Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Applied Oracle Security: Developing Secure Database and Middleware Environments- P29:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 254 Part II Oracle Database Vault Grant succeeded. jean_oper_dba@aos GRANT DROP ANY TABLE TO base_maint_admin_0101 Grant succeeded. jean_oper_dba@aos GRANT DROP ANY TRIGGER TO base_maint_admin_0101 Grant succeeded. jean_oper_dba@aos GRANT DROP ANY TYPE TO base_maint_admin_0101 Grant succeeded. jean_oper_dba@aos GRANT DROP ANY VIEW TO base_maint_admin_0101 Grant succeeded. jean_oper_dba@aos create the role for the Sales History realm jean_oper_dba@aos -- and grant the base role jean_oper_dba@aos CREATE ROLE sh_maint_admin_0101 Role created. jean_oper_dba@aos REVOKE sh_maint_admin_0101 FROM jean_oper_dba Revoke succeeded. jean_oper_dba@aos GRANT base_maint_admin_0101 TO sh_maint_admin_0101 Grant succeeded. This administrator s privileges basically allow CREATE ALTER and DROP of objects that are owned by an application schema and protected by a realm. We now protect the base role and application role as realm-secured objects within the appropriate realm and authorize the application administration role in the realm as a realm participant. We are not concerned about privilege escalation as this administrator does not have the underlying system privileges to grant privileges or roles. dbvowner@aos authorize the Sales History maintenance dbvowner@aos administrator role in the realm dbvowner@aos BEGIN dbms_macadm.add_auth_to_realm realm_name Sales History grantee SH_MAINT_ADMIN_0101 rule_set_name NULL auth_options dbms_macutl.g_realm_auth_participant END PL SQL procedure successfully completed. dbvowner@aos protect the Sales History maintenance dbvowner@aos administrator role in the realm dbvowner@aos BEGIN dbms_macadm.add_object_to_realm realm_name Sales History object_owner SH object_name SH_MAINT_ADMIN_0101 object_type ROLE END PL SQL procedure successfully completed. dbvowner@aos -- protect the base application maintenance role dbvowner@aos -- in the Oracle Data Dictionary realm Chapter 6 Applied Database Vault for Custom Applications 255 BEGIN .