TAILIEUCHUNG - Applied Oracle Security: Developing Secure Database and Middleware Environments- P16
Applied Oracle Security: Developing Secure Database and Middleware Environments- P16:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 124 Part II Oracle Database Vault FIGURE 5-5 Sales History realm all of one object owner Creating Your First Realm You can protect and audit access to sensitive financial data in a configuration with a few steps. The protection offers compliance-focused safeguards against insider threats and elevates the integrity posture of the data to avoid accidental or malicious destruction of the data. An example shows how the protection is implemented by the security administrator and not the standard database administrator demonstrating how DBV satisfies separation of duty requirements. The first step in naming a realm allows you to identify data boundaries irrespective of ownership or control as in the case of the Order Management realm. Realms are also verifiable from audit and compliance perspectives because you can define the DBV auditing behavior for any commands executed against objects protected by the realm when you define the realm. Realm auditing can be configured for the realm so that audit records are generated if a command is disallowed by the realm s controls called a realm violation . Let s look at a simple example creating a realm for the Sales History SH schema to remove access to the Sales History data from an account such as SYSTEM and roles such as DBA. First we log into the database using the DBV owner account named DBVOWNER and create the realm dbvowner@aos BEGIN realm_name Sales History description Annual quarterly monthly and weekly sales figures by product enabled audit_options END PL SQL procedure successfully completed. Chapter 5 Database Vault Fundamentals 125 The DBVOWNER account was specified as the DBV owner during DBV installation and is the initial account that can administer the DBV configuration. DBV realm configuration can be performed using the DVA web application or the administration package discussed in Chapter 4. The PL SQL package .
đang nạp các trang xem trước