tailieunhanh - Applied Oracle Security: Developing Secure Database and Middleware Environments- P17

Applied Oracle Security: Developing Secure Database and Middleware Environments- P17:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 134 Part II Oracle Database Vault realm_name Sales History grantee ANTHONY rule_set_name NULL auth_options END PL SQL procedure successfully completed. With the successful authorizations you can see that MARY and ANTHONY can work in unison to administer the SH application schema but within the control of their realm authorization mary@aos -- Create a table for staging warehouse data mary@aos CREATE TABLE prod_id NUMBER NOT NULL cust_id NUMBER NOT NULL time_id DATE NOT NULL channel_id NUMBER NOT NULL promo_id NUMBER NOT NULL quantity_sold NUMBER 10 2 NOT NULL Table created. mary@aos As the realm owner grant access on the new table to OE mary@aos GRANT SELECT ON TO oe Grant succeeded. mary@aos As the realm owner grant a realm protected role mary@aos GRANT sales_select_role TO oe Grant succeeded. anthony@aos Anthony can administrator realm protected objects anthony@aos ALTER TABLE ADD amount_sold NUMBER 10 2 NOT NULL Table altered. anthony@aos Anthony cannot grant access to the new table anthony@aos due to his realm participant status anthony@aos GRANT SELECT ON TO hr GRANT SELECT ON TO hr ERROR at line 1 ORA-00604 error occurred at recursive SQL level 1 ORA-47401 realm violation for grant object privilege on ORA-06512 at line 55 Chapter 5 Database Vault Fundamentals 135 ORA-06512 at line 31 anthony@aos Anthony cannot grant access to realm roles anthony@aos due to his realm participant status anthony@aos GRANT sales_select_role TO hr GRANT sales_select_role TO hr ERROR at line 1 ORA-00604 error occurred at recursive SQL level 1 ORA-47401 realm violation for grant role privilege on SALES_SELECT_ROLE. ORA-06512 at line 55 ORA-06512 at line 31 Once MARY grants SELECT access on the new table to the OE account this account can query the table because realms honor direct object privilege usage