Dear Readers,
My name is Franz Devantier, creator of this blog. I am an Oracle Certified
Professional (OCP DBA 11g) Security DBA.
I will be sharing with you the basic duties of an Oracle DBA, and also
some of the undocumented, and not so well known tasks.
I will make a deal with you: If you refer me to a company that needs
database support, from a few hours per week to full time, and I am able to sign
a contract with them.
Then I will give you 10% of the monthly
contract or deal price every month. When
the contract ends, and we re-sign the contract, I will again give you 10% of
the monthly contract price. This will go
on until the company no longer employs or contracts me or my agents to look
after their databases.
I can do this, because that 10% is my
marketing budget. When we re-sign the
contract, in the future, it may depend on you giving the thumbs up again, and
that is worth 10% of the monthly contract price, to be given to you as
commission.
Security,
Privileges, Roles, Profiles and Resource Limitations - Part
11
Predefined
Roles
The Oracle
Database Server comes with a few pre-defined roles:
·
CONNECT
·
RESOURCE
·
DBA
·
EXP_FULL_DATABASE
·
IMP_FULL_DATABASE
The above
roles are specifically provided by the Oracle Database Server for backward
compatibility to earlier version of Oracle.
You can modify any of the above roles in the same way as you would
modify any of the other roles in the database.
In order
to retain a detailed control over the privileges in use; the roles for the
installation should be custom created, for the applications that are to run on
the system. Only the minimal privileges
that are needed to complete the processes should be granted to the custom
roles. Creating your own roles, instead
of adjusting pre-defined roles, removes the need to re-adjust your roles, if
you upgrade the database. The CONNECT
role now only has one privilege –> CREATE SESSION. Both the CONNECT and the RESOURCE roles will
eventually be deprecated in future releases of Oracle.
Operating System and Roles
On some operating systems, you can administer database
security using the operating system. It
is perhaps best to design the system in this way from the start, although it
can be migrated to this way of operation if required. The operating system can validate user
accounts, and manage the granting and revoking of roles, as well as the
password authentication for the roles.
Franz Devantier,
Need a database health check, or a security audit?
devantierf@gmail.com
Classifieds
No comments:
Post a Comment