Download - Clase 18 privilegios modificada
![Page 1: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/1.jpg)
Managing Privileges
![Page 2: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/2.jpg)
ObjectivesAfter completing this lesson, you should be able todo the following:• Identify system and object privileges• Grant and revoke privileges• Control operating system or password file authentication• Identify auditing capabilities
![Page 3: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/3.jpg)
Managing Privileges
Two types of privileges: • System: Enables users to perform particular actions in the
database• Object: Enables users to access and manipulate a specific
object
![Page 4: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/4.jpg)
System Privileges
• There are about 126 system privileges.• The ANY keyword in the privileges signifies that users have
the privilege in every schema.• The GRANT command adds a privilege to a user or a group
of users. • The REVOKE command deletes the privileges.
![Page 5: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/5.jpg)
System Privileges: ExamplesCategory Examples
INDEX CREATE ANY INDEXALTER ANY INDEXDROP ANY INDEX
TABLE CREATE TABLECREATE ANY TABLEALTER ANY TABLEDROP ANY TABLESELECT ANY TABLEUPDATE ANY TABLEDELETE ANY TABLE
SESSIONCREATE SESSIONALTER SESSIONRESTRICTED SESSION
TABLESPACE CREATE TABLESPACEALTER TABLESPACEDROP TABLESPACEUNLIMITED TABLESPACE
![Page 6: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/6.jpg)
Granting System Privileges
GRANT CREATE SESSION, CREATE TABLE TO managers;
GRANT CREATE SESSION TO scott WITH ADMIN OPTION;
![Page 7: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/7.jpg)
SYSDBA and SYSOPERPrivileges
Category Examples
SYSOPER STARTUPSHUTDOWN
ALTER DATABASE OPEN | MOUNT ALTER DATABASE BACKUP CONTROLFILE
ALTER TABLESPACE BEGIN/END BACKUP RECOVER DATABASEALTER DATABASE ARCHIVELOGRESTRICTED SESSION
SYSDBA SYSOPER privileges WITH ADMIN OPTIONCREATE DATABASERECOVER DATABASE UNTIL
![Page 8: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/8.jpg)
Password File Authentication
1. Check that the password file has been created; if not, create it using ORAPWD.
2. Check that the initialization parameter REMOTE_LOGIN_PASSWORD_FILE has been set to EXCLUSIVE.
3. Grant SYSOPER and SYSDBA privileges to users.4. Query V$PWFILE_USERS to verify the password file
members.
![Page 9: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/9.jpg)
Displaying System Privileges
DBA_SYS_PRIVS• GRANTEE• PRIVILEGE• ADMIN OPTION
SESSION_PRIVS• PRIVILEGE
Database Level Session Level
![Page 10: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/10.jpg)
System Privilege Restrictions
O7_DICTIONARY_ACCESSIBILITY = TRUE• Reverts to Oracle7 behavior• Removes the restrictions on system
privileges with the ANY keyword• Defaults to TRUE
![Page 11: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/11.jpg)
Revoking System Privileges
REVOKE CREATE TABLE FROM karen;
REVOKE CREATE SESSION FROM scott;
![Page 12: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/12.jpg)
KAREN SCOTT
Revoking System Privileges Using WITH ADMIN OPTION
DBA
GRANT
REVOKE
KAREN SCOTT
DBA
![Page 13: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/13.jpg)
RESULT
Revoking System Privileges Using WITH ADMIN OPTION
DBA KAREN SCOTT
![Page 14: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/14.jpg)
Object PrivilegesObject priv. Table View SequenceProcedure
ALTER Ö Ö
DELETE Ö Ö
EXECUTE Ö
INDEX Ö
INSERT Ö Ö
REFERENCES Ö
SELECT Ö Ö Ö
UPDATE Ö Ö
![Page 15: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/15.jpg)
Granting Object Privileges
GRANT EXECUTE ON dbms_pipe TO public;
GRANT UPDATE(first_name, salary) ON employee TO karen WITH GRANT OPTION;
![Page 16: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/16.jpg)
DBA_TAB_PRIVS
Displaying Object Privileges
DBA_COL_PRIVS
GRANTEEOWNERTABLE_NAMEGRANTORPRIVILEGEGRANTABLE
GRANTEEOWNERTABLE_NAMECOLUMN_NAME GRANTORPRIVILEGEGRANTABLE
![Page 17: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/17.jpg)
Revoking Object Privileges
REVOKE execute ON dbms_pipe FROM scott;
![Page 18: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/18.jpg)
GRANT
REVOKE
Revoking Object Privileges Using WITH GRANT OPTION
SCOTT
SCOTT
USER 1
USER 1
USER 2
USER 2
![Page 19: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/19.jpg)
RESULT
Revoking Object Privileges Using WITH GRANT OPTION
SCOTT USER 1 USER 2
![Page 20: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/20.jpg)
Auditing Guidelines
• Define your purpose of auditing– Suspicious database activity– Gather historical information
• Define what you want to audit– Audit users, statements, or objects– By session– Successful or unsuccessful
• Manage your audit trail– Monitor the growth of the audit trail– Protect the audit trail from unauthorized access
![Page 21: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/21.jpg)
Auditing Categories
• Auditing privileged operations– Always audited– Startup, shutdown, and SYSDBA connections
• Database auditing– Enabled by DBA– Cannot record column values
• Value-based or application auditing– Implemented through code – Can record column values– Used to track changes to tables
![Page 22: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/22.jpg)
Database Auditing
Audit trail
Audit options
Parameter file
Enable database auditing
DBA
Specify audit options
Database
User
Execute command
Generate audit trail
Review audit information
Serverprocess
OS audit trail
![Page 23: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/23.jpg)
Enabling Auditing Options• Statement auditing
• Privilege auditing
• Schema object auditing
AUDIT select any tableBY summit BY ACCESS;
AUDIT user;
AUDIT LOCK ON summit.employeeBY ACCESS WHENEVER SUCCESSFUL;
![Page 24: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/24.jpg)
Data Dictionary View
ALL_DEF_AUDIT_OPTS
DBA_STMT_AUDIT_OPTS
DBA_PRIV_AUDIT_OPTS
DBA_OBJ_AUDIT_OPTS
Description
Default audit options
Statement auditing options
Privilege auditing options
Schema object auditing options
Viewing Auditing Options
![Page 25: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/25.jpg)
Audit Trail View
DBA_AUDIT_TRAIL
DBA_AUDIT_EXISTS
DBA_AUDIT_OBJECT
DBA_AUDIT_SESSION
DBA_AUDIT_STATEMENT
Description
All audit trail entries
Records for AUDIT EXISTS/NOT EXISTS
Records concerning schema objects
All connect and disconnect entries
Statement auditing records
Viewing Auditing Results
![Page 26: Clase 18 privilegios modificada](https://reader036.vdocuments.net/reader036/viewer/2022062522/58ae1f4e1a28ab7e4a8b5791/html5/thumbnails/26.jpg)
Summary
In this lesson, you should have learned how to:• Control system and object privileges• Use database auditing