Database Reference
In-Depth Information
Administrators needing to apply patches have had to be able to turn off DBV protection as part of the patch
process. A new feature in 12c is the
Mandatory Realm,
which is more highly protected, from even the object owner,
so that application support can be carried out while still keeping sensitive data confidential. This is helpful when
a human has to log on as the application account to service the application. Within banking systems there are
application accounts that have zero human interaction and the account password is not known by any human, so this
feature does have a market. The obvious concern is to not paint our system into a corner where the data is lost, so the
backup scenario for DBV will be crucial when these new features are being used.
Database Application Security Architecture
The feature that addresses database application security architecture is called Real Application Security (RAS). RAS
is designed to prevent the bypassing of application access controls when an application user connects directly to
the database. The additional security is applied to the application account at the database level. These extra security
controls include:
Controlled delegation -
so that a privilege can be passed on without it then being
re-delegated
Effective date support -
time-limited privileges
Negative grants -
remove a specific access from a superset of privileges like DENY
in MSSQL
Code-based security -
batch programs that are allowed and can run with higher privilege
(due to non-human usage)
The above controls require enabling, have a performance hit, and are not being widely used at this point, to my
knowledge.
However, “Definer's Roles” is a related new feature in 12c that is genuinely ground-breaking and is included free
with the database. I will discuss that feature next, as I am sure that most Oracle technologists will want to use it.
Definer's Roles
Definer's roles is the ability to grant roles to program units, which will then inherit the privileges of that role through
definer's rights. Previously, a schema owner was not able to allow its program units to access privileges contained
within roles assigned to the schema owner.
GRANT clerk_admin TO procedure psmith.checkstats_proc;
This ability to grant a role to a procedure should remove the need for public privileges in Oracle. Public was the
only “role” that could be used to grant privileges en masse to stored procedures indirectly. I will discuss this in the
next chapter regarding general security design in the Oracle DB, as it is a big subject requiring testing and discussion.
SELECT ANY DICTIONARY Privilege
In 12c the
SELECT ANY DICTIONARY
privilege has been restricted by omitting some extra tables, namely:
DEFAULT_PWD$, ENC$, USER$, XS$VERIFIER LINK$ and USER_HISTORY$,
