tailieunhanh - Applied Oracle Security: Developing Secure Database and Middleware Environments- P61

Applied Oracle Security: Developing Secure Database and Middleware Environments- P61:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 574 Part IV Applied Security for Oracle APEX and Oracle Business Intelligence Database Context SYS_CONTEXT USERENV CLIENT -IDENTIFIER bichannell This query gives you information about who the database thinks is really issuing requests The user BI_SELECT is the database user who is actually logging onto the database and all Bl Users are using this share connection pool to issue queries. However at connection the Bl Server sets a client identifier at the database level to tell the database who is really running the queries In this case the database knows bichannell is the actual Bl User issuing requests This information is used by the database to apply VPD policies and for auditing purposes Code used EXECUTE PHYSICAL CONNECTION POOL data_access to retrieve select sys contest USERENW . CLIENT IDENTIFIER information front dual A direct database request is being issued to retrieve this information Modify - Refresh - Print - Download FIGURE 14-27 An example of a direct database request direct database request and member of the SH Users group are the only users allowed to execute the request. This allows the members of SH Users to run direct database requests without granting them permission to create these types of requests. This segregation of duties allows for a very controlled use of the privilege. An example of a direct database request is included in the dashboards found on the Downloads page at . The Channel Managers tab of the SH dashboard has two requests that are based on direct database requests. Figure 14-27 shows one of these requests. This tab was designed to show data with VPD policies being enforced. As you saw earlier in the chapter an important step is conveying the end user s identity to the database. In this example to verify that the database was aware of the true end user I wanted the BI Server to issue the query select syscontext USERENV CLIENTJDENTIFIER from dual. In summary the ability to execute a direct database request .