Scribd Logo
Upload

Welcome to Scribd!

  • 8 views

    Administering User Security: Users and Schemas Are Database Users

    Uploaded by

    Jane
    The document discusses administering user security in an Oracle database. It describes common users versus local users, common privileges versus local privileges, Oracle-supplied administrator accounts like SYS and SYSTEM, special system privileges for administrators, Oracle-supplied roles, user profiles, assigning profiles, and password management parameters that can be configured.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Administering User Security: Users and Schemas Are Database Users

    Uploaded by

    Jane
    8 views34 pages
    The document discusses administering user security in an Oracle database. It describes common users versus local users, common privileges versus local privileges, Oracle-supplied administrator accounts like SYS and SYSTEM, special system privileges for administrators, Oracle-supplied roles, user profiles, assigning profiles, and password management parameters that can be configured.

    Original Description:

    Original Title

    8.1

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses administering user security in an Oracle database. It describes common users versus local users, common privileges versus local privileges, Oracle-supplied administrator accounts like SYS and SYSTEM, special system privileges for administrators, Oracle-supplied roles, user profiles, assigning profiles, and password management parameters that can be configured.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    8 views34 pages

    Administering User Security: Users and Schemas Are Database Users

    Uploaded by

    Jane
    The document discusses administering user security in an Oracle database. It describes common users versus local users, common privileges versus local privileges, Oracle-supplied administrator accounts like SYS and SYSTEM, special system privileges for administrators, Oracle-supplied roles, user profiles, assigning profiles, and password management parameters that can be configured.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 34

    Administering User Security

    users and schemas are database users , but when the user has objects then we call it schema

    Prepared By :Khaled AlKhudari Oracle DBA Course 1


    Administering User Security

    Prepared By :Khaled AlKhudari Oracle DBA Course 2


    Administering User Security

    Prepared By :Khaled AlKhudari Oracle DBA Course 3


    Administering User Security

    Prepared By :Khaled AlKhudari Oracle DBA Course 4


    Administering User Security

    Prepared By :Khaled AlKhudari Oracle DBA Course 5


    Administering User Security

    Prepared By :Khaled AlKhudari Oracle DBA Course 6


    Administering User Security

    Prepared By :Khaled AlKhudari Oracle DBA Course 7


    Administering User Security

    Prepared By :Khaled AlKhudari Oracle DBA Course 8


    Administering User Security

    Prepared By :Khaled AlKhudari Oracle DBA Course 9


    Administering User Security

    Prepared By :Khaled AlKhudari Oracle DBA Course 10


    Administering User Security

    Prepared By :Khaled AlKhudari Oracle DBA Course 11


    Administering User Security
    Common users VS local users
    optional

    PARAMETER common_user_prefix

    Refer to section : Helpful queries to explore Oracle DB architecture


    lessons: Common users VS local users part 1
    Common users VS local users part 2

    Prepared By :Khaled AlKhudari Oracle DBA Course 12


    Administering User Security
    Common privileges VS local privileges
    It must be in order to be common

    Private privileges: create table

    Prepared By :Khaled AlKhudari Oracle DBA Course 13


    Administering User Security
    Common roles

    Prepared By :Khaled AlKhudari Oracle DBA Course 14


    Administering User Security
    More About Users accounts

    Prepared By :Khaled AlKhudari Oracle DBA Course 15


    Administering User Security
    Oracle- supplied administrator accounts
     SYS

    This account can perform all administrative functions.


    All base (underlying) tables and views for the database data dictionary are stored in the SYS schema.
    These base tables and views are critical for the operation of Oracle Database.
    To maintain the integrity of the data dictionary, tables in the SYS schema are manipulated
    only by the database. They should never be modified by any user or database administrator.
    You must not create any tables in the SYS schema.
    The SYS user is granted the SYSDBA privilege,
    which enables a user to perform high-level administrative tasks such as backup and recovery.

