Oracle Database 12c Security Cookbook
By Zoran Pavlović and Maja Veselica
()
About this ebook
- Explore and learn the new security features introduced in Oracle Database 12c, to successfully secure your sensitive data
- Learn how to identify which security strategy is right for your needs – and how to apply it
- Each ‘recipe’ provides you with a single step-by-step solution, making this book a vital resource, delivering Oracle support in one accessible place
This book is for DBAs, developers, and architects who are keen to learn more about security in Oracle Database 12c. This book is best suited to beginners and intermediate-level database security practitioners. Basic knowledge of Oracle Database is expected, but no prior experience of securing a database is required.
Related to Oracle Database 12c Security Cookbook
Related ebooks
Oracle Goldengate 11g Complete Cookbook Rating: 5 out of 5 stars5/5PostgreSQL 9 High Availability Cookbook Rating: 5 out of 5 stars5/5Microsoft System Center Data Protection Manager 2012 R2 Cookbook Rating: 0 out of 5 stars0 ratingsOracle WebLogic Server 12c Advanced Administration Cookbook Rating: 0 out of 5 stars0 ratingsPostgreSQL 9 Administration Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsSQL Server 2014 with PowerShell v5 Cookbook Rating: 0 out of 5 stars0 ratingsOracle 11g Anti-hacker's Cookbook Rating: 5 out of 5 stars5/5Oracle APEX Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsOracle E-Business Suite R12 Integration and OA Framework Development and Extension Cookbook Rating: 0 out of 5 stars0 ratingsOracle Database A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsOracle Exadata Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsInstant Oracle GoldenGate Rating: 0 out of 5 stars0 ratingsMigrating to the Cloud: Oracle Client/Server Modernization Rating: 0 out of 5 stars0 ratingsOracle Information Integration, Migration, and Consolidation Rating: 0 out of 5 stars0 ratingsOracle Data Guard 11gR2 Administration Beginner's Guide Rating: 0 out of 5 stars0 ratingsModern Oracle Enterprise Architecture: Discover Oracle's Hidden Gems for Next Generation Database and Application Migrations Rating: 0 out of 5 stars0 ratingsOracle GoldenGate With Microservices: Real-Time Scenarios with Oracle GoldenGate Rating: 0 out of 5 stars0 ratingsPostgreSQL High Performance Cookbook Rating: 0 out of 5 stars0 ratingsOracle Database 12c Release 2 New Features Rating: 0 out of 5 stars0 ratingsOracle Database 12c Backup and Recovery Survival Guide Rating: 5 out of 5 stars5/5Oracle Database Security Interview Questions, Answers, and Explanations: Oracle Database Security Certification Review Rating: 0 out of 5 stars0 ratingsSecuring WebLogic Server 12c Rating: 0 out of 5 stars0 ratingsOracle Database 11g - Underground Advice for Database Administrators: Beyond the basics Rating: 0 out of 5 stars0 ratingsOpenStack Networking Cookbook Rating: 0 out of 5 stars0 ratingsPractical Oracle Cloud Infrastructure: Infrastructure as a Service, Autonomous Database, Managed Kubernetes, and Serverless Rating: 0 out of 5 stars0 ratingsOracle GoldenGate 12c Implementer's Guide Rating: 0 out of 5 stars0 ratingsIntroduction to Oracle Database Administration Rating: 5 out of 5 stars5/5Oracle Database 12c Quickstart Rating: 5 out of 5 stars5/5Oracle Enterprise Manager Cloud Control 12c: Managing Data Center Chaos Rating: 0 out of 5 stars0 ratingsOracle Ultimate DBA Interview Questions Rating: 5 out of 5 stars5/5
Enterprise Applications For You
QuickBooks 2024 All-in-One For Dummies Rating: 0 out of 5 stars0 ratings50 Useful Excel Functions: Excel Essentials, #3 Rating: 5 out of 5 stars5/5Creating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5Excel : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Excel Programming: 1 Rating: 5 out of 5 stars5/5Bitcoin For Dummies Rating: 4 out of 5 stars4/5Scrivener For Dummies Rating: 4 out of 5 stars4/5Notion for Beginners: Notion for Work, Play, and Productivity Rating: 4 out of 5 stars4/5Access 2019 For Dummies Rating: 0 out of 5 stars0 ratingsExcel Formulas and Functions 2020: Excel Academy, #1 Rating: 4 out of 5 stars4/5ChatGPT Ultimate User Guide - How to Make Money Online Faster and More Precise Using AI Technology Rating: 0 out of 5 stars0 ratingsMastering QuickBooks 2020: The ultimate guide to bookkeeping and QuickBooks Online Rating: 0 out of 5 stars0 ratings101 Ready-to-Use Excel Formulas Rating: 4 out of 5 stars4/5Create Income through Self-Publishing: An Author's Approach on Generating Wealth by Self-Publishing Rating: 5 out of 5 stars5/5Excel Tips and Tricks Rating: 0 out of 5 stars0 ratingsQuickBooks 2021 For Dummies Rating: 0 out of 5 stars0 ratingsQuickBooks 2023 All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsPowerShell for SQL Server Essentials Rating: 0 out of 5 stars0 ratingsSharePoint 2016 For Dummies Rating: 5 out of 5 stars5/5Systems Thinking: Managing Chaos and Complexity: A Platform for Designing Business Architecture Rating: 4 out of 5 stars4/5Enterprise AI For Dummies Rating: 3 out of 5 stars3/5Learn Windows PowerShell in a Month of Lunches Rating: 0 out of 5 stars0 ratingsThe Ridiculously Simple Guide to Google Docs: A Practical Guide to Cloud-Based Word Processing Rating: 0 out of 5 stars0 ratingsExcel 2016 For Dummies Rating: 4 out of 5 stars4/5Essential Office 365 Third Edition: The Illustrated Guide to Using Microsoft Office Rating: 3 out of 5 stars3/5
Reviews for Oracle Database 12c Security Cookbook
0 ratings0 reviews
Book preview
Oracle Database 12c Security Cookbook - Zoran Pavlović
Table of Contents
Oracle Database 12c Security Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Instant updates on new Packt books
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Getting ready
How to do it…
How it works…
There's more…
See also
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Basic Database Security
Introduction
Creating a password profile
Getting ready
How to do it...
