SEARCH
Disclaimer: Authors have full rights over their works. Reproduction of any part of the content is prohibited without prior authorization.
BOOK ORACLE DATABASE 12C SECURITY COOKBOOK
SUMMARY
-
Items Found: 490
- Preface 1
- Chapter 1: Basic Database Security 7
- Introduction 7
- Creating a password profile 8
- Getting ready 8
- How to do it… 8
- How it works… 9
- There's more… 9
- See also 10
- Creating password-authenticated users 10
- Getting ready 10
- How to do it… 11
- How it works… 11
- There's more… 12
- How to create a user using EM Express 12
- See also 16
- Changing a user's password 16
- Getting ready 17
- How to do it… 17
- How it works… 18
- There's more… 18
- See also 18
- Creating a user with the same credentials on another database 19
- Getting ready 19
- How to do it… 19
- How it works… 20
- There's more… 20
- See also 21
- Locking a user account 21
- Getting ready 21
- How to do it… 22
- How it works… 22
- See also 23
- Expiring a user's password 23
- Getting ready 24
- How to do it… 24
- How it works… 24
- See also 24
- Creating and using OS-authenticated users 25
- Getting ready 25
- How to do it… 25
- How it works… 26
- There's more… 26
- Creating and using proxy users 27
- Getting ready 27
- How to do it… 27
- How it works… 28
- There's more… 29
- Creating and using database roles 30
- Getting ready 30
- How to do it… 30
- How it works… 31
- There's more… 32
- See also 33
- The sysbackup privilege – how, when, and why span /should
- /spanspanyou/span use it? 33
- Getting ready 33
- How to do it… 33
- Database authentication 33
- OS authentication 35
- How it works… 35
- There's more… 38
- See also 38
- The syskm privilege – how, when, and why span /should
- /spanspanyou/span use it? 38
- Getting ready 39
- How to do it… 39
- Database authentication 39
- OS authentication 40
- How it works… 40
- There's more… 41
- See also 41
- The sysdg privilege – how, when, and why span /should
- /spanspanyou/span use it? 41
- Getting ready 41
- How to do it… 42
- Database authentication 42
- OS authentication 42
- How it works… 43
- There's more… 44
- See also 44
- Chapter 2: Security Considerations in Multitenant Environment 45
- Introduction 45
- Creating a common user 47
- Getting ready 48
- How to do it… 48
- How it works… 48
- Rules/guidelines for creating and managing common users 49
- There's more… 49
- How to create a common user using OEM 12c 49
- Creating a local user 52
- Getting ready 52
- How to do it… 52
- How it works… 52
- Rules/guidelines for creating and managing local users 53
- There's more… 53
- How to create a local user using OEM 12c 53
- Creating a common role 54
- Getting ready 55
- How to do it… 55
- How it works… 55
- There's more… 56
- How to create a common role using OEM 12c 57
- Creating a local role 58
- Getting ready 58
- How to do it… 59
- How it works… 59
- There's more… 60
- How to create a local role using OEM 12c 60
- Granting privileges and roles commonly 60
- Getting ready 60
- How to do it… 61
- How it works… 62
- Granting privileges and roles locally 65
- Getting ready 66
- How to do it… 66
- How it works… 67
- Effects of plugging/unplugging operations on users, roles, and
- privileges 67
- Getting ready 68
- How to do it… 68
- How it works… 69
- Chapter 3: PL/SQL Security 71
- Introduction 71
- Creating and using definer's rights procedures 72
- Getting ready 72
- How to do it… 72
- How it works… 74
- Creating and using invoker's right procedures 74
- Getting ready 74
- How to do it… 75
- How it works… 76
- There's more… 77
- Using span /code-based access control/span 82
- Getting ready 82
- How to do it… 82
- How it works… 84
- There's more… 84
- Restricting access to program units by using span /accessible by/span 86
- Getting ready 86
- How to do it… 86
- How it works… 88
- Chapter 4: Virtual Private Database 89
- Introduction 89
- Creating different policy functions 92
- Getting ready 92
- How to do it… 93
- How it works… 97
- There's more… 98
- See also 99
- Creating Oracle Virtual Private Database row-level policies 99
- Getting ready 99
- How to do it… 100
- There's more… 102
- See also 102
- Creating column-level policies 103
- Getting ready 103
- How to do it… 103
- How it works… 106
