Downloaded 23 times
Uploaded byIDERA Software
Geek Sync | Understanding Oracle Database Security
This document discusses security options in Oracle Database. It covers topics like database architecture and how it impacts security options, users, roles and grants for authorization, advanced user options like profiles, resource groups for managing resource usage, auditing, and virtual private databases for fine-grained access control. The presenter demonstrates some of these security features using the DBArtisan tool from IDERA.
More Related Content
Similar to Geek Sync | Understanding Oracle Database Security
![Vibe Coding vs. Spec-Driven Development [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/vibecodingvsspecdrivendevelopment-251209105622-43f455e7-thumbnail.jpg?width=640&height=640&fit=bounds)
Geek Sync | Understanding Oracle Database Security
- 1.
- 2. Released Aug 2015 About thePresenter
- 3. Agenda / Topics AdvancedUser Options Architecture = Options Users, Roles & Grants Resource Groups 3 1 2 4 Auditing & Virtual Private DBs5
- 4. Architecture = Options Thebasic database architecture may well define options & limits
- 5. Database #1 Schema #1 Database#2 Processes Memory Instance #1 Processes Memory Instance #2 Database #1 Database #2 Single Instance / Server Processes Memory Instance #1 Processes Memory Instance #2 Schema #2 Schema #1 Schema #2 Multi Instances / Server Processes Memory Instance #1 Database #1 Schema #1 Schema #2 Single Instance / Multi Schemas Traditional Choices
- 6. Processes Memory Instance #1 Pluggable DBs+ VPN Modern Choices Processes Memory Instance #1 Database #1 Virtual Private Database (VPD) Schema Database #1 Database #2 Schema #1 Processes Memory Instance #1 Multi-Tenant / Pluggable DBs Database #1 Database #2 Schema #1 Schema #2 Schema
- 7. Virtualization No Different Youmay think VMs complicate things, but… • VM vs. physical server, really just same diagrams • VM flexible resource allocation & higher utilization • OS and DB security remains essentially unchanged • OS and DB monitoring slightly different (need tools) • Becoming more common, and almost the standard • SQL Server DBAs virtualized much sooner and more prolifically in the past, we’re just now catching up
- 8. Users, Roles &Grants Similar to diamonds, security has many facets; start first at Authorization
- 9. Authorization is Paramount Oracleoffers numerous security options. The key and first line of defense is controlling data access
- 10. Roles Offer Manageability Authorizationis a simple concept, but also complex…
- 11. Role Hierarchies No reallimit, but one level probably too simplistic
- 12. Make Your OwnRoles! Oracle Docs: https://stage.toadworld.com/platforms/oracle/b/weblog/archive/2013/08/12/common-oracle-security-connection-mistakes Pet peeve: quit being lazy and using 3 old roles
- 13. Advanced User Options There’s moreto an Oracle database user than meets the eye
- 14. Create Role &Grants
- 15.
- 16. Create Profile Often overlooked,profiles have a lot to offer…
- 17. Create User &Grants Now bring it all together. But there’s lots more…
- 18. Resource Groups Not securityper se, however, managing resource usage is always a good idea
- 19. Allocate Resources Fairly Development ResourcePlan Production Resource Plan 1st Dev Proj Resource Group Bus Users Resource Group 2nd Dev Proj Resource Group Developers Resource Group 50% CPU 50% CPU 70% CPU 30% CPU Prevent or minimize the effects of certain DoS (Denial of Service) type attacks against your DB
- 20. Hierarchies Once Again Development ResourcePlan 1st Dev Proj Resource Plan 2nd Dev Proj Resource Group 50% CPU 50% CPU Proj 1 Senior PLSQL Dev Group Proj 1 Junior PLSQL Dev Group 70% CPU 30% CPU
- 21. Complex To Define(Not SQL)
- 22. Auditing & VPDs Trackingaccess and limiting access based upon user criteria
- 23. Old Style Auditing(pre-12c) Must bounce database to enable!
- 24.
- 25.
- 26. Fine Grain AccessControl Yet another example of how features aren’t SQL commands but calls to complex PL/SQL APIs (called by OEM for you)
- 27. There’s much more! Oracleoffers numerous security options. Many are $$ enterprise edition options in price list
- 28. Demo Time I willdemonstrate some of these security topics using IDERA’s DBArtisan multi-platform DBA tool
- 29. Thank You Slideswill be posted on the IDERA community My Contact Info [email protected] [email protected] My Web Sites www.bertscalzo.com http://www.toadworld.com/members/bert_5f00_scalzo/blogs https://www.linkedin.com/in/bertscalzo
- 30. Download DBArtisan 14-day freetrial on IDERA.com