Session_12 - Database Security Oracle Label Based Security Continued Session 12 Set User Privileges EXECUTE

Info iconThis preview shows pages 1–10. Sign up to view the full content.

View Full Document Right Arrow Icon
Database Security Oracle Label Based Security Continued Session 12
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Set User Privileges EXECUTE SA_USER_ADMIN.SET_USER_PRIVS ('TEST', 'CHARLES', 'PRIVILEGES'); WHERE PRIVILEGES = FULL, COMPACCESS, WRITEUP, WRITEDOWN, WRITEACROSS, AND PROFILE_ACCESS)
Background image of page 2
Privileges PROFILE_ACCESS Allows a session to change its labels and privileges to those of a different user FULL Allows full read and write access to all data protected by the policy READ Allows read access to all data protected by the policy WRITEUP Allows users to set or raise only the level, within a row label, up to the maximum level authorized for the user. (With LABEL_UPDATE enforcement.)
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Privileges WRITEDOWN Allows users to set or lower the level, within a row label, to any level equal to or greater than the minimum level authorized for the user. (With LABEL_UPDATE enforcement.) WRITEACROSS Allows a user to set or change groups and compartments of a row label, but does not allow changes to the level. (With LABEL_UPDATE enforcement.) COMPACCESS Allows a session access to data authorized by the row's compartments, independent of the row's groups
Background image of page 4
ASSUMING AUTHORIZATIONS AND PRIVILEGES OF ANOTHER USER EXECUTE SA_SESSION.SET_ACCESS_PROFILE(' TEST', 'CHARLES'); Current user now has Charles’ authorizations and privileges
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
IDENTIFYING CURRENT ORACLE LABEL SECURITY USER SELECT SA_SESSION.SA_USER_NAME('TEST') FROM DUAL;
Background image of page 6
DBA_SA_USERS SELECT * FROM DBA_SA_USERS Displays the Values Assigned for Privileges, Level, Compartments, and Groups All Together SQL> SELECT USER_NAME FROM DBA_SA_USERS USER_NAME ------------------------------ ABLE BAKER CHARLES
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
DBA_SA_USER_LEVELS SQL> SELECT * FROM DBA_SA_USER_LEVELS: POLICY_NAME USER_NAME MAX_LEVEL MIN_LEVEL DEF_LEVEL ROW_LEVEL ------- ---------- ---------- ---------- ---------- ---- TEST ABLE C S C S TEST BAKER C S C S TEST CHARLES SE U SE C
Background image of page 8
DBA_SA_USER_COMPARTMENTS SQL> SELECT * FROM DBA_SA_USER_COMPARTMENTS; POLICY_NAME USER_NAME COMP RW_AC DEF_COMP ROW_COMP ----------- ---------- ---------- ----- ---------- ---------- TEST BAKER NOFO WRITE Y Y TEST ABLE ATOM WRITE N N TEST BAKER ATOM WRITE Y Y TEST CHARLES ATOM WRITE Y Y TEST ABLE CYBR WRITE N N TEST BAKER CYBR READ Y N TEST ABLE VEGAS READ Y N TEST BAKER VEGAS WRITE Y Y TEST ABLE NATO WRITE Y Y TEST BAKER NATO WRITE Y Y TEST CHARLES NATO READ Y N 11 rows selected.
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 10
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/23/2009 for the course DBST dbst 668 taught by Professor Yelena - ta during the Spring '09 term at MD University College.

Page1 / 35

Session_12 - Database Security Oracle Label Based Security Continued Session 12 Set User Privileges EXECUTE

This preview shows document pages 1 - 10. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online