![Page 1: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/1.jpg)
ToPresentation
on
SECURITYBy
Office of the A.G. (A&E) Punjab, Chandigarh
![Page 2: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/2.jpg)
Security features in Oracleand
its implementation in existing application
![Page 3: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/3.jpg)
Security features in ORACLE
Security features in ORACLE
![Page 4: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/4.jpg)
Different levels of security in Different levels of security in OracleOracle
• Account security for validation of usersAccount security for validation of users
• Access security for database objectsAccess security for database objects
• System-level security for managing global System-level security for managing global privilegesprivileges..
Different levels of security in Different levels of security in OracleOracle
• Account security for validation of usersAccount security for validation of users
• Access security for database objectsAccess security for database objects
• System-level security for managing global System-level security for managing global privilegesprivileges..
![Page 5: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/5.jpg)
Users & SecurityUsers & SecurityUsers & SecurityUsers & SecuritySecurity DomainSecurity Domain
Default Tablespace & Temporary Table SpaceDefault Tablespace & Temporary Table Space
Tablespace QuotaTablespace Quota
Resource LimitResource Limit
Direct PrivilegesDirect Privileges
Role PrivilegesRole Privileges
Account LockingAccount Locking
Security DomainSecurity Domain
Default Tablespace & Temporary Table SpaceDefault Tablespace & Temporary Table Space
Tablespace QuotaTablespace Quota
Resource LimitResource Limit
Direct PrivilegesDirect Privileges
Role PrivilegesRole Privileges
Account LockingAccount Locking
![Page 6: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/6.jpg)
Creating New UsersCreating New UsersCreating New UsersCreating New Users• Authentication with user nameAuthentication with user name
• Decide quotas for each TablespeceDecide quotas for each Tablespece
• Default Tablespace and Temporary TablespaceDefault Tablespace and Temporary Tablespace
• Grant privileges and roles to the userGrant privileges and roles to the user
• Use Profile to place limits on database resources available to Use Profile to place limits on database resources available to usersusers
• Use a standard password initiallyUse a standard password initially
• Use the Expire keyword to force user to reset their passwordUse the Expire keyword to force user to reset their password
• Restrict quotas to few users – use Quota Unlimited withRestrict quotas to few users – use Quota Unlimited withcautioncaution
• Educate usersEducate users
• Authentication with user nameAuthentication with user name
• Decide quotas for each TablespeceDecide quotas for each Tablespece
• Default Tablespace and Temporary TablespaceDefault Tablespace and Temporary Tablespace
• Grant privileges and roles to the userGrant privileges and roles to the user
• Use Profile to place limits on database resources available to Use Profile to place limits on database resources available to usersusers
• Use a standard password initiallyUse a standard password initially
• Use the Expire keyword to force user to reset their passwordUse the Expire keyword to force user to reset their password
• Restrict quotas to few users – use Quota Unlimited withRestrict quotas to few users – use Quota Unlimited withcautioncaution
