module owb security
TRANSCRIPT
All information Copyright Bayon Technologies, Inc.
OWB Security
Non-OWB, schema-schema, design, runtime, external
All information Copyright Bayon Technologies, Inc.
Need for Security
Some OWB accounts can gain access as “oracle” to OS
AuditingThink Sarbanes-OxleyWho changed the ETL that defines “profit”?
Data Warehouse is the complete, distilled enterprise
All information Copyright Bayon Technologies, Inc.
Non-OWB specific
Good Passwords Network Restrictions
Listener RestrictionsFirewall
Oracle Security FeaturesFine Grained AuditingVirtual Private Database (marts)
All information Copyright Bayon Technologies, Inc.
Straight Forward OWB-specific
RECOMMENDATIONS
Administrator should register locations Registered source systems should get
“limited” access to source systems
All information Copyright Bayon Technologies, Inc.
Design Repository
Use users instead of repository account
WBSecurityHelper.registerOWBUser (’username’)
All information Copyright Bayon Technologies, Inc.
Runtime Security
The following accounts are granted “EXECUTE ANY PROCEDURE”OWB Runtime Repository OwnerOWF Target
Target to Target permissions should be defined at the object levelExercise on this
All information Copyright Bayon Technologies, Inc.
Provided Security Frameworks
Frozen Project Framework Implements a framework for freezing projects
by a lookup table Development Cycle
Administrators All PermissionsDevelopers, QA, Sustaining AdministratorsUses the “unused” Development Status
All information Copyright Bayon Technologies, Inc.
OWB PL/SQL Security Framework
Replace “DUMMY” PL/SQL package Implement PL/SQL procedures defined
isSecurityServiceCustomized, securityCheckForCreation, securityCheck, securityCheckForService
Blank Check
All information Copyright Bayon Technologies, Inc.
Runtime Security (External)
run_my_owb_stuffGrant execute on …WB_R_ and WB_U_ roles granted
wrap run_my_owb_stuffOnly users X,Y,Z can execute
run_my_owb_stuff(‘MAPPING1’)-OR- function run_owb_mapping1
All information Copyright Bayon Technologies, Inc.
Questions for Discussion
You need to run mappings from Tivoli across a network that is untrusted. How would you accomplish this?
T/F: You can implement whatever security you desire.