1 / 119

A First look at Database Vault David Bergmeier

A First look at Database Vault David Bergmeier. Agenda. Overview Installation Limitations Securing Data Backups A trigger problem. About me. Senior Oracle DBA Worked for MGA nearly 2 years Background as an Analyst/Programmer 12 years in financial services industry

dericia
Download Presentation

A First look at Database Vault David Bergmeier

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A First look atDatabase VaultDavid Bergmeier

  2. Agenda • Overview • Installation • Limitations • Securing Data • Backups • A trigger problem

  3. About me • Senior Oracle DBA • Worked for MGA nearly 2 years • Background as an Analyst/Programmer • 12 years in financial services industry • Started using Oracle in 1996

  4. Overview Why Oracle Database Vault? • Don’t trust the DBA • Regulatory Compliance(e.g. Sarbanes Oxley) • Separation of duties

  5. Separation of duties connect / as sysdba create user david ... grant dba to david; select * from scott.emp;

  6. Separation of duties connect / as sysdba create user david ... grant dba to david; select * from scott.emp;

  7. Separation of duties

  8. Separation of duties

  9. Separation of duties

  10. Agenda • Overview • Installation • Limitations • Securing Data • Backups • A trigger problem

  11. Prerequisites • Oracle 10.2.0.3 • 1024 MB of Physical RAM • Swap space (1.5 times RAM) • 400 MB in /tmp • 270 MB for database vault binaries • 10 MB additional for database files

  12. Prerequisites Installation • Assumes one instance per Oracle home • But can support more

  13. Installation

  14. Installation User to receive DV_OWNER role

  15. Installation Passwords must have alpha, numeric & special

  16. Installation User to receive DV_ACCTMGR role

  17. Installation

  18. Installation

  19. Installation

  20. Installation

  21. Installation

  22. Installation

  23. Installation

  24. Agenda • Overview • Installation • Limitations • Securing Data • Backups • A trigger problem

  25. The First Problem Let’s start the database

  26. The First Problem

  27. The First Problem

  28. The First Problem I cannot login as SYDBA So how do I start/stop Oracle?

  29. The First Problem connect / as SYSOPER

  30. The First Problem

  31. Agenda • Overview • Installation • Limitations • Securing Data • Backups • A trigger problem

  32. Securing Some Data $ lsnrctl start $ emctl start dbconsole

  33. Securing Some Data $ sqlplus system/manager SQL> select * from scott.emp; ... 14 rows selected. SQL>

  34. Securing Some Data

  35. Securing Some Data

  36. Securing Some Data

  37. Securing Some Data

  38. What is a Realm? A realm is a functional grouping of schemas and roles that are secured.

  39. Realm Authorizations Secured Objects What is a Realm? One Many

  40. Securing Some Data

  41. Securing Some Data

  42. Securing Some Data

  43. Securing Some Data

  44. Securing Some Data

  45. Securing Some Data

  46. Securing Some Data

  47. Securing Some Data SQL> select * from scott.emp; select * from scott.emp * ERROR at line 1: ORA-01031: Insufficient Privileges SQL>

  48. Securing Some Data SQL> select * from scott.dept; DEPTNO DNAME LOC ---------- -------------- -------- 10 ACCOUNTING NEW YORK 20 RESEARCH DALLAS 30 SALES CHICAGO 40 OPERATIONS BOSTON SQL>

  49. Securing Some Data That’s the end of the tutorial. So now let’s consider a real world application.

  50. application user SCOTT Real world Example Application server connects to database as single user EMP

More Related