- Creating a driving context 106
- Getting ready 106
- How to do it… 107
- Creating policy groups 107
- Getting ready 107
- How to do it… 108
- Setting context as a driving context 108
- Getting ready 108
- How to do it… 109
- Adding policy to a group 109
- Getting ready 109
- How to do it… 110
- Exempting users from VPD policies 114
- Getting ready 114
- How to do it… 115
- Chapter 5: Data Redaction 116
- Introduction 116
- Creating a redaction policy when using full redaction 119
- Getting ready 119
- How to do it… 119
- How it works… 122
- There's more… 124
- How to change the default value 125
- See also 127
- Creating a redaction policy when using partial redaction 128
- How to do it… 128
- How it works… 131
- There's more… 133
- Creating a redaction policy when using random redaction 133
- Getting ready 133
- How to do it… 134
- How it works… 136
- Creating a redaction policy when using regular expression redaction 137
- Getting ready 137
- How to do it… 137
- How it works… 140
- Using Oracle Enterprise Manager Cloud Control 12c to manage
- redaction policies 140
- Getting ready 140
- How to do it… 140
- Changing the function parameters for a specified column 150
- Getting ready 151
- How to do it… 151
- Add a column to the redaction policy 152
- Getting ready 152
- How to do it… 153
- How it works… 154
- See also 154
- Enabling, disabling, and dropping redaction policy 154
- Getting ready 154
- How to do it… 155
- See also 160
- Exempting users from data redaction policies 161
- Getting ready 161
- How to do it… 161
- How it works… 162
- Chapter 6: Transparent Sensitive Data Protection 163
- Introduction 163
- Creating a sensitive type 164
- Getting ready 165
- How to do it… 165
- How it works… 165
- There's more… 166
- Determining sensitive columns 166
- Getting ready 166
- How to do it… 167
- How it works… 168
- Creating transparent sensitive data protection policy 168
- Getting ready 169
- How to do it… 169
- How it works… 169
- See also 169
- Associating transparent sensitive data protection policy with sensitive
- type 170
- Getting ready 170
- How to do it… 170
- There's more… 171
- See also 171
- Enabling, disabling, and dropping policy 171
- Getting ready 171
- How to do it… 171
- How it works… 176
- There's more… 176
- Altering transparent sensitive data protection policy 177
- Getting ready 177
- How to do it… 177
- How it works… 179
- See also 180
- Chapter 7: Privilege Analysis 181
- Introduction 181
- Creating database analysis policy 183
- Getting ready 183
- How to do it… 183
- How it works… 184
- There's more… 184
- See also 186
- Creating role analysis policy 187
- Getting ready 187
- How to do it… 187
- There's more… 188
- See also 189
- Creating context analysis policy 189
- Getting ready 189
- How to do it… 190
- There's more… 190
- See also 193
- Creating combined analysis policy 193
- Getting ready 193
- How to do it… 194
- There's more… 194
- See also 196
- Starting and stopping privilege analysis 196
- Getting ready 196
- How to do it… 197
- How it works… 199
- There's more… 200
- Reporting on used system privileges 204
- Getting ready 205
- How to do it… 205
- There's more… 206
- Reporting on used object privileges 207
- Getting ready 207
- How to do it… 207
- There's more… 208
- Reporting on unused system privileges 209
- Getting ready 209
- How to do it… 209
- There's more… 210
- Reporting on unused object privileges 210
- Getting ready 210
- How to do it… 210
- There's more… 211
- How to revoke unused privileges 212
- How to do it… 212
- There's more… 215
- Dropping the analysis 216
- Getting ready 216
- How to do it… 216
- There's more… 217
- Chapter 8: Transparent Data Encryption 218
- Introduction 218
- Configuring keystore location in sqlnet.ora 221
- How to do it… 222
- Creating and opening the keystore 222
- Getting ready 223
- How to do it… 223
- How it works… 224
- There's more… 224
- Setting master encryption key in software keystore 225
- Getting ready 225
- How to do it… 225
- There's more… 226
- See also 226
- Column encryption – adding new encrypted column to table 227
- Getting ready 227
- How to do it… 227
- Column encryption – creating new table that has encrypted column(s) 228
- Getting ready 228
