Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authorization in Oracle Part 1 Ji-WonMahesh. Sources Starting source: Starting source: Oracle Database – Security Guide Oracle Database – Security Guide.

Published byGerald Wesley Young Modified over 8 years ago

Similar presentations

Presentation on theme: "Authorization in Oracle Part 1 Ji-WonMahesh. Sources Starting source: Starting source: Oracle Database – Security Guide Oracle Database – Security Guide."— Presentation transcript:

1 Authorization in Oracle Part 1 Ji-WonMahesh

2 Sources Starting source: Starting source: Oracle Database – Security Guide Oracle Database – Security Guide 10g Release 1 (10.1) (Dec 2003) 10g Release 1 (10.1) (Dec 2003) Other sources: Other sources: Oracle SQL, PL/SQL Ref. Oracle SQL, PL/SQL Ref. Hacking via SQL*Plus sessions Hacking via SQL*Plus sessions Random webpages… Random webpages… Have not yet looked through ANSI SQL standard. Have not yet looked through ANSI SQL standard.

3 Approaches Oracle Enterprise Security Manager Oracle Enterprise Security Manager LDAP v3 compliant Oracle thing LDAP v3 compliant Oracle thing Can store “ACLs” Can store “ACLs” SQL*Plus – grant/revoke SQL*Plus – grant/revoke PL/SQL – Encapsulation of privileges PL/SQL – Encapsulation of privileges VPD VPD

4 RBAC Orthogonal/complementary feature – Roles Orthogonal/complementary feature – Roles How roles can be defined (e.g., can adopt UNIX groups as DB roles) How roles can be defined (e.g., can adopt UNIX groups as DB roles) “Secure application roles” – “Multi-tier authorization” “Secure application roles” – “Multi-tier authorization” Restricted use of inherited privileges Restricted use of inherited privileges E.g., need explicitly granted rights on base objects to include in view E.g., need explicitly granted rights on base objects to include in view Subtleties when it comes to stored procedures Subtleties when it comes to stored procedures named and anonymous PL/SQL blocks named and anonymous PL/SQL blocks E.g. cannot set roles within a definer’s rights procedure E.g. cannot set roles within a definer’s rights procedure

5 Privileges System Privilege System Privilege E.g., create view E.g., create view Schema object privilege Schema object privilege E.g., select E.g., select Includes table, view, procedure, type Includes table, view, procedure, type Two kinds of table privileges: Two kinds of table privileges: DML – select, insert, update, delete DML – select, insert, update, delete DDL – alter, index, references DDL – alter, index, references

6 Overview of “demo” Base table privileges: Base table privileges: Overlapping rights Overlapping rights Cascading and coarse-grained revoke Cascading and coarse-grained revoke “grant any object privilege” “grant any object privilege” Views: Views: Minimum privileges Minimum privileges Operations on join views Operations on join views Revocation – dichotomy Revocation – dichotomy

7 Overview (contd.) Stored Procedures Stored Procedures Definer/invoker rights does not seem to apply to “execute” privilege Definer/invoker rights does not seem to apply to “execute” privilege

8 Demo > >

Download ppt "Authorization in Oracle Part 1 Ji-WonMahesh. Sources Starting source: Starting source: Oracle Database – Security Guide Oracle Database – Security Guide."

Similar presentations

14-1 Copyright  Oracle Corporation, 1998. All rights reserved. Privileges Database security: – System security – Data security System privileges: Gain.

14-1 Copyright  Oracle Corporation, All rights reserved. Privileges Database security: – System security – Data security System privileges: Gain.
13 Copyright © Oracle Corporation, 2001. All rights reserved. Controlling User Access.

13 Copyright © Oracle Corporation, All rights reserved. Controlling User Access.
Basic SQL Introduction Presented by: Madhuri Bhogadi.

Basic SQL Introduction Presented by: Madhuri Bhogadi.
Transaction Processing. Objectives After completing this lesson, you should be able to do the following: –Define transactions effectively for an application.

Transaction Processing. Objectives After completing this lesson, you should be able to do the following: –Define transactions effectively for an application.
Chapter 9: Advanced SQL and PL/SQL Topics Guide to Oracle 10g.

Chapter 9: Advanced SQL and PL/SQL Topics Guide to Oracle 10g.
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.

Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.
Dec 15, 2003Murali Mani Transactions and Security B term 2004: lecture 17.

Dec 15, 2003Murali Mani Transactions and Security B term 2004: lecture 17.
Presented By: Matthew Garrison. Basics of Role Based Access Control  Roles are determined based on job functions within a given organization  Users.

Presented By: Matthew Garrison. Basics of Role Based Access Control  Roles are determined based on job functions within a given organization  Users.
By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.

By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.
CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.

CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.
Database Technical Session By: Prof. Adarsh Patel.

Database Technical Session By: Prof. Adarsh Patel.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.
CSIS 4310 – Advanced Databases Virtual Private Databases.

CSIS 4310 – Advanced Databases Virtual Private Databases.
Copyright س Oracle Corporation, 1998. All rights reserved. 14 Controlling User Access.

Copyright س Oracle Corporation, All rights reserved. 14 Controlling User Access.
Database Programming Sections 13–Creating, revoking objects privileges.

Database Programming Sections 13–Creating, revoking objects privileges.
11 Copyright س Oracle Corporation, 2000. All rights reserved. ® Overview of PL/SQL.

11 Copyright س Oracle Corporation, All rights reserved. ® Overview of PL/SQL.
7 Copyright © 2004, Oracle. All rights reserved. Administering Users.

7 Copyright © 2004, Oracle. All rights reserved. Administering Users.
Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.

Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.
DCL/1 Data Control Language Objectives –To learn about the security mechanisms implemented in an RDBMS and how to use them Contents –Identifying Users.

DCL/1 Data Control Language Objectives –To learn about the security mechanisms implemented in an RDBMS and how to use them Contents –Identifying Users.

Similar presentations

Ads by Google