Administering User Security
Database User Accounts
Each database user account has:
A unique username(Each database user account is identified
by a unique username. This ensures that each user can be
distinctly recognized and managed within the database system).
An authentication method(The authentication method
determines how the user proves their identity to the
database).
A default tablespace(Each user is assigned a default
tablespace, which is used to store objects that the user
creates unless specified otherwise).
A temporary tablespace(This is a special tablespace
used for storing temporary data that is generated during
query execution and other database operations).
A user profile(A user profile defines a set of parameters
that control the user's session behavior and resource
usage.).
An initial consumer group(Each user is assigned to a
consumer group, which determines their priority and limits
for resource usage).
An account status(The account status indicates whether
the user account is active, locked, expired, or otherwise
restricted.).
Predefined Accounts: SYS and SYSTEM
The SYS and SYSTEM accounts are two key administrative
accounts in Oracle databases. They have special roles and
privileges that are crucial for database administration but are
not typically used for routine operations.
SYS Account
Granted the DBA Role:
The SYS account is granted the DBA (Database
Administrator) role, which includes a wide range of
administrative privileges needed to manage and maintain
the database.
Has All Privileges with ADMIN OPTION:
The SYS account has all system privileges with the
ADMIN OPTION, allowing the user to grant those
privileges to other users. This includes the highest level of
access rights, enabling comprehensive management of
the database.
Required for Startup, Shutdown, and Some
Maintenance Commands:
The SYS account is required to perform critical tasks such
as starting up and shutting down the database, and
executing certain maintenance commands that affect the
entire database. These operations are essential for
managing the database's availability and integrity.
Owns the Data Dictionary:
The SYS account owns the data dictionary, which is a set
of tables and views that store metadata about the
database. This metadata includes information about the
structure of the database, such as tables, columns,
indexes, and users. The data dictionary is crucial for the
database's internal functioning.
Owns the Automatic Workload Repository (AWR):
The SYS account owns the Automatic Workload
Repository, which collects, processes, and maintains
performance statistics. The AWR is used for performance
tuning and troubleshooting, providing insights into the
database's operational efficiency.
SYSTEM Account
Granted the DBA Role:
The SYSTEM account is also granted the DBA role, giving
it administrative privileges similar to those of the SYS
account. This includes the ability to create and manage
database objects, users, and other administrative tasks.
Not Used for Routine Operations:
Both the SYS and SYSTEM accounts are not intended for
routine operations. Instead, they are reserved for
administrative tasks that require high levels of privilege.
Using these accounts for everyday activities can pose
security risks and should be avoided.
Authenticating Users
Password
External
Global
Administrator Authentication
Operating System Security
DBAs must have the OS privileges to create and
delete files: Database Administrators (DBAs) require
operating system (OS) privileges that allow them to create
and delete files. This is necessary because many
administrative tasks involve managing database files
directly, such as adding new datafiles, moving files, and
removing obsolete files. Without these OS privileges,
DBAs wouldn't be able to fully manage the database
infrastructure.
Typical database users should not have the OS
privileges to create or delete database files: Regular
database users should not have OS-level privileges to
create or delete database files. Granting these privileges
could lead to accidental or malicious changes that could
jeopardize the integrity and availability of the database.
Administrator Security
For SYSDBA, SYSOPER, and SYSASM connections:
These are special administrative roles in Oracle
databases that have extensive privileges:
• SYSDBA: Full database administration privileges,
including the ability to start up and shut down the
database.
• SYSOPER: Limited set of administrative privileges
primarily for operations like startup and shutdown.
• SYSASM: Specific privileges related to Automatic
Storage Management (ASM).
DBA user by name is audited for password file and
strong authentication methods: When a DBA connects
using a username, the connection is audited to ensure that
strong authentication methods are being used. This helps
in tracking and securing access, ensuring that only
authorized individuals can perform sensitive tasks.
OS account name is audited for OS authentication:
For connections authenticated via the operating system,
the OS account name is audited. This helps in maintaining
a log of who accessed the database using OS
authentication, providing a trail that can be reviewed for
security purposes.
OS authentication takes precedence over password
file authentication for privileged users: When a user
has both OS authentication and password file
authentication enabled, OS authentication is given priority.
This means that if a user is authenticated by the OS, that
authentication is used first, providing a more seamless
and potentially more secure method of authenticating
privileged users.
Password file uses case-sensitive passwords: The
password file, which stores credentials for users with
SYSDBA and SYSOPER privileges, enforces case-
sensitive passwords. This enhances security by
increasing the complexity of passwords, making them
harder to guess or crack.
Privileges
User privileges in a database are critical for managing what
actions users can perform and which objects they can access
or manipulate. These privileges are categorized into two main
types: System Privileges and Object Privileges.
System Privileges
Definition:
System privileges are permissions that allow users to perform
specific actions that affect the entire database system or certain
aspects of it. These privileges are not tied to any particular
object (such as a table or a view) but rather enable users to
execute administrative tasks or access system-wide functions.
Examples:
CREATE SESSION: Allows the user to connect to the
database.
CREATE TABLE: Allows the user to create new tables in
the database.
ALTER SYSTEM: Permits the user to alter the system
settings.
