To%20Presentation%20on%20SECURITY

1
Welcome
ToPresentationonSECURITY By Office of the A.G.
(AE) Punjab, Chandigarh
2
Security features in Oracleand its
implementation in existing application
3
Security features in ORACLE
4

• Different levels of security in Oracle
• Account security for validation of users
• Access security for database objects
• System-level security for managing global
  privileges.

5
Users Security
Security Domain Default Tablespace Temporary
Table Space Tablespace Quota Resource
Limit Direct Privileges Role Privileges Account
Locking
6
Creating New Users

• Authentication with user name
• Decide quotas for each Tablespece
• Default Tablespace and Temporary Tablespace
• Grant privileges and roles to the user
• Use Profile to place limits on database
  resources available to users
• Use a standard password initially
• Use the Expire keyword to force user to reset
  their password
• Restrict quotas to few users use Quota
  Unlimited with caution
• Educate users

7
Tools for DBA to monitor users

• DBA_TS_QUOTAS
• USERNAME
• TABLESPACE_NAME
• BYTES
• MAX_BYTES
• BLOCKS
• MAX_BLOCKS

• DBA_USERS
• USERNAME
• USER_ID
• CREATED
• ACCOUNT_STATUS
• LOCK_DATE
• EXPIRY_DATE
• DEFAULT_TABLESPACE
• TEMPORARY_TABLESPACE

8
Privileges for Oracle Users
Two types of privileges System Enable users to
perform particular action in the database Object
Enable users to access and manipulate a
specific object
9
System Privileges
There are about 126 System Privileges ANY keyword
in the privileges signifies that users have the
privilege in every schema. CREATE ANY TABLE DROP
ANY TABLE UPDATE ANY TABLE CREATE ANY
INDEX Contd.
10
System Privileges
GRANT command adds a privilege to user or a group
of users grant CREATE SESSION, CREATE TABLE
to SCOTT grant CREATE SESSION to JANE WITH
ADMIN option Contd.
11
System Privileges
REVOKE command deletes the privileges from
users/group of users revoke CREATE TABLE from
SCOTT revoke CREATE SESSION from JANE
12
Tools to monitor System Privileges
Database DBA_SYS_PRIVS - GRANTEE - PRIVILEGE -
ADMIN OPTION
Session SESSION_PRIVS - PRIVILEGE
13
Object Privileges
Object Privileges can be granted/revoked on
different objects like Tables, View, Sequence,
Procedure etc. and are ALTER INSERT DELETE
SELECT EXECUTE REFERENCES INDEX UPDATE Contd
14
Object Privileges
GRANT command adds a privilege to user or a group
of users grant EXECUTE on EMPLOYEE to
SCOTT grant UPDATE (first_name, salary) on
EMPLOYEE to SCOTT with grant option Contd.
15
Object Privileges
REVOKE command deletes the privileges from
users/group of users revoke delete on EMPLOYEE
from SCOTT revoke all on EMPLOYEE from JANE
16
Tools to monitor Object Privileges
DBA_TAB_PRIVS GRANTEE OWNER
TABLE_NAME GRANTOR PRIVILEGE GRANTABLE
DBA_COL_PRIVS GRANTEE OWNER TABLE_NAME
COLOUMN_NAME GRANTOR PRIVILEGE GRANTABLE
17
AGVLC THE EXISTING APPLICATION
18
Features of Security Module of VLC Package
developed by NIIT Security module has 10
different options which are as follows
Set AGVLC Password Map User/Section Change AGVLC
Role password Map Module/Function Application
User Map Role/Module Role Status Map
Role/User AG dealing Section Map Function
19
Set AGVLC Password
20
Change AGVLC Role password
21
Application user
22
Role Status
23
AG Dealing Section
24
Map User/Section
25
Map Module/Function
26
Map Role/Module
27
Map Role/User
28
Map Function
29
VLC APPLICATION
ADDITIONAL SECURITY User Profiles SESSION_PER_USER
IDLE_TIME FAILED_LOGIN_ATTEMPTS PASSWORD_LIFE_TIM
E PASSWORD_LOCK_TIME PASSWORD_GRACE_TIME
30
Thanks