You can retrieve session information about a user, such as the user name or terminal, and restrict database and application access for that user based on this information. Database access on the row and column level using Virtual Private Database. You can disguise data on the network to prevent unauthorized access to that data. Auditing database activities.
- Ladybird Tales: The Big Pancake.
- No Womans Land: On the Frontlines with Female Reporters.
You can audit database activities in general terms, such as auditing all SQL statements, SQL privileges, schema objects, and network activity. Or, you can audit in a granular manner, such as when the IP addresses from outside the corporate network is being used. This chapter also explains how to purge the database audit trail. Appendix P, "Verifying Security Access with Auditing" describes how to enable and configure database auditing. In addition, Chapter 10, "Keeping Your Oracle Database Secure" provides guidelines that you should follow when you secure your Oracle Database installation.
In addition to the security resources described in this guide, Oracle Database provides the following database security products:. Advanced security features. Oracle Label Security. Oracle Label Security secures database tables at the row level, allowing you to filter user access to row data based on privileges. Oracle Database Vault. Oracle Database Vault provides fine-grained access control to your sensitive data, including protecting data from privileged users.
Oracle Audit Vault. Oracle Audit Vault collects database audit data from sources such as Oracle Database audit trail tables, database operating system audit files, and database redo logs. Using Oracle Audit Vault, you can create alerts on suspicious activities, and create reports on the history of privileged user changes, schema modifications, and even data-level access. Oracle Enterprise User Security. This allows specific control of a user's privileges in any given situation. For example, you can protect role use with a password.
Applications can be created specifically to enable a role when supplied the correct password; that way, users cannot enable the role if they do not know the password. Here, each individual has only the privileges necessary to perform his or her job. Global roles are one component of enterprise user security. A global role only applies to one database, but it can be granted to an enterprise role defined in the enterprise directory. Although a global role is managed in a directory, its privileges are contained within a single database--the database in which it is defined. You define the global role locally in the database by granting privileges and roles to it, but you cannot actually grant the global role to any user or to any other role in the database.
When an enterprise user attempts to connect to the database, the directory is queried to obtain any global roles associated with the user. An enterprise role is a directory structure that can contain global roles on multiple databases and that can be granted to enterprise users. By storing and managing enterprise roles in an LDAP-based directory service, you can centralize management of user-related information, including authorizations. For example, the enterprise role clerk could contain the global role hrclerk with its unique privileges on the Human Resources database, and the analyst role with its unique privileges on the Payroll database.
An enterprise role can be granted to or revoked from one or more enterprise users. For example, you could grant the enterprise role clerk to a number of enterprise users who hold the same job. This information is protected in the directory, and only you, as the administrator, can manage users and grant and revoke their roles. A user can be granted local roles and privileges in a database, in addition to enterprise roles.
Zero Data Loss Recovery Appliance Family
A long-standing security problem has been that of limiting how users access data, to prevent users from bypassing application logic to access data directly. For example, in web-based applications, even if users are known to the database, it may not be desirable to allow them to have direct access to data.
To date, this has been a very difficult security problem to solve, because there has been no secure way to validate which application is used to access data. For example, a malicious user could write a program that appears to be a valid human resources application. One way to address this challenge is through a secure application role: a role implemented by a package. The package can perform any desired validation to ensure that the appropriate conditions are met before the user can exercise privileges granted to the role in the database.
Because Recovery Is Everything
The database ensures that it is only the trusted package implementing the role that determines the correct access conditions. A secure application role is used by an application, can only be enabled by the application, and does not need a password. Through stored procedures you can restrict the database operations that users can perform. You can allow them to access data only through procedures and functions that execute with the definer's privileges.
For example, you can grant users access to a procedure that updates a table, but not grant them access to the table itself. When a user invokes the procedure, the procedure executes with the privileges of the procedure's owner. Users who have only the privilege to execute the procedure but not the privileges to query, update, or delete from the underlying tables can invoke the procedure, but they cannot manipulate table data in any other way.
