TAILIEUCHUNG - Applied Oracle Security: Developing Secure Database and Middleware Environments- P27

Applied Oracle Security: Developing Secure Database and Middleware Environments- P27:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 234 Part II Oracle Database Vault END PL SQL procedure successfully completed. These additional identities for the Client_IP and Session_User factors could also be incorporated into the Connection_Type DBV identity map presented in Chapter 5 to establish new connection classifications of INTERNAL_WEB and EXTERNAL_WEB. Read-only Application Users and Read-write Application Users Read-only application users are typically found in reporting systems or in a privilege set that is assigned to a partner application for a consolidated database with integrated object-owner accounts. For example we may define an HR read-only role for access to the objects in the HR schema and grant this HR read-only role to the SH schema or a SH-related read-write role. Read-write application users are typically found in transactional database systems as they require INSERT UPDATE and DELETE commands against objects an application s object-owner account. The users might also have access to execute PL SQL procedures that are required to participate in the transactional nature of the system especially in packaged applications for human resources or finance. The first things to consider before we create the end user access roles are the object access behaviors the Verb-Object tables discussed earlier the actors invoke in the use cases we defined for our system. In our notional use case we ve defined SELECT read on several objects such as Products Channels and Promotions in the SH schema as well as INSERT write on the object Product Cost. We also know that additional use cases in our system such as the internal and external web services will query Sales History objects. It becomes evident as we examine the Subject-Verb-Object-Condition tables we create that each use case will exhibit the need for read-only and read-write role pattern from Chapter 1. The difference among the use cases is the objects that are read from or written to. It is perfectly acceptable to define the read-only or read-write