     SYSTEM

    This account can perform all administrative functions except the following:

    Backup and recovery

    Database upgrade

    Prepared By :Khaled AlKhudari Oracle DBA Course 16


    Administering User Security
    Oracle- supplied administrator accounts

    Oracle Data Guard provides the management, monitoring, and automation software to create and
    maintain one or more standby databases to protect Oracle data from failures, disasters, human
    error, and data corruptions while providing high availability for mission critical applications.
    Data Guard is included with Oracle Database Enterprise Edition.
    Transparent Data Encryption (TDE) enables you to encrypt sensitive data that you store in tables
    and tablespaces.

    Prepared By :Khaled AlKhudari Oracle DBA Course 17


    Administering User Security
    Special system privileges for administrators

    Prepared By :Khaled AlKhudari Oracle DBA Course 18


    Administering User Security
    Special system privileges for administrators

    SYSASM is a system privilege that enables the separation of the SYSDBA database
    7
    administration privilege from the Oracle ASM storage administration privilege

    Prepared By :Khaled AlKhudari Oracle DBA Course 19


    Administering User Security
    Oracle –supplied roles

    Note: SYS and SYSTEM users already have DBA role by default

    Prepared By :Khaled AlKhudari Oracle DBA Course 20


    Administering User Security
    User Profile

    Resource limits Password parameters


    Example: Example:
    idle time password aging and expiration

     a user profile is a named set of resource limits and password parameters that restrict
    database usage and database instance resources for a user.
     If you assign a profile to a user, then that user can not exceed those limits.
     Every user , including the administrators is assigned to only one profile.
     By default when you crate a user, it will be assigned to default profile, unless you specified
    another profile

    Prepared By :Khaled AlKhudari Oracle DBA Course 21


    Administering User Security
    User Profile

    Prepared By :Khaled AlKhudari Oracle DBA Course 22


    Administering User Security

    Assigning Profiles

    Prepared By :Khaled AlKhudari Oracle DBA Course 23


    Administering User Security

    Password Password
    Account Password
    aging and complexity
    locking history
    expiration verification

    Prepared By :Khaled AlKhudari Oracle DBA Course 24


    Administering User Security

    We can configure the following parameters

    Prepared By :Khaled AlKhudari Oracle DBA Course 25


    Administering User Security

    We can configure the following parameters

    Prepared By :Khaled AlKhudari Oracle DBA Course 26


    Administering User Security

    We can configure the following parameters

    Prepared By :Khaled AlKhudari Oracle DBA Course 27


    Administering User Security

    We control this by parameter :PASSWORD_VERIFY_FUNCTION

    • it is PL/SQL function that perform password complexity check


    • This function owned by user SYS
    • It must return Boolean ( true or false)
    • A model verification function is provided in script called
    $ORACLE_HOME/rdbms/admin

    Prepared By :Khaled AlKhudari Oracle DBA Course 28


    Administering User Security

    It is
    catpvf.sql
    Note: this script doesn't create these functions
    It is only script for Default Password Resource Limits Which create
    these functions

    Prepared By :Khaled AlKhudari Oracle DBA Course 29


    Administering User Security

    verify_function_11G Function Password Requirements

    Prepared By :Khaled AlKhudari Oracle DBA Course 30


    Administering User Security

    ora12c_verify_function Function Password Requirements

    Prepared By :Khaled AlKhudari Oracle DBA Course 31


    Administering User Security

    ora12c_strong_verify_function Function Password Requirements

    Prepared By :Khaled AlKhudari Oracle DBA Course 32


    Administering User Security

    CPU_PER_SESSION/ CPU_PER_CALL

    Example:
    CPU_PER_CALL 3000
    A single call made by the user cannot
    consume more than 30 seconds of CPU
    time.

    Prepared By :Khaled AlKhudari Oracle DBA Course 33


    Administering User Security

    Prepared By :Khaled AlKhudari Oracle DBA Course 34

    You might also like