Table of Contents
- List of Tables
- Title and Copyright Information
- Preface
- Changes in This Release for Oracle Database 2 Day + Security Guide
- 1 Introduction to Oracle Database Security
- 2
Securing the Database Installation and Configuration
- 2.1 About Securing the Database Installation and Configuration
- 2.2 Securing Access to the Oracle Database Installation
- 2.3 Security for the Network
- 2.4 Securing User Accounts
- 3
Managing User Privileges
- 3.1 About Privilege Management
- 3.2 When to Grant Privileges to Users
- 3.3 When to Grant Roles to Users
- 3.4
Controlling Access to Applications with Secure Application Roles
- 3.4.1 About Secure Application Roles
- 3.4.2
Tutorial: Creating a Secure Application Role
- 3.4.2.1 Step 1: Create User Accounts for This Tutorial
- 3.4.2.2 Step 2: Create a Security Administrator Account
- 3.4.2.3 Step 3: Create a Lookup View
- 3.4.2.4 Step 4: Create the PL/SQL Procedure to Set the Secure Application Role
- 3.4.2.5 Step 5: Create the Secure Application Role
- 3.4.2.6 Step 6: Grant SELECT for the EMP_ROLE Role to the OE.ORDERS Table
- 3.4.2.7 Step 7: Grant the EXECUTE Privilege for the Procedure to Matthew and Winston
- 3.4.2.8 Step 8: Test the EMP_ROLE Secure Application Role
- 3.4.2.9 Step 9: Optionally, Remove the Components for This Tutorial
- 3.5 Initialization Parameters Used for Privilege Security
- 4
Encrypting Data with Oracle Transparent Data Encryption
- 4.1 About Encrypting Sensitive Data
- 4.2 When Should You Encrypt Data?
- 4.3 How Transparent Data Encryption Works
- 4.4 Configuring Data to Use Transparent Data Encryption
- 4.5
Checking Existing Encrypted Data
- 4.5.1 Finding the Type of Keystore That Was Created
- 4.5.2 Finding the Keystore Location
- 4.5.3 Checking Whether a Keystore Is Open or Closed
- 4.5.4 Checking Encrypted Columns of an Individual Table
- 4.5.5 Checking All Encrypted Table Columns in the Current Database Instance
- 4.5.6 Data Dictionary Views for Checking Encrypted Tablespaces
- 5
Controlling Access with Oracle Database Vault
- 5.1 About Oracle Database Vault
- 5.2
Tutorial: Controlling Administrator Access to a User Schema
- 5.2.1 Step 1: Enable Oracle Database Vault
- 5.2.2 Step 2: Grant SELECT on the OE.CUSTOMERS Table to User SCOTT
- 5.2.3 Step 3: Select from the OE.CUSTOMERS Table as Users SYS and SCOTT
- 5.2.4 Step 4: Create a Realm to Protect the OE.CUSTOMERS Table
- 5.2.5 Step 5: Test the OE Protections Realm
- 5.2.6 Step 6: Optionally, Remove the Components for This Tutorial
- 6
Restricting Access with Oracle Virtual Private Database
- 6.1 About Oracle Virtual Private Database
- 6.2
Tutorial: Limiting Access to Data Based on the Querying User
- 6.2.1 About Limiting Access to Data Based on the Querying User
- 6.2.2 Step 1: Create User Accounts for This Tutorial
- 6.2.3 Step 2: If Necessary, Create the Security Administrator Account
- 6.2.4 Step 3: Update the Security Administrator Account
- 6.2.5 Step 4: Create the F_POLICY_ORDERS Policy Function
- 6.2.6 Step 5: Create the ACCESSCONTROL_ORDERS Virtual Private Database Policy
- 6.2.7 Step 6: Test the ACCESSCONTROL_ORDERS Virtual Private Database Policy
- 6.2.8 Step 7: Optionally, Remove the Components for This Tutorial
- 7
Limiting Access to Sensitive Data Using Oracle Data Redaction
- 7.1 About Oracle Data Redaction
- 7.2
Tutorial: Redacting Data for a Select Group of Users
- 7.2.1 About Redacting Data for a Select Group of Users
- 7.2.2 Step 1: Create User Accounts and Grant Them the Necessary Privileges
- 7.2.3 Step 2: Create and Populate the SALES_OPPS Sales Opportunities Table
- 7.2.4 Step 3: Create the SALES_OPPS_POL Oracle Data Redaction Policy
- 7.2.5 Step 4: Test the SALES_OPPS_POL Oracle Data Redaction Policy
- 7.2.6 Step 5: Optionally, Remove the Components for This Tutorial
- 8
Enforcing Row-Level Security with Oracle Label Security
- 8.1 About Oracle Label Security
- 8.2 Virtual Private Database, Oracle Label Security, and Data Redaction Differences
- 8.3 Guidelines for Planning an Oracle Label Security Policy
- 8.4
Tutorial: Creating Levels of Access to Table Data Based on the User
- 8.4.1 About Creating Levels of Access to Table Data Based on the User
- 8.4.2 Step 1: Enable Oracle Label Security
- 8.4.3 Step 2: Enable the LBACSYS Account
- 8.4.4 Step 3: Create a Role and Three Users for the Oracle Label Security Tutorial
- 8.4.5 Step 4: Create the ACCESS_LOCATIONS Oracle Label Security Policy
- 8.4.6 Step 5: Define the ACCESS_LOCATIONS Policy-Level Components
- 8.4.7 Step 6: Create the ACCESS_LOCATIONS Policy Data Labels
- 8.4.8 Step 7: Create the ACCESS_LOCATIONS Policy User Authorizations
- 8.4.9 Step 8: Apply the ACCESS_LOCATIONS Policy to the HR.LOCATIONS Table
- 8.4.10 Step 9: Add the ACCESS_LOCATIONS Labels to the HR.LOCATIONS Data
- 8.4.11 Step 10: Test the ACCESS_LOCATIONS Policy
- 8.4.12 Step 11: Optionally, Remove the Components for This Tutorial
- 9
Auditing Database Activity
- 9.1 About Auditing
- 9.2 Why Is Auditing Used?
- 9.3
Tutorial: Creating a Unified Audit Policy
- 9.3.1 Step 1: If Necessary, Enable Unified Auditing
- 9.3.2 Step 2: Grant the SEC_ADMIN User the AUDIT_ADMIN Role
- 9.3.3 Step 3: Create and Enable a Unified Audit Policy
- 9.3.4 Step 4: Test the Unified Audit Policy
- 9.3.5 Step 5: Optionally, Remove the Components for This Tutorial
- 9.3.6 Step 6: Optionally, Remove the SEC_ADMIN Security Administrator Account
- Index