• Educate usersEducate users
![Page 7: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/7.jpg)
Tools for DBA to monitor usersTools for DBA to monitor usersTools for DBA to monitor usersTools for DBA to monitor users
DBA_USERSDBA_USERS
• USERNAMEUSERNAME
• USER_IDUSER_ID
• CREATEDCREATED
• ACCOUNT_STATUSACCOUNT_STATUS
• LOCK_DATELOCK_DATE
• EXPIRY_DATEEXPIRY_DATE
• DEFAULT_TABLESPACEDEFAULT_TABLESPACE
• TEMPORARY_TABLESPACETEMPORARY_TABLESPACE
DBA_USERSDBA_USERS
• USERNAMEUSERNAME
• USER_IDUSER_ID
• CREATEDCREATED
• ACCOUNT_STATUSACCOUNT_STATUS
• LOCK_DATELOCK_DATE
• EXPIRY_DATEEXPIRY_DATE
• DEFAULT_TABLESPACEDEFAULT_TABLESPACE
• TEMPORARY_TABLESPACETEMPORARY_TABLESPACE
DBA_TS_QUOTASDBA_TS_QUOTAS
• USERNAMEUSERNAME
• TABLESPACE_NAMETABLESPACE_NAME
• BYTESBYTES
• MAX_BYTESMAX_BYTES
• BLOCKSBLOCKS
• MAX_BLOCKSMAX_BLOCKS
DBA_TS_QUOTASDBA_TS_QUOTAS
• USERNAMEUSERNAME
• TABLESPACE_NAMETABLESPACE_NAME
• BYTESBYTES
• MAX_BYTESMAX_BYTES
• BLOCKSBLOCKS
• MAX_BLOCKSMAX_BLOCKS
![Page 8: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/8.jpg)
Privileges for Oracle UsersPrivileges for Oracle UsersPrivileges for Oracle UsersPrivileges for Oracle Users
Two types of privileges:Two types of privileges:
SystemSystem: Enable users to perform particular : Enable users to perform particular action in the databaseaction in the database
ObjectObject:: Enable users to access and Enable users to access and manipulate a specific objectmanipulate a specific object
Two types of privileges:Two types of privileges:
SystemSystem: Enable users to perform particular : Enable users to perform particular action in the databaseaction in the database
ObjectObject:: Enable users to access and Enable users to access and manipulate a specific objectmanipulate a specific object
![Page 9: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/9.jpg)
System PrivilegesSystem PrivilegesSystem PrivilegesSystem Privileges
There are about 126 System PrivilegesThere are about 126 System Privileges
ANY keyword in the privileges signifies that users have the ANY keyword in the privileges signifies that users have the privilege in every schema.privilege in every schema.
CREATE ANY TABLECREATE ANY TABLE
DROP ANY TABLEDROP ANY TABLE
UPDATE ANY TABLEUPDATE ANY TABLE
CREATE ANY INDEXCREATE ANY INDEX
Contd….Contd….
There are about 126 System PrivilegesThere are about 126 System Privileges
ANY keyword in the privileges signifies that users have the ANY keyword in the privileges signifies that users have the privilege in every schema.privilege in every schema.
CREATE ANY TABLECREATE ANY TABLE
DROP ANY TABLEDROP ANY TABLE
UPDATE ANY TABLEUPDATE ANY TABLE
CREATE ANY INDEXCREATE ANY INDEX
Contd….Contd….
![Page 10: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/10.jpg)
System PrivilegesSystem PrivilegesSystem PrivilegesSystem Privileges
GRANT command adds a privilege to GRANT command adds a privilege to user or a group of usersuser or a group of users
grant CREATE SESSION, CREATE TABLE to SCOTT;grant CREATE SESSION, CREATE TABLE to SCOTT;
grant CREATE SESSION to JANE WITH ADMIN option;grant CREATE SESSION to JANE WITH ADMIN option;
Contd….Contd….
GRANT command adds a privilege to GRANT command adds a privilege to user or a group of usersuser or a group of users
grant CREATE SESSION, CREATE TABLE to SCOTT;grant CREATE SESSION, CREATE TABLE to SCOTT;
grant CREATE SESSION to JANE WITH ADMIN option;grant CREATE SESSION to JANE WITH ADMIN option;
Contd….Contd….
