP• Otherwise SYSTEM tablespace will be
used, which is not recommended• Quota must be provided to allow user to
store objects in specified tablespace
• Profile to restrict usage of system resources
![Page 6: Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649f305503460f94c4a6a2/html5/thumbnails/6.jpg)
Nitin Singh/AAO RTI ALLAHABADNitin Singh/AAO RTI ALLAHABAD 66
MODIFY USERMODIFY USER
• GRANT CONNECT TO TEST;
• ALTER USER TEST DEFAULT ROLE ALL;
• GRANT DBA TO TEST;
With DBA ROLE user gets an UNLIMITED QUOTA on every tablespace
![Page 7: Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649f305503460f94c4a6a2/html5/thumbnails/7.jpg)
Nitin Singh/AAO RTI ALLAHABADNitin Singh/AAO RTI ALLAHABAD 77
Security IssuesSecurity Issues
• A USER is A SCHEMA
• A USER has FULL access on the OBJECTS in her SCHEMA
• Password is stored in Data Dictionary
• A USER can always CHANGE his Password
![Page 8: Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649f305503460f94c4a6a2/html5/thumbnails/8.jpg)
Nitin Singh/AAO RTI ALLAHABADNitin Singh/AAO RTI ALLAHABAD 88
Dropping A UserDropping A User
• User’s Schema is removed from Data Dictionary
• Cannot Drop a Active User
• Use Cascade to Drop all Schema Objects
![Page 9: Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649f305503460f94c4a6a2/html5/thumbnails/9.jpg)
Nitin Singh/AAO RTI ALLAHABADNitin Singh/AAO RTI ALLAHABAD 99
Resource Limit & ProfilesResource Limit & Profiles
• To optimize the usage of System Resources• Profile is a set of Resource Limits assigned to
each user• Resource Control Level
(a) Session Level(b) Call Level
• Resources : CPU time, Logical Reads, Others (Idle Time, No of concurrent sessions per user, Elapsed time per session )
![Page 10: Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649f305503460f94c4a6a2/html5/thumbnails/10.jpg)
Nitin Singh/AAO RTI ALLAHABADNitin Singh/AAO RTI ALLAHABAD 1010
CREATE ProfileCREATE Profile
CREATE PROFILE MYPROFILE LIMIT CPU_PER_SESSION 10 CPU_PER_CALL 25CONNECT_TIME 5 IDLE_TIME 1 SESSIONS_PER_USER 2;
![Page 11: Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649f305503460f94c4a6a2/html5/thumbnails/11.jpg)
Nitin Singh/AAO RTI ALLAHABADNitin Singh/AAO RTI ALLAHABAD 1111
Oracle ProfilesOracle Profiles• Profiles enable you to set limits on:
• sessions_per_user• CPU_per_session• CPU_per_call• logical_reads_per_session• logical_reads_per_call• idle_time• connect_time
![Page 12: Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649f305503460f94c4a6a2/html5/thumbnails/12.jpg)
Nitin Singh/AAO RTI ALLAHABADNitin Singh/AAO RTI ALLAHABAD 1212
Oracle ProfilesOracle Profiles• Most popular:
• sessions_per_user
• idle_time
• Sessions_Per_user– prevent one runaway user from consuming all Oracle
processes– Example syntax:
alter profile default sessions_per_user 4;
• Idle_Time– useful when memory is in shortage
![Page 13: Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649f305503460f94c4a6a2/html5/thumbnails/13.jpg)
Nitin Singh/AAO RTI ALLAHABADNitin Singh/AAO RTI ALLAHABAD 1313
PRIVILEGES & ROLESPRIVILEGES & ROLES
• Privilege is right to execute a particular type SQL or access another user’s object
e.g, the right to CREATE TABLE• SYSTEM Privileges (ALTER SESSION)
• OBJECT Privileges (INSERT ON
SCOTT.EMP)• GRANT privileges to USER or a ROLE
(named group of privileges)
![Page 14: Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649f305503460f94c4a6a2/html5/thumbnails/14.jpg)
Nitin Singh/AAO RTI ALLAHABADNitin Singh/AAO RTI ALLAHABAD 1414
CREATE ROLECREATE ROLE
CREATE ROLE test NOT IDENTIFIED;
GRANT “CONNECT” TO “TEST”;
GRANT ALTER ANY TABLE TO “TEST”;
GRANT INSERT ON SCOTT.EMP TO TEST;
Assigning
(a) ROLE to a ROLE
(b) OBJECT Privilege to a ROLE
(c) SYSTEM Privilege to a ROLE
![Page 15: Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649f305503460f94c4a6a2/html5/thumbnails/15.jpg)
Nitin Singh/AAO RTI ALLAHABADNitin Singh/AAO RTI ALLAHABAD 1515
DEFAULT ROLESDEFAULT ROLES
• CONNECT
• DBA (All System Privileges with Admin)
• RESOURCE
• EXP_FULL_DATABASE
• IMP_FULL_DATABASE
Query DBA_TAB_PRIVS, DBA_ROLE_PRIVS,SESSION_PRIVS
![Page 16: Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649f305503460f94c4a6a2/html5/thumbnails/16.jpg)
Nitin Singh/AAO RTI ALLAHABADNitin Singh/AAO RTI ALLAHABAD 1616
Listing User InfoListing User Info
• ALL_, DBA_, USER_ + USERS• USER_TS_QUOTAS• USER_RESOURCE_LIMITS• DBA_PROFILES• RESOURCE_COST• V$SESSION V$SESSTAT• V$STATNAME
![Page 17: Nitin Singh/AAO RTI ALLAHABAD1 DATABASE SECURITY DATABASE SECURITY.](https://reader036.fdocuments.us/reader036/viewer/2022082820/56649f305503460f94c4a6a2/html5/thumbnails/17.jpg)
Nitin Singh/AAO RTI ALLAHABADNitin Singh/AAO RTI ALLAHABAD 1717
ROLEs Granted to UserROLEs Granted to User
• SELECT * FROM SYS.DBA_ROLE_PRIVS WHERE GRANTEE = ‘SCOTT’;
(Roles Granted to SCOTT)
• SELECT * FROM SYS.DBA_TS_QUOTAS;
(Each User’s TS quotas)