advanced databases dba: security 1. advanced databases agenda understand the need for security....

12
Advanced Databases DBA: Security 1

Upload: kristopher-parrish

Post on 19-Jan-2016

217 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Advanced Databases DBA: Security 1. Advanced Databases Agenda Understand the need for security. Learn about System Permissions and Object permissions

Advanced Databases 1

DBA: Security

Page 2: Advanced Databases DBA: Security 1. Advanced Databases Agenda Understand the need for security. Learn about System Permissions and Object permissions

Advanced Databases 2

Agenda

• Understand the need for security.• Learn about System Permissions

and Object permissions.• Understand the purpose of Roles.• Explore Security-focused SQL.

Page 3: Advanced Databases DBA: Security 1. Advanced Databases Agenda Understand the need for security. Learn about System Permissions and Object permissions

Advanced Databases

Guide to Oracle 10g

3

Data Admin –vs- DB Admin

Data Administration

• Owns the DATA• High-level function• Policy & Procedure

Planning• DBMS independent• Strategic• Maps out Security

Plans

Database Administration

• Owns the Database• Technical function• Policy &Procedure

Enforcement• DBMS dependent• Tactical• Carries out Security

Plans

Page 4: Advanced Databases DBA: Security 1. Advanced Databases Agenda Understand the need for security. Learn about System Permissions and Object permissions

Advanced Databases

Guide to Oracle 10g

4

Data Admin Matrix

• Data Security documentation tool.• Crafted by DA, Carried out by DBA.

Role Object(s) Permissions

OrderEntry

OrdersOrder Items

Insert, Read

Credit Approval

Customers Update

Page 5: Advanced Databases DBA: Security 1. Advanced Databases Agenda Understand the need for security. Learn about System Permissions and Object permissions

Advanced Databases 5

Security Explained via Cheezy Graphic

UserSystemPrivilege

RoleObject

Page 6: Advanced Databases DBA: Security 1. Advanced Databases Agenda Understand the need for security. Learn about System Permissions and Object permissions

Advanced Databases 6

Specifying System Privileges

• System privilege– Right to perform a specific action– DBA grants system privileges to users or roles– Use System Privileges page in Create User

page

• Object privilege– Associated permissions of an object– DBA or users grant to users or roles

• Admin Option- gives user permissions to grant rights.

Page 8: Advanced Databases DBA: Security 1. Advanced Databases Agenda Understand the need for security. Learn about System Permissions and Object permissions

Advanced Databases 8

System Privileges Example

Let’s check out OEM and do a demo.GRANTREVOKE

Page 9: Advanced Databases DBA: Security 1. Advanced Databases Agenda Understand the need for security. Learn about System Permissions and Object permissions

Advanced Databases

Guide to Oracle 10g

9

Roles

• Special database object • Represents collection of system

privileges • Can be assigned to multiple users• Create role– Can inherit privileges from other roles

• Simpler than assigning system privileges to each user.

Page 10: Advanced Databases DBA: Security 1. Advanced Databases Agenda Understand the need for security. Learn about System Permissions and Object permissions

Advanced Databases 10

Role Examples

Let’s checkout OEM and do a demo.CREATE ROLE

GRANT

Page 11: Advanced Databases DBA: Security 1. Advanced Databases Agenda Understand the need for security. Learn about System Permissions and Object permissions

Advanced Databases 11

Group Activity Data / DB AdminWith Fudgemart

Data Administrator’s Hat• Construct a Data

Administrator’s Matrix of Role, Object(s) and Permissions(s) for Customers on the Fudgemart website.

Database Administrator’s Hat• Carry out the security

role set by the data administrator.

• Write CREATE / GRANT statements to make a role for the WEB user to be included in.

Recall Fudgemart Has: Customers, Employees, Products, Orders, Departments, Vendors, and Timesheets.

Page 12: Advanced Databases DBA: Security 1. Advanced Databases Agenda Understand the need for security. Learn about System Permissions and Object permissions

Advanced Databases 12

Questions