Database and Role-based access control (RBAC)

User rights management reduces security risks by providing privileged users only the capabilities needed to run a select number of commands consistent with their needs rather than granting full super-user access to the system. This increases security by reducing the chances of administrative errors or accidental/malicious use of systems. User rights management, based on Oracle Solaris Role-Based Access Control (RBAC) capabilities, is centrally managed for reduced administration cost and increased flexibility for rapidly changing business requirements. Effective security reduces downtime, raises quality of service, and keeps costs low.

Default installations of the Oracle database can be made more secure by exploiting the user rights management feature of Oracle Solaris 10 security. In a typical Oracle deployment, all Oracle DBAs login as the UNIX user oracle. Hence, it is not possible to track the DBA-related activities of an individual user; only the combined activities of all DBAs are tracked by the Operating system and the database server.
User rights management enables you to create an oracle role and assign it to users with DBA responsibilities. In this scenario, the users will login to the database server system with their regular UNIX logins and assume the oracle role when they need to do any Oracle DBA-related tasks.

This approach ensures that multiple Oracle administrators do not share a single login. They login in as individual users and are accountable for their individual actions; yet they have the flexibility to perform all the functions of an Oracle administrator by assuming the oracle role.
Complete accountability for individual users can be enforced by enabling auditing of the oracle role; which in turn will provide a detailed description all Oracle DBA-related activities for each individual UNIX user. Included in the audit record is the login name of the user who assumed the role, the role name, and the action that the role performed.

image

Figure 1 : Using Oracle role enhances security and accountability

If additional security is required, the privileges of the UNIX user can be adjusted such that individual UNIX users cannot view Oracle processes. Similarly, the privileges of the Oracle role can be adjusted such that they can view only the Oracle processes.

Details are available in the white paper document:

Deploying Oracle Database on the Oracle Solaris Platform – An Introduction
http://www.oracle.com/technetwork/articles/systems-hardware-architecture/deploying-oracle-database-solaris-168405.pdf

Oglasi
Ovaj unos je objavljen u Nekategorizirano. Bookmarkirajte stalnu vezu.

Komentiraj

Popunite niže tražene podatke ili kliknite na neku od ikona za prijavu:

WordPress.com Logo

Ovaj komentar pišete koristeći vaš WordPress.com račun. Odjava / Izmijeni )

Twitter picture

Ovaj komentar pišete koristeći vaš Twitter račun. Odjava / Izmijeni )

Facebook slika

Ovaj komentar pišete koristeći vaš Facebook račun. Odjava / Izmijeni )

Google+ photo

Ovaj komentar pišete koristeći vaš Google+ račun. Odjava / Izmijeni )

Spajanje na %s