DBS_2 - Database security entails allowing or disallowing...

This preview shows page 1 - 3 out of 10 pages.

Database security entails allowing or disallowing user actions on the database and the objects within it. Oracle uses schemas and security domains to control access to data and to restrict the use of various database resources. Oracle provides comprehensive discretionary access control. Discretionary access control regulates all user access to named objects through privileges. A privilege is permission to access a named object in a prescribed manner; for example, permission to query a table. Privileges are granted to users at the discretion of other users. • Secrecy: Users should not be able to see things they are not supposed to. • E.g., A student can’t see other students’ grades. • Integrity: Users should not be able to modify things they are not supposed to. • E.g., Only instructors can assign grades. • Availability: Users should be able to see and modify things they are allowed to. Database Users and Schemas Each Oracle database has a list of user names. To access a database, a user must use a database application and attempt a connection with a valid user name of the database. Each user name has an associated password to prevent unauthorized use. Security Domain Each user has a security domain—a set of properties that determine such things as: • The actions (privileges and roles) available to the user • The tablespace quotas (available disk space) for the user • The system resource limits (for example, CPU processing time) for the user Each property that contributes to a user's security domain is discussed in the following sections.
Image of page 1

Subscribe to view the full document.

Privileges A privilege is a right to run a particular type of SQL statement. Some examples of privileges include the right to: • Connect to the database (create a session) • Create a table in your schema • Select rows from someone else's table • Run someone else's stored procedure Roles Oracle provides for easy and controlled privilege management through roles. Roles are named groups of related privileges that you grant to users or other roles. Storage Settings and Quotas You can direct and limit the use of disk space allocated to the database for each user, including default and temporary tablespaces and tablespace quotas. Auditing Policy Security administrators should define a policy for the auditing procedures of each database. You may decide to have database auditing disabled unless questionable activities are suspected. When auditing is required, decide what level of detail to audit the database; usually, general system auditing is followed by more specific types of auditing after the origins of suspicious activity are determined. Auditing is discussed in the following section. Overview of Database Auditing Auditing is the monitoring and recording of selected user database actions. It can be based on individual actions, such as the type of SQL statement run, or on combinations of factors that can include name, application, time, and so on. Security policies can cause auditing when
Image of page 2
Image of page 3
  • Spring '13
  • Mandatory Access Control, privileges, grant option

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern