Database Reference
In-Depth Information
Database vault allows you to configure separate realms for different security
classifications. You can also restrict the privileges of administrators within their
realm. Backup and recovery, performance turning, and high availability are all part
of the job description of a DBA. However, the ability to view sensitive application
data is beyond what is needed for that job. Database vault splits up the duties
into three:
Role
Privileges
Account Management
Create, drop, or modify database users
Security Administrator
Set up database vault realms, command rules,
and authorizing authorize accounts to them
Resource Administration
Normal backup and maintenance activities
O
racle Database Vault prevents the DBA from accessing the schemas that are
protected by the realm. Although the DBA is the most powerful and trusted user,
he/she does not need access to application data residing within the database.
Protecting database objects with realms and rules
Oracle Database Vault uses realms to set up boundaries around a set of objects in
specific schemas; specific conditions must be met to access data protected by those
boundaries. Realms specify a set of conditions that must be met before a given
command can be executed on a set of database objects.
This provides very granular control over what can be done to certain objects, and by
whom. You can define rules to restrict access based on business-specific factors such
as data access connections from a particular database, from a particular machine,
and from specific IP addresses. You can also specify the time of day or authentication
modes for data access.
Preseeded realms for the E-Business Suite
Oracle delivers a set of preseeded Database Vault Realms for your E-Business Suite
Release 11
i
environment via the following patch:
Oracle E-Business Suite Release 11
i
Realm Creation Patch (Patch 5999012).
This patch contains the master
fnddvebs.sql
script. The
fnddbvebs.sql
script
creates realms around Oracle E-Business Suite 11
i
product schemas and gives
authorization only to those users required to allow the Oracle E-Business Suite
to function normally.
Search WWH ::
Custom Search