![Page 11: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/11.jpg)
System PrivilegesSystem PrivilegesSystem PrivilegesSystem Privileges
REVOKE command deletes the privileges REVOKE command deletes the privileges from users/group of usersfrom users/group of users
revoke CREATE TABLE from SCOTT;revoke CREATE TABLE from SCOTT;
revoke CREATE SESSION from JANE;revoke CREATE SESSION from JANE;
REVOKE command deletes the privileges REVOKE command deletes the privileges from users/group of usersfrom users/group of users
revoke CREATE TABLE from SCOTT;revoke CREATE TABLE from SCOTT;
revoke CREATE SESSION from JANE;revoke CREATE SESSION from JANE;
![Page 12: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/12.jpg)
Tools to monitor System PrivilegesTools to monitor System PrivilegesTools to monitor System PrivilegesTools to monitor System Privileges
DatabaseDatabaseDBA_SYS_PRIVSDBA_SYS_PRIVS
- GRANTEE- GRANTEE
- PRIVILEGE- PRIVILEGE
- ADMIN OPTION- ADMIN OPTION
DatabaseDatabaseDBA_SYS_PRIVSDBA_SYS_PRIVS
- GRANTEE- GRANTEE
- PRIVILEGE- PRIVILEGE
- ADMIN OPTION- ADMIN OPTION
SessionSessionSESSION_PRIVSSESSION_PRIVS
- PRIVILEGE- PRIVILEGE
SessionSessionSESSION_PRIVSSESSION_PRIVS
- PRIVILEGE- PRIVILEGE
![Page 13: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/13.jpg)
Object PrivilegesObject PrivilegesObject PrivilegesObject Privileges
Object Privileges can be granted/revoked on Object Privileges can be granted/revoked on different objects like Tables, View, Sequence, different objects like Tables, View, Sequence, Procedure etc. and are :Procedure etc. and are :
ALTERALTER INSERT INSERT
DELETEDELETE SELECT SELECT
EXECUTEEXECUTE REFERENCES REFERENCES
INDEXINDEX UPDATE UPDATE
Contd…Contd…
Object Privileges can be granted/revoked on Object Privileges can be granted/revoked on different objects like Tables, View, Sequence, different objects like Tables, View, Sequence, Procedure etc. and are :Procedure etc. and are :
ALTERALTER INSERT INSERT
DELETEDELETE SELECT SELECT
EXECUTEEXECUTE REFERENCES REFERENCES
INDEXINDEX UPDATE UPDATE
Contd…Contd…
![Page 14: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/14.jpg)
Object PrivilegesObject PrivilegesObject PrivilegesObject Privileges
GRANT command adds a privilege to user GRANT command adds a privilege to user or a group of usersor a group of users
grant EXECUTE on EMPLOYEE to SCOTT;grant EXECUTE on EMPLOYEE to SCOTT;
grant UPDATE (first_name, salary) on EMPLOYEE to grant UPDATE (first_name, salary) on EMPLOYEE to SCOTT with grant option;SCOTT with grant option;
Contd….Contd….
GRANT command adds a privilege to user GRANT command adds a privilege to user or a group of usersor a group of users
grant EXECUTE on EMPLOYEE to SCOTT;grant EXECUTE on EMPLOYEE to SCOTT;
grant UPDATE (first_name, salary) on EMPLOYEE to grant UPDATE (first_name, salary) on EMPLOYEE to SCOTT with grant option;SCOTT with grant option;
Contd….Contd….
