tailieunhanh - Applied Oracle Security: Developing Secure Database and Middleware Environments- P28

Applied Oracle Security: Developing Secure Database and Middleware Environments- P28:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 244 Part II Oracle Database Vault jean_oper_dba@aos GRANT CREATE SESSION TO sh Grant succeeded. jean_oper_dba@aos -- connect as our object-owner jean_oper_dba@aos -- account and create or application s objects jean_oper_dba@aos CONNECT sh Enter password Connected. sh@aos -- install our application objects sh@aos @ Table created. Table created. Sequence created. View created. sh@aos -- now protect the application s objects in a DBV realm sh@aos CONNECT dbvowner Enter password dbvowner@aos BEGIN realm_name Sales History description Annual quarterly monthly and weekly sales figures by product enabled audit_options END PL SQL procedure successfully completed. BEGIN A realm_name Sales History object_owner SH object_name object_type END PL SQL procedure successfully completed. -- we typically authorize the object-owner account in the realm -- if application code performs DDL activity on the realm BEGIN realm_name Sales History grantee SH rule_set_name NULL auth_options END PL SQL procedure successfully completed. Chapter 6 Applied Database Vault for Custom Applications 245 Create Realm-based Application Database Administrators We mentioned earlier that DBV comes with a predefined role named DV_REALM_OWNER that works nicely with the application database administrator concept. We do not want to grant the DV_REALM_OWNER role directly to the accounts and then authorize the accounts in the realm as this yields higher maintenance costs on the DBV policy side for account provisioning. We also do not want to authorize the DV_REALM_OWNER role in each realm as this would provide access to all realms for anyone that has been granted this role. The solution is to define an application-centric role name for this administrator for each realm and simply grant this DV_ REALM_OWNER role to .