Database roles can potentially be mapped to external services such as DCE groups and RADIUS authorizations so that you can centrally manage and administer privileges for all network resources--of which databases are only one piece. Rather than granting users privileges on a particular table, you can give them access to a view of the table.
- Food: Youre the Boss. Put It To Work For You?
- In the Spotlight?
- Der Wärter: Thriller (Charles-Hardie-Trilogie 2) (German Edition).
- Comprehensive Defense in Depth.
- The Rabbi Bunnit: Historian at Large.
Views add two more levels of security:. To use a view requires appropriate privileges only for the view itself. The user need not be given privileges on base objects underlying the view. Notice that the view shows only five of the columns in the base table. A much more granular form of data access is row level access.
For any table with data, access to particular rows can be based on such considerations as the department to which employees belong, their job responsibility or title, or other significant factors. In the past, complex and dynamic views have been used to implement row level security. There are, however, two more effective approaches to this problem: Virtual Private Database VPD , in which you create your own implementation of row level security; and label-based access control, in which you customize a ready-made VPD policy to accomplish this.
This section describes these alternative approaches. Complex views and dynamic views are among the historical approaches to row level security. Complex view definitions result when application designers build their own user security tables and join the application tables with the new security table based on the name of the application user. This approach usually requires many complex view definitions that must be maintained as security requirements change. Another approach is dynamic view creation. This approach uses dynamic DDL execution utilities to define new view definitions based on the identity of the application user.
Using dynamic views, however, is costly and time consuming. Virtual Private Database is the ability to perform query modification based on a security policy you have defined in a package, and associated with a table, view, or synonym. Virtual private database provides fine-grained access control that is data-driven, context-dependent, and row-based. It is a key enabling technology in building three-tier systems that expose mission-critical resources to customers and partners.
Label-based access control allows organizations to assign sensitivity labels to data rows, control access to data based on those labels, and ensure that data is marked with the appropriate sensitivity label. The most familiar example of this is perhaps the security classification system used by the United States and other governments. Access to data labeled at a certain level such as SECRET is restricted to those users who have been granted that level of access or higher.
While e-businesses do not typically have label data classification systems, they almost always have data labeling requirements. For example, an e-business may differentiate between Company Confidential information and Public information. Further, there may be some Company Confidential information that can be shared with partners, under a Confidential Disclosure Agreement or other legal document, while other information is only accessible by certain groups within the company such as Finance or Sales divisions.
The ability to natively manage labeled data is a tremendous advantage for e-businesses in providing the right information to the right people at the right level of secure data access. Encryption is a technique of encoding data, so that only authorized users can understand it. Encryption alone, however, is not sufficient to secure your data. Protecting data in the database includes access control, data integrity, encryption, and auditing.
This section includes:. For certain applications, you may decide to encrypt data as an additional measure of security. Most issues of data security can be handled by appropriate authentication and access control, ensuring that only properly identified and authorized users can access data. Data in the database, however, cannot normally be secured against the database administrator's access, since a DBA has all privileges.
Introduction to Oracle Database Security
Likewise, organizations may have concerns about securing sensitive data stored offline, such as backup files stored with a third party. They may want to guard against intruders accessing the data where it is physically stored on the database. Although encryption is not a substitute for effective access control, you can obtain an additional measure of security by selectively encrypting sensitive data before it is stored in the database. Information that may be especially sensitive and warrant encryption could include credit card numbers, national identity numbers in countries with strict privacy laws, or trade secrets, such as industrial formulas.
Applications for which a user is authenticated to the application, rather than to the database, may also use encryption to protect the application user password or cookie. A number of industry-standard encryption algorithms are useful for the encryption and decryption of data on the server. Two of the most popular are:. Note that the RC4 encryption algorithm is a stream cipher, and therefore not suitable for encryption in the database. It is useful for network encryption.
Database integrity ensures that data in the database is correct and consistent.