1 / 8

Authorization in Oracle Part 1

Authorization in Oracle Part 1. Ji-Won Mahesh. Sources. Starting source: Oracle Database – Security Guide 10g Release 1 (10.1) (Dec 2003) Other sources: Oracle SQL, PL/SQL Ref. Hacking via SQL*Plus sessions Random webpages… Have not yet looked through ANSI SQL standard. Approaches.

Jims
Download Presentation

Authorization in Oracle Part 1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authorization in OraclePart 1 Ji-Won Mahesh

  2. Sources • Starting source: • Oracle Database – Security Guide • 10g Release 1 (10.1) (Dec 2003) • Other sources: • Oracle SQL, PL/SQL Ref. • Hacking via SQL*Plus sessions • Random webpages… • Have not yet looked through ANSI SQL standard.

  3. Approaches • Oracle Enterprise Security Manager • LDAP v3 compliant Oracle thing • Can store “ACLs” • SQL*Plus – grant/revoke • PL/SQL – Encapsulation of privileges • VPD

  4. RBAC • Orthogonal/complementary feature – Roles • How roles can be defined (e.g., can adopt UNIX groups as DB roles) • “Secure application roles” – “Multi-tier authorization” • Restricted use of inherited privileges • E.g., need explicitly granted rights on base objects to include in view • Subtleties when it comes to stored procedures • named and anonymous PL/SQL blocks • E.g. cannot set roles within a definer’s rights procedure

  5. Privileges • System Privilege • E.g., create view • Schema object privilege • E.g., select • Includes table, view, procedure, type • Two kinds of table privileges: • DML – select, insert, update, delete • DDL – alter, index, references

  6. Overview of “demo” • Base table privileges: • Overlapping rights • Cascading and coarse-grained revoke • “grant any object privilege” • Views: • Minimum privileges • Operations on join views • Revocation – dichotomy

  7. Overview (contd.) • Stored Procedures • Definer/invoker rights does not seem to apply to “execute” privilege

  8. Demo << Onto the live demo >>

More Related