Oracle Database 12c

for oracle 12c:
https://localhost:5500/em
for oracle 11g:
https://192.168.16.1:1158/em
create view hr_verify as

select employee_id, first_name, last_name, email, manager_id
from employees;
grant select on hr_verify to mweiss;

grant select on hr_verify to wtaylor;
grant select on hr_verify to sec_admin;
https://smartindo-pc:5500/em/login
===================================================================================
================
Create Procedure
User : sec_admin (sqlplus)
----------------
create or replace
procedure GRANT_EMP_ROLE
AUTHID CURRENT_USER
AS
v_user varchar2(50);
v_manager_id number :=1;
BEGIN
v_user := lower((sys_context ('userenv','session_user')));
SELECT manager_id
INTO v_manager_id FROM hr.hr_verify WHERE
lower(email)=v_user;
IF v_manager_id = 100
THEN
EXECUTE IMMEDIATE 'SET ROLE emp_role';
ELSE NULL;
END IF;
EXCEPTION
WHEN NO_DATA_FOUND THEN v_manager_id:=0;
DBMS_OUTPUT.PUT_LINE(v_manager_id);
END;
/
the authid current_user clause tells the kernel that any methods that may be used
in the type
specification should execute with the privilege of the executing user not the
owner.
the default option is authid definer, where the method would execute with the
privileges of the user
creating the type
warning: writing PL/SQL code with the default authid definer, can facilitate sql
injection attacks,
because an intruder would get privileges that they would not get if they used
authid current_user.
Create ROLE
User : sec_admin
----------------
create role EMP_ROLE

identified using SECA_ADMIN.GRANT_EMP_ROLE;
===================================================================================
================
User: OE (sqlplus)
grant select on orders to emp_role;
User : sec_admin (sqlplus)
grant execute on grant_emp_role to mweiss;

grant execute on grant_emp_role to wtaylor;
===================================================================================
================
Test.
Connect Mweiss
execute sec_admin.grant_role;
===================================================================================
================
bab 4
connect psmith as syskm

password Admin12345
langkah 1:
select * from v$encryption_wallet;

hasil pada awal status= not_available, wallet_type=unknow
langkah 2:
ADMINISTER KEY MANAGEMENT CREATE KEYSTORE 'C:\app12c\admin\orcl\WALLET'

IDENTIFIED BY "Admin12345";

hasil pada awal status= closed, wallet_type=unknown
===================================================================================
================
Data ENCRYPT
------------
Create Encrypt Folder
Encrypt Off Folder

ADMINISTER KEY MANAGEMENT SET KEYSTORE open identified by password
Encrypt On Folder
ADMINISTER KEY MANAGEMENT SET KEYSTORE close identified by password
ex:
ADMINISTER KEY MANAGEMENT SET KEYSTORE close identified by Admin12345

hasil pada awal status= open_no_master_key, wallet_type=password
ADMINISTER Key management set key identified by "Admin12345" with backup;
===================================================================================
================

User : HR
CREATE TABLE employee (

first_name VARCHAR2(128),
last_name VARCHAR2(128),
empID NUMBER,
salary NUMBER(6) ENCRYPT);
===================================================================================
================
Create Encrypt Folder
user HR
-------
SQL> Alter TABLE employee modify (salary decrypt);
Table altered.
===================================================================================
================
Database Vault (Tutorial Controlling Administrator Access to a User Schema)
User: Sys
---------
SQL> select value from v$option where parameter = 'Oracle Database Vault';
VALUE
----------------------------------------------------------------
FALSE
Create User DBV_OWNER

SQL> create user DBV_OWNER identified by Admin12345;
User created.
SQL> grant create session, dv_owner to DBV_OWNER;
Grant succeeded.
________________________________________________________________
OLS (Oracle Label Security)
---------------------------
SQL> exec LBACSYS.CONFIGURE_OLS;
PL/SQL procedure successfully completed.
SQL> exec LBACSYS.OLS_ENFORCEMENT.ENABLE_OLS;
Melihat Status OLS