- How to do it… 228
- Using salt and MAC 230
- Getting ready 230
- How to do it… 230
- How it works… 231
- There's more… 231
- Column encryption – encrypting existing column 233
- Getting ready 233
- How to do it… 233
- There's more… 234
- Auto-login keystore 235
- Getting ready 235
- How to do it… 235
- How it works… 236
- Encrypting tablespace 236
- Getting ready 236
- How to do it… 236
- How it works… 237
- There's more… 238
- Rekeying 238
- Getting ready 238
- How to do it… 238
- How it works… 239
- Backup and Recovery 240
- How to do it… 240
- There's more… 241
- Chapter 9: Database Vault 242
- Introduction 242
- Registering Database Vault 243
- Getting ready 243
- How to do it… 244
- How it works… 245
- There's more… 245
- See also 246
- Preventing users from exercising system privileges on schema
- objects 246
- Getting ready 246
- How to do it… 247
- There's more… 254
- See also 256
- Securing roles 256
- Getting ready 256
- How to do it… 256
- There's more… 260
- See also 261
- Preventing users from executing specific command on specific object 262
- How to do it… 262
- How it works… 263
- Creating a rule set 264
- Getting ready 264
- How to do it… 264
- There's more… 267
- Creating a secure application role 268
- How to do it… 268
- There's more… 270
- See also 272
- Using Database Vault to implement that administrators cannot view
- data 272
- How to do it… 272
- There's more… 275
- Running Oracle Database Vault reports 277
- How to do it… 278
- Disabling Database Vault 280
- How to do it… 280
- Re-enabling Database Vault 281
- How to do it… 282
- Chapter 10: Unified Auditing 284
- Introduction 284
- Enabling Unified Auditing mode 286
- Getting ready 286
- How to do it… 286
- How it works… 287
- Predefined unified audit policies 288
- There's more… 289
- See also 289
- Configuring whether loss of audit data is acceptable 289
- Getting ready 290
- How to do it… 290
- How it works… 291
- Which roles do you need to have to be able to create audit policies
- and to view audit data? 291
- Getting ready 291
- How to do it… 291
- How it works… 292
- There's more… 293
- Auditing RMAN operations 295
- Getting ready 295
- How to do it… 295
- How it works… 297
- See also 297
- Auditing Data Pump operations 298
- Getting ready 298
- How to do it… 298
- See also 299
- Auditing Database Vault operations 299
- Getting ready 299
- How to do it… 299
- How it works… 300
- There's more… 300
- See also 300
- Creating audit policies to audit privileges, actions and roles under
- specified conditions 301
- Getting ready 301
- How to do it… 301
- How it works… 302
- See also 303
- Enabling audit policy 303
- Getting ready 303
- How to do it… 304
- How it works… 304
- Finding information about audit policies and audited data 305
- Getting ready 305
- How to do it… 305
- Auditing application contexts 307
- Getting ready 307
- How to do it… 307
- How it works… 308
- There's more… 308
- See also 309
- Purging audit trail 309
- Getting ready 309
- How to do it… 309
- How it works… 310
- There's more… 310
- Disabling and dropping audit policies 310
- Getting ready 310
- How to do it… 310
- How it works… 311
- See also 311
- Chapter 11: Additional Topics 312
- Introduction 312
- Exporting data using Oracle Data Pump in Oracle Database Vault
- environment 312
- Getting ready 313
- How to do it… 314
- How it works… 316
- There's more… 317
- See also 317
- Creating factors in Oracle Database Vault 317
- Getting ready 318
- How to do it… 319
- How it works… 332
- There's more… 333
- See also 334
- Using TDE in a multitenant environment 334
- Getting ready 335
- How to do it… 335
- How it works… 342
- See also 342
- Chapter 12: Appendix – Application Contexts 343
- Introduction 343
- Exploring and using built-in contexts 344
- Getting ready 344
- How to do it… 345
- How it works… 346
- There's more… 347
- See also 347
- Creating an application context 348
- Getting ready 348
- How to do it… 348
- How it works… 349
- Setting application context attributes 349
- Getting ready 349
- How to do it… 349
- How it works… 351
- There's more… 351
- See also 351
- Using an application context 351
- Getting ready 352
- How to do it… 352
- How it works… 353
- See also 353
- Index 354
