Database Reference
In-Depth Information
osadmin
This is another pseudonym for any operating system username on
your system, in particular one who will be responsible for managing
Oracle connection strings for applications.
SQL*Plus, SQL Developer, JDeveloper, or TOAD
I am going to assume that, if you are reading this, you are already doing some work as an Oracle
developer. I'm going to further assume that you have some tool for submitting commands on an Oracle
database, such as the prompt in SQL*Plus or the editor in TOAD, SQL Developer, or JDeveloper.
SQL*Plus comes with Oracle, so if you don't have one of the other tools, you still have SQL*Plus. That is
all you need to do the tasks outlined in this topic.
Note
Some of these tools are more sensitive than others to multi-line commands. They may require a slash
character (/) on the line following a multi-line command.
Many of the SQL script files included in the source code for this topic will need specific values
edited, to be unique to your computer and corporate or home environment. Those values are listed at
the top of the SQL files. After editing as appropriate, most of the SQL files can be executed as scripts; just
be sure you are connected as the appropriate Oracle user.
Organization of the Next Few Sections
I want to make the process of working through this material as easy as possible for you. Toward that end,
I have separated into sections the tasks and concerns of each of three users:
SYS
(the database
administrator), the security administrator that we will be creating here, and the
HR
(human resource)
schema owner.
For the most part,
SYS
as the database administrator could do all these tasks, but it is my intent to
demonstrate security with delegation. We will have each of these users accomplish the tasks that are
specific to their delegated responsibility. The commands to be executed by each of these users are
consolidated into a single script file per user, and it is possible for us to focus on tasks and concerns of
each of those users in turn, one at a time.
Each of these users must address a number of diverse topics, all related to security. These concerns
are addressed in the order in which they are needed as we work toward the goals of this text. We will
continue to build on all the topics I introduce here throughout this topic.
You should have access to the code as we progress through this material. If you are reading this
away from your computer, I hope to have provided enough of the code right in the text for you to
completely understand the discussion. However, it is also my intention that you implement this code,
and that this text will guide your understanding of what is occurring at each juncture.
When you work through the code, you will find that the best way to execute the commands in the
various script files is to copy the file contents to a SQL command editor like TOAD or JDeveloper, and to
execute one command at a time. That is preferred over executing the entire code as a script, because you
will see each command as it gets executed. Remember, the goal is to understand secure programming,
not just to implement security software.
