Scribd Logo
Upload

Welcome to Scribd!

  • 24 views

    Lesson: Administering Users For Security Purposes

    Uploaded by

    Kimberly Mae Hernandez
    This document discusses administering users and security in a database management system. It covers: 1) Defining database user accounts, schemas, and predefined administrative accounts like SYS and SYSTEM. 2) Explaining the two types of privileges - system and object - and how they control user access. 3) The benefits of using roles to manage privileges and how privileges can be assigned to roles and roles to users.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Lesson: Administering Users For Security Purposes

    Uploaded by

    Kimberly Mae Hernandez
    24 views12 pages
    This document discusses administering users and security in a database management system. It covers: 1) Defining database user accounts, schemas, and predefined administrative accounts like SYS and SYSTEM. 2) Explaining the two types of privileges - system and object - and how they control user access. 3) The benefits of using roles to manage privileges and how privileges can be assigned to roles and roles to users.

    Original Description:

    Original Title

    lesson3b

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses administering users and security in a database management system. It covers: 1) Defining database user accounts, schemas, and predefined administrative accounts like SYS and SYSTEM. 2) Explaining the two types of privileges - system and object - and how they control user access. 3) The benefits of using roles to manage privileges and how privileges can be assigned to roles and roles to users.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    24 views12 pages

    Lesson: Administering Users For Security Purposes

    Uploaded by

    Kimberly Mae Hernandez
    This document discusses administering users and security in a database management system. It covers: 1) Defining database user accounts, schemas, and predefined administrative accounts like SYS and SYSTEM. 2) Explaining the two types of privileges - system and object - and how they control user access. 3) The benefits of using roles to manage privileges and how privileges can be assigned to roles and roles to users.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 12

    Lesson

    Administering Users
    For Security Purposes

    MAS-CS352-DBMS2
    Lesson Objectives:
    After completing this lesson, the student
    should be able to:
    • Identify how to control user access.
    • Define what is the difference between a user
    and a role.
    • Define and enumerate the two type of
    privilege.

    MAS-CS352-DBMS2
    Database User Accounts
    • Each database user account has:
    – A unique username
    – An authentication method
    – A default tablespace
    – A temporary tablespace
    – A user profile
    – An initial consumer group
    – An account status
    • A schema:
    – Is a collection of database objects that are owned by a database
    user
    – Has the same name as the user account

    MAS-CS352-DBMS2
    Predefined Administrative Accounts
    • SYS account:
    – Is granted the DBA role, as well as several other roles.
    – Has all privileges with ADMIN OPTION
    – Is required for startup, shutdown, and some maintenance commands
    – Owns the data dictionary and the Automatic Workload Repository
    (AWR)
    • SYSTEM account is granted the DBA, MGMT_USER, and
    AQ_ADMINISTRATOR_ROLE roles.
    • DBSNMP account is granted the OEM_MONITOR role.
    • SYSMAN account is granted the MGMT_USER, RESOURCE and
    SELECT_CATALOG_ROLE roles.
    • These accounts are not used for routine operations.

    MAS-CS352-DBMS2
    Administrator Authentication
    • Operating system security:
    – DBAs must have the OS privileges to create and delete files.
    – Typical database users should not have the OS privileges to
    create or delete database files.
    • Administrator security:
    – For SYSDBA, SYSOPER, and SYSASM connections:
    • DBA user by name is audited for password file and strong
    authentication methods
    • OS account name is audited for OS authentication
    • OS authentication takes precedence over password file authentication
    for privileged users
    • Password file uses case-sensitive passwords

    MAS-CS352-DBMS2
    Privileges
    • There are two types of user privileges:
    – System: Enables users to perform particular actions in the
    database
    – Object: Enables users to access and manipulate a specific
    object

    MAS-CS352-DBMS2
    Revoking System Privileges with ADMIN OPTION

    MAS-CS352-DBMS2
    Revoking Object Privileges with GRANT OPTION

    MAS-CS352-DBMS2
    Benefits of Roles
    • Easier privilege management
    • Dynamic privilege management
    • Selective availability of privileges

    MAS-CS352-DBMS2
    Assigning Privileges to Roles and
    Assigning Roles to Users

    MAS-CS352-DBMS2
    Predefined Roles

    MAS-CS352-DBMS2
    Lesson Summary:
    In this lesson, you should have learned about.
    • Role
    • User
    • Security

    MAS-CS352-DBMS2

    You might also like