CREATE USER: Enables the user to create new database
users.
DROP TABLESPACE: Allows the user to drop (delete) a
tablespace.
Object Privileges
Definition:
Object privileges are permissions that allow users to perform
actions on specific database objects. These objects can include
tables, views, sequences, procedures, and other database
objects. Object privileges enable users to access and
manipulate these specific objects as needed.
Examples:
SELECT: Allows the user to retrieve data from a specific
table or view.
INSERT: Permits the user to insert data into a specific
table.
UPDATE: Enables the user to update existing data in a
specific table.
DELETE: Allows the user to delete data from a specific
table.
EXECUTE: Permits the user to execute a specific stored
procedure or function.
ALTER: Allows the user to alter the structure of a specific
table or view.
Revoking System Privileges with ADMIN OPTION
Scenario:
The DBA grants the CREATE TABLE system privilege to
Jeff with ADMIN OPTION.
Jeff creates a table.
Jeff grants the CREATE TABLE system privilege to Emi.
Emi creates a table.
The DBA revokes the CREATE TABLE system privilege
from Jeff.
Result:
Jeff’s table still exists, but Jeff cannot create new tables.
Emi’s table still exists, and she still has the CREATE
TABLE system privilege.
Revoking Object Privileges with GRANT OPTION
Scenario:
Jeff is granted the SELECT object privilege on
EMPLOYEES with GRANT OPTION.
Jeff grants the SELECT privilege on EMPLOYEES to Emi.
Result:
The SELECT privilege is revoked from Jeff. This revoke is
cascaded to Emi as well.
Benefits of Roles
1. Easier Privilege Management:
• Roles allow DBAs to group multiple privileges into a
single named entity. Instead of assigning and
managing numerous individual privileges for each
user, DBAs can assign a role to the user. This
significantly reduces the complexity and effort
involved in privilege management.
• Consistency: Roles help ensure consistency in
privilege assignments. By using roles, DBAs can
maintain a standard set of privileges for similar types
of users, such as developers, analysts, and
administrators.
2. Dynamic Privilege Management:
• Flexible Assignments: Roles can be easily
assigned or revoked from users without altering the
underlying individual privileges. This allows for
dynamic changes to user access levels based on
changing requirements.
• Centralized Updates: Updating a role (e.g., adding
or removing privileges) automatically updates the
privileges for all users assigned to that role. This
makes it easier to manage changes in privilege
requirements centrally.
3. Selective Availability of Privileges:
• Context-Specific Access: Roles can be created for
specific tasks or projects, allowing users to have the
necessary privileges only when they need them. This
reduces the risk of over-privileged accounts and
enhances security.
• Granular Control: By using roles, DBAs can control
which users have access to which resources and
functionalities, providing a more granular and precise
control over database access.
• Temporary Assignments: Roles can be temporarily
assigned to users for specific tasks or projects and
then revoked once the tasks are completed,
providing a way to manage short-term access needs
effectively.
Assigning Privileges to Roles and Assigning Roles to
Users
In most systems, it is time consuming and error prone to grant
necessary privileges to each user individually. The Oracle
software provides for easy and controlled privilege
management through roles. Roles are named groups of related
privileges that are granted to users or to other roles. Roles are
designed to ease the administration of privileges in the
database and, therefore, improve security.
Role characteristics
Privileges are granted to and revoked from roles as
though the role were a user.
Roles are granted to and revoked from users or other roles
as though they were system privileges.
A role can consist of both system and object privileges.
A role can be enabled or disabled for each user who is
granted the role.
A role can require a password to be enabled.
Roles are not owned by anyone, and they are not in any
schema.
In this example:
The SELECT and UPDATE privileges on the employees table
and the CREATE JOB system privilege are granted to the
HR_CLERK role.
DELETE and INSERT privileges on the employees table and
the HR_CLERK role are granted to the HR_MGR role.
The manager is granted the HR_MGR role and can now select,
delete, insert, and update the employees table.
Predefined Roles
Profiles and Users
Profiles impose a named set of resource limits on database
usage and instance resources. Profiles also manage the
account status and place limitations on users’ passwords
(length, expiration time, and so on). Every user is assigned a
profile and may belong to only one profile at any given time. If
users have already logged in when you change their profile, the
change does not take effect until their next login.
Profiles cannot impose resource limitations on users unless the
RESOURCE_LIMIT initialization parameter is set to TRUE.
With RESOURCE_LIMIT at its default value of FALSE, profile
resource limitations are ignored.
Implementing Password Security Features
Assigning Quotas to Users
A quota is a space allowance in a given tablespace. By default,
a user has no quota on any of the tablespaces. You have three
options for providing a quota for a user on a tablespace.
Unlimited: Allows the user to use as much space as is
available in the tablespace
Value: Number of kilobytes or megabytes that the user
can use. This does not guarantee that the space is set
aside for the user. This value can be larger or smaller than
the current space that is available in the tablespace.
UNLIMITED TABLESPACE system privilege: Overrides
all individual tablespace quotas and gives the user
unlimited quota on all tablespaces, including SYSTEM
and SYSAUX. This privilege must be granted with caution.