![Page 15: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/15.jpg)
Object PrivilegesObject PrivilegesObject PrivilegesObject Privileges
REVOKE command deletes the privileges REVOKE command deletes the privileges from users/group of usersfrom users/group of users
revoke delete on EMPLOYEE from SCOTT;revoke delete on EMPLOYEE from SCOTT;
revoke all on EMPLOYEE from JANE;revoke all on EMPLOYEE from JANE;
REVOKE command deletes the privileges REVOKE command deletes the privileges from users/group of usersfrom users/group of users
revoke delete on EMPLOYEE from SCOTT;revoke delete on EMPLOYEE from SCOTT;
revoke all on EMPLOYEE from JANE;revoke all on EMPLOYEE from JANE;
![Page 16: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/16.jpg)
Tools to monitor Object Tools to monitor Object PrivilegesPrivileges
Tools to monitor Object Tools to monitor Object PrivilegesPrivilegesDBA_TAB_PRIVSDBA_TAB_PRIVS
GRANTEEGRANTEE
OWNER OWNER
TABLE_NAMETABLE_NAME
GRANTORGRANTOR
PRIVILEGEPRIVILEGE
GRANTABLEGRANTABLE
DBA_TAB_PRIVSDBA_TAB_PRIVS
GRANTEEGRANTEE
OWNER OWNER
TABLE_NAMETABLE_NAME
GRANTORGRANTOR
PRIVILEGEPRIVILEGE
GRANTABLEGRANTABLE
DBA_COL_PRIVSDBA_COL_PRIVS
GRANTEEGRANTEE
OWNEROWNER
TABLE_NAMETABLE_NAME
COLOUMN_NAMECOLOUMN_NAME
GRANTORGRANTOR
PRIVILEGEPRIVILEGE
GRANTABLEGRANTABLE
DBA_COL_PRIVSDBA_COL_PRIVS
GRANTEEGRANTEE
OWNEROWNER
TABLE_NAMETABLE_NAME
COLOUMN_NAMECOLOUMN_NAME
GRANTORGRANTOR
PRIVILEGEPRIVILEGE
GRANTABLEGRANTABLE
![Page 17: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/17.jpg)
AGVLCAGVLCTHETHE
EXISTING APPLICATIONEXISTING APPLICATION
AGVLCAGVLCTHETHE
EXISTING APPLICATIONEXISTING APPLICATION
![Page 18: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/18.jpg)
Features of Security Module of VLC Features of Security Module of VLC Package developed by NIITPackage developed by NIIT
Security module has 10 different options which Security module has 10 different options which are as follows:are as follows:
Features of Security Module of VLC Features of Security Module of VLC Package developed by NIITPackage developed by NIIT
Security module has 10 different options which Security module has 10 different options which are as follows:are as follows:
Set AGVLC PasswordSet AGVLC Password Map User/SectionMap User/Section
Change AGVLC Role passwordChange AGVLC Role password Map Module/FunctionMap Module/Function
Application UserApplication User Map Role/Module Map Role/Module
Role StatusRole Status Map Role/User Map Role/User
AG dealing SectionAG dealing Section Map Function Map Function
Set AGVLC PasswordSet AGVLC Password Map User/SectionMap User/Section
Change AGVLC Role passwordChange AGVLC Role password Map Module/FunctionMap Module/Function
Application UserApplication User Map Role/Module Map Role/Module
Role StatusRole Status Map Role/User Map Role/User
AG dealing SectionAG dealing Section Map Function Map Function
![Page 19: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/19.jpg)
Set AGVLC Password Set AGVLC Password
![Page 20: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/20.jpg)
Change AGVLC Role passwordChange AGVLC Role password Change AGVLC Role passwordChange AGVLC Role password
![Page 21: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/21.jpg)
Application userApplication user Application userApplication user
![Page 22: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/22.jpg)
Role StatusRole Status Role StatusRole Status
![Page 23: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/23.jpg)
AG Dealing SectionAG Dealing Section AG Dealing SectionAG Dealing Section
![Page 24: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/24.jpg)
Map User/SectionMap User/Section Map User/SectionMap User/Section
![Page 25: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/25.jpg)
Map Module/FunctionMap Module/Function Map Module/FunctionMap Module/Function
![Page 26: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/26.jpg)
Map Role/ModuleMap Role/Module Map Role/ModuleMap Role/Module
![Page 27: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/27.jpg)
Map Role/UserMap Role/User Map Role/UserMap Role/User
![Page 28: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/28.jpg)
Map FunctionMap Function Map FunctionMap Function
![Page 29: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/29.jpg)
VLC APPLICATIONADDITIONAL SECURITY
User Profiles
SESSION_PER_USER
IDLE_TIME
FAILED_LOGIN_ATTEMPTS
PASSWORD_LIFE_TIME
PASSWORD_LOCK_TIME
PASSWORD_GRACE_TIME
![Page 30: To Presentation on SECURITY By Office of the A.G. (A&E) Punjab, Chandigarh](https://reader036.vdocuments.us/reader036/viewer/2022062718/56649eab5503460f94bb170b/html5/thumbnails/30.jpg)