Lesson 7 | Using Security Manager |
Objective | Use Security Manager to view information about users and roles |
Security Manager's functionality
Question: Which components have changed in Oracle Security Manager from Oracle 9i to Oracle 12c?
Oracle has always placed a significant emphasis on security, and as a result, its security features and components have continuously evolved from one version to another. From Oracle 9i to Oracle 12c, Oracle Security Manager underwent several changes, both in terms of enhancements to existing components and the introduction of new features. Let's examine the evolution of Oracle Security Manager from Oracle 9i to Oracle 12c:
- Unified Auditing:
- Oracle 9i: Traditional auditing mechanisms were present.
- Oracle 12c: Introduced Unified Auditing, which consolidates all auditing into a single framework, allowing for more efficient and holistic auditing capabilities.
- Transparent Data Encryption (TDE):
- Oracle 9i: No native support for transparent data encryption.
- Oracle 12c: Enhanced TDE capabilities, allowing tablespace-level encryption and hardware security module (HSM) support for storing encryption keys.
- Data Redaction:
- Oracle 9i: This feature was not available.
- Oracle 12c: Introduced Data Redaction, enabling the masking of sensitive data when queried, but retaining the actual data in the database.
- Privilege Analysis:
- Oracle 9i: No specific feature for analyzing the usage of privileges.
- Oracle 12c: Introduced Privilege Analysis, allowing database administrators to capture and analyze granted privileges that are actually being used, assisting in the implementation of the principle of least privilege.
- Virtual Private Database (VPD) and Fine-Grained Access Control:
- Oracle 9i: Introduced VPD, which allows security policies to be attached to tables and views.
- Oracle 12c: Enhanced with more granular controls and easier administration, providing more flexibility in defining security policies.
- Administrative Privileges:
- Oracle 9i: More general roles such as SYSDBA and SYSOPER.
- Oracle 12c: Introduced more granular administrative privileges like SYSBACKUP, SYSDG, and SYSKM, enabling administrators to have only the necessary privileges for specific tasks.
- SQL*Net Encryption and Checksumming:
- Oracle 9i: Basic encryption capabilities for network traffic.
- Oracle 12c: Enhanced security for network communication, including better algorithms and easier setup.
- Role-Based Access Control (RBAC):
- Oracle 9i: Basic role-based capabilities were present.
- Oracle 12c: RBAC was enhanced to offer a more layered and modular approach to managing user access, making user management more efficient and secure.
- Real Application Security (RAS):
- Oracle 9i: No such feature existed.
- Oracle 12c: Introduced RAS, a declarative model for application security, providing a finer level of access controls on application data.
- Conditionally Auditing Policies:
- Oracle 9i: Basic auditing capabilities were present.
- Oracle 12c: Introduced the ability to conditionally trigger audit policies based on factors like IP address, program name, and more.
In summation, the journey from Oracle 9i to Oracle 12c witnessed the inception of several cutting-edge security components and substantial enhancements to existing ones. Oracle 12c epitomizes a more mature, comprehensive, and refined security management system, fortifying databases against evolving security threats and challenges.
Security Manager might be better named User Manager, because it allows you to create, modify, and delete database users.A large part of managing users involves managing the privileges and roles that you grant them. Hence, the name Security Manager. You use Security Manager to perform the following tasks:
- Creating users
- Granting privileges to users
- Granting roles to users
- Adding new roles to the database
Go through the following simulation to explore the Security Manager interface.
Exploring Security Manager
Exploring Security Manager
- You need to log into a database. Enter
system
in the Username field and press Tab to advance to the password field. Type dogtoad
in the Password field and press Tab to advance to the service field. Next, tell Enterprise Manager
which database you want to connect to. Type coin
in the Service field and click the OK button.
- This is the opening screen that you will see after connecting to the database. From here, you can click either Users or Roles in the left pane to see information about that item. You can expand the Roles item by clicking the + next to it. Click the close box in the upper right corner to exit.
- A list of database users is displayed on the right-hand side of the screen. From here, you can click any of the items in the left pane to see information about that item. You can expand the Roles item by clicking the + next to it. Click the close box in the upper right corner to exit.
- A list of database roles is displayed. From here, you can click either Roles or Users in the left pane to see information about that item. You can expand the Roles item by clicking the + next to it. Click the close box in the upper right corner to exit.
- A list of database roles is displayed in the left-hand portion of the window. Click on Users, Roles, or DBA in the left paneto view more information. Click the close box in the upper right corner to exit.
- Clicking the DBA role causes the definition for that role to be displayed on the right-hand side of the screen. The definition is broken up into four areas: General, Role, System Privileges, and Object Privileges. Each area has its own tab. From here, you can click Users or Roles in the left pane to see information about that item. You can close the Roles folder by clicking the - next to it. You can also click the tabs at the top of the right-hand pane. Click the close box in the upper right corner to exit.
- A list of system privileges that have been granted to the role is displayed. From here, you can click Users or Roles in the left pane to see information about that item. You can close the Roles folder by clicking the - next to it. You can also click the DBA role in order to see detailed information about that role. Click the close box in the upper right corner to
exit.
- The Role s tab shows a list of roles that have been granted to the DBA role. From here, you can click Users or Roles in the left pane to see information about that item. You can close the Roles folder by clicking the - next to it. You can also click any of the tabs at the top of the right-hand pane. Click the close box in the upper right corner to exit.
- The object privileges tab lists any object privileges that have been granted to the role. From here, you can click the Users or Roles folders in the left pane to see information about that item. You can close the Roles folder by clicking the - next
to it. You can also click any of the tabs at the top of the right-hand pane. Click the close box in the upper right corner or the exit button to end this simulation.
Module Functionality - Quiz