Thursday, April 25, 2013

Security Policies - Part 3

Dear Readers,

My name is Franz Devantier, creator of this blog.  I am an Oracle Certified Professional (OCP DBA 11g) Security DBA.  I will be sharing with you the basic duties of an Oracle DBA, and also some of the undocumented, and not so well known tasks. 

I will make a deal with you:  If you refer me to a company that needs database support, from a few hours per week to full time, and I am able to sign a contract with them.
Then I will give you 10% of the monthly contract or deal price every month.  When the contract ends, and we re-sign the contract, I will again give you 10% of the monthly contract price.  This will go on until the company no longer employs or contracts me or my agents to look after their databases.
I can do this, because that 10% is my marketing budget.  When we re-sign the contract, in the future, it may depend on you giving the thumbs up again, and that is worth 10% of the monthly contract price, to be given to you as commission.
Contact: Franz

Security Policies  -  Part 3
Using Roles for Administrator Privilege Management
Roles are the most efficient way to restrict the powerful system privileges that are required by people who administer the database.

Ideally at a large installation, each database administrator would be responsible for a specific area of management.
-> Object creation and maintenance.
-> Database tuning and performance.
-> Creation and management of users, including the granting of privileges and roles to database users.
-> Routine maintenance, like STARTUP, SHUTDOWN, and backup and recovery.
-> Emergency maintenance, as when a database crashes.
-> You may have new, inexperienced database administrators, who need limited capabilities to learn database management.

You could create a number of different roles to cater for the different levels of database administrators.
-> dba_objects
-> dba_tuning
-> dba_security
-> dba_maintenance
-> dba_recovery
-> dba_learning

Now in order to make these roles work, you will need to grant all of the privileges needed to each of these roles, in order to allow a database administrator to complete their tasks.  Then you can grant these roles to the appropriate administrators.

The above plan will reduce the management of database administrators, and limit the administrators to just the privileges they need to complete their tasks.
-> If a database administrator’s (DBA) job description changes to include more responsibilities, then you can grant the DBA the additional needed DBA roles that you have created.
-> If the DBA’s job description changes to include fewer responsibilities, then you can revoke the roles that are no longer needed.
-> The data dictionary will have the information stored with regards to what privileges are granted to each role, and what roles are granted to each user.  So you can report on the privileges that each DBA has, and which tasks each user is allowed to do.

Franz Devantier,
Need a database health check, or a security audit?
devantierf@gmail.com
Classifieds
Year of the Stem Cell
Devantier Hosting, from $2.75
Host then Profit GVO
Global Domains International
Cash in on Banners
Hot Link Cycler
A to Z AdBoard
Ad Viralizer
Traffic Exchange Profits
Easy Downlines
Fast Cash and Traffic
Simple Safelists
Traffic Wave - Autoresponder
Traffic Hoopla

Business Related Social Media
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)