SQL> select name, status, description from dba_ols_status;
NAME STATU
-------------------- -----
DESCRIPTION
--------------------------------------------------------------------------------
OLS_CONFIGURE_STATUS TRUE
Determines if OLS is configured
OLS_DIRECTORY_STATUS FALSE
Determines if OID is enabled with OLS
OLS_ENABLE_STATUS TRUE
Determines if OLS is enabled
Create User LBAC

----------------
SQL> create user LBAC identified by Admin12345;
User created.
SQL> grant LBAC_DBA to LBAC;
Grant succeeded.
Create User DBV_MANAGER

-----------------------
SQL> create user DBV_MANAGER identified by Admin12345;
User created.
SQL> grant connect,resource, dv_acctmgr to DBV_MANAGER;
Grant succeeded.
SQL> begin
2 DVSYS.CONFIGURE_DV (
3 DVOWNER_UNAME => 'DBV_OWNER',
4 DVACCTMGR_UNAME => 'DBV_MANAGER');
5 END;
6 /
SQL> exec DBMS_MACADM.ENABLE_DV;

SQL> select value from v$option where parameter = 'Oracle Database Vault';
VALUE
----------------------------------------------------------------
TRUE
SQL>
Create Virtual Private Database

-------------------------------
SQL> create user "LDORAN" PROFILE "DEFAULT"

2 IDENTIFIED BY "Admin12345" DEFAULT TABLESPACE "EXAMPLE"
3 TEMPORARY TABLESPACE "TEMP"
4 ACCOUNT UNLOCK
5 ;
User created.
SQL> create user "LPOPP" PROFILE "DEFAULT"

2 IDENTIFIED BY "Admin12345" DEFAULT TABLESPACE "EXAMPLE"
3 TEMPORARY TABLESPACE "TEMP"
4 ACCOUNT UNLOCK
5 ;
User created.
SQL> grant select on "OE"."ORDERS" to "LPOPP";
Grant succeeded.
SQL> grant connect to LPOPP;
Grant succeeded.
SQL> grant select on "OE"."ORDERS" to "LDORAN";
Grant succeeded.
SQL> grant connect to LDORAN;
Grant succeeded.
SQL>

Oracle Database 12c

Uploaded by

Copyright:

Available Formats

You might also like

Oracle Database 12c

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Oracle Database 12c

Uploaded by

Copyright:

Available Formats

for oracle 12c:

create view hr_verify as

grant select on hr_verify to mweiss;

create role EMP_ROLE

grant select on orders to emp_role;

User : sec_admin (sqlplus)

grant execute on grant_emp_role to mweiss;

connect psmith as syskm

select * from v$encryption_wallet;

ADMINISTER KEY MANAGEMENT CREATE KEYSTORE 'C:\app12c\admin\orcl\WALLET'

select * from v$encryption_wallet;

Encrypt Off Folder

select * from v$encryption_wallet;

ADMINISTER Key management set key identified by "Admin12345" with backup;

ADMINISTER KEY MANAGEMENT CREATE KEYSTORE 'C:\app12c\admin\orcl\WALLET'

CREATE TABLE employee (

SQL> Alter TABLE employee modify (salary decrypt);

Create User DBV_OWNER

SQL> grant create session, dv_owner to DBV_OWNER;

PL/SQL procedure successfully completed.

SQL> exec LBACSYS.OLS_ENFORCEMENT.ENABLE_OLS;

PL/SQL procedure successfully completed.

Melihat Status OLS

Create User LBAC

SQL> grant LBAC_DBA to LBAC;

Create User DBV_MANAGER

SQL> grant connect,resource, dv_acctmgr to DBV_MANAGER;

PL/SQL procedure successfully completed.

SQL> exec DBMS_MACADM.ENABLE_DV;

PL/SQL procedure successfully completed.

Create Virtual Private Database

SQL> create user "LDORAN" PROFILE "DEFAULT"

SQL> create user "LPOPP" PROFILE "DEFAULT"

SQL> grant select on "OE"."ORDERS" to "LPOPP";

SQL> grant connect to LPOPP;

SQL> grant select on "OE"."ORDERS" to "LDORAN";

SQL> grant connect to LDORAN;

You might also like