TAILIEUCHUNG - Applied Oracle Security: Developing Secure Database and Middleware Environments- P30
Applied Oracle Security: Developing Secure Database and Middleware Environments- P30:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 264 Part II Oracle Database Vault END PL SQL procedure successfully completed. diego_dbvmgr@aos BEGIN realm_name Order Entry object_owner OE object_name object_type END PL SQL procedure successfully completed. diego_dbvmgr@aos BEGIN realm_name Order Entry grantee OE rule_set_name NULL auth_options END PL SQL procedure successfully completed. diego_dbvmgr@aos -- the account is also able to grant the DV_OWNER or diego_dbvmgr@aos -- DV_ADMIN role resulting in a named account that diego_dbvmgr@aos -- is able to perform DBV Security administration diego_dbvmgr@aos -- as well as delegate that administration diego_dbvmgr@aos GRANT dv_owner TO scott Grant succeeded. Create Application Read-only Read-write and Execute Application Roles for End User Access Accounts To create read-only read-write and execute application roles for end user access accounts we have to understand the static or dynamic nature of the owner-owner accounts and objects being accessed by these accounts. Earlier we stated that we should create a finite set of roles that use direct object privileges for accounts and objects that are static in nature. These types of roles should also be protected in the same DBV realm that protects the objects to which these roles are granted privileges. The following example demonstrates the use of a direct object privileges granted to the end user access roles for our Sales History schema jean_oper_dba@aos -- create the read-only SH application role jean_oper_dba@aos CREATE ROLE sh_ro_role_0101 Role created. jean_oper_dba@aos REVOKE sh_ro_role_0101 FROM jean_oper_dba Revoke succeeded. jean_oper_dba@aos -- create the read-write SH application role jean_oper_dba@aos CREATE ROLE sh_rw_role_0101 Role created. jean_oper_dba@aos REVOKE sh_rw_role_0101 FROM jean_oper_dba Chapter 6 Applied Database Vault for Custom Applications 265 Revoke succeeded. jean_oper_dba@aos -- create the .
đang nạp các trang xem trước