Đang chuẩn bị liên kết để tải về tài liệu:
Applied Oracle Security: Developing Secure Database and Middleware Environments- P28

Không đóng trình duyệt đến khi xuất hiện nút TẢI XUỐNG Tải xuống

Applied Oracle Security: Developing Secure Database and Middleware Environments- P28:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 244 Part II Oracle Database Vault jean_oper_dba@aos GRANT CREATE SESSION TO sh Grant succeeded. jean_oper_dba@aos -- connect as our object-owner jean_oper_dba@aos -- account and create or application s objects jean_oper_dba@aos CONNECT sh Enter password Connected. sh@aos -- install our application objects sh@aos @install_sales_history_objects.sql Table created. Table created. Sequence created. View created. sh@aos -- now protect the application s objects in a DBV realm sh@aos CONNECT dbvowner Enter password dbvowner@aos BEGIN dbms_macadm.create_realm realm_name Sales History description Annual quarterly monthly and weekly sales figures by product enabled DBMS_MACUTL.G_YES audit_options DBMS_MACUTL.G_REALM_AUDIT_FAIL END PL SQL procedure successfully completed. BEGIN dbms_macadm.add_object_to_realm A realm_name Sales History object_owner SH object_name object_type END PL SQL procedure successfully completed. -- we typically authorize the object-owner account in the realm -- if application code performs DDL activity on the realm BEGIN dbms_macadm.add_auth_to_realm realm_name Sales History grantee SH rule_set_name NULL auth_options DBMS_MACUTL.G_REALM_AUTH_OWNER END PL SQL procedure successfully completed. Chapter 6 Applied Database Vault for Custom Applications 245 Create Realm-based Application Database Administrators We mentioned earlier that DBV comes with a predefined role named DV_REALM_OWNER that works nicely with the application database administrator concept. We do not want to grant the DV_REALM_OWNER role directly to the accounts and then authorize the accounts in the realm as this yields higher maintenance costs on the DBV policy side for account provisioning. We also do not want to authorize the DV_REALM_OWNER role in each realm as this would provide access to all realms for anyone that has been granted this role. The solution is to define an application-centric role name for this administrator for each realm and simply grant this DV_ REALM_OWNER role to .