How it works...
There's more...
See also
Creating password-authenticated users
Getting ready
How to do it...
How it works...
There's more...
How to create a user using EM Express
See also
Changing a user's password
Getting ready
How to do it...
How it works...
There's more...
See also
Creating a user with the same credentials on another database
Getting ready
How to do it...
How it works...
There's more...
See also
Locking a user account
Getting ready
How to do it...
How it works...
See also
Expiring a user's password
Getting ready
How to do it...
How it works...
See also
Creating and using OS-authenticated users
Getting ready
How to do it...
How it works...
There's more...
Creating and using proxy users
Getting ready
How to do it...
How it works...
There's more...
Creating and using database roles
Getting ready
How to do it...
How it works...
There's more...
See also
The sysbackup privilege – how, when, and why should you use it?
Getting ready
How to do it...
Database authentication
OS authentication
How it works...
There's more...
See also
The syskm privilege – how, when, and why should you use it?
Getting ready
How to do it...
Database authentication
OS authentication
How it works...
There's more...
See also
The sysdg privilege – how, when, and why should you use it?
Getting ready
How to do it...
Database authentication
OS authentication
How it works...
There's more...
See also
2. Security Considerations in Multitenant Environment
Introduction
Creating a common user
Getting ready
How to do it...
How it works...
Rules/guidelines for creating and managing common users
There's more...
How to create a common user using OEM 12c
Creating a local user
Getting ready
How to do it...
How it works...
Rules/guidelines for creating and managing local users
There's more...
How to create a local user using OEM 12c
Creating a common role
Getting ready
How to do it...
How it works...
There's more...
How to create a common role using OEM 12c
Creating a local role
Getting ready
How to do it...
How it works...
There's more...
How to create a local role using OEM 12c
Granting privileges and roles commonly
Getting ready
How to do it...
How it works...
Granting privileges and roles locally
Getting ready
How to do it...
How it works...
Effects of plugging/unplugging operations on users, roles, and privileges
Getting ready
How to do it...
How it works...
3. PL/SQL Security
Introduction
Creating and using definer's rights procedures
Getting ready
How to do it...
How it works...
Creating and using invoker's right procedures
Getting ready
How to do it...
How it works...
There's more...
Using code-based access control
Getting ready
How to do it...
How it works...
There's more...
Restricting access to program units by using accessible by
Getting ready
How to do it...
How it works...
4. Virtual Private Database
Introduction
Creating different policy functions
Getting ready
How to do it...
How it works...
There's more...
See also
Creating Oracle Virtual Private Database row-level policies
Getting ready
How to do it...
There's more...
See also
Creating column-level policies
Getting ready
How to do it...
How it works...
Creating a driving context
Getting ready
How to do it...
Creating policy groups
Getting ready
How to do it...
Setting context as a driving context
Getting ready
How to do it...
Adding policy to a group
Getting ready
How to do it...
Exempting users from VPD policies
Getting ready
How to do it...
5. Data Redaction
Introduction
Creating a redaction policy when using full redaction
Getting ready
How to do it...
How it works...
There's more...
How to change the default value
See also
Creating a redaction policy when using partial redaction
How to do it...
How it works...
There's more...
Creating a redaction policy when using random redaction
Getting ready
How to do it...
How it works...
Creating a redaction policy when using regular expression redaction
Getting ready
How to do it...
How it works...
Using Oracle Enterprise Manager Cloud Control 12c to manage redaction policies
Getting ready
How to do it...
Changing the function parameters for a specified column
Getting ready
How to do it...
Add a column to the redaction policy
Getting ready
How to do it...
How it works...
See also
Enabling, disabling, and dropping redaction policy
Getting ready
How to do it...
See also
Exempting users from data redaction policies
Getting ready
How to do it...
How it works...
6. Transparent Sensitive Data Protection
Introduction
Creating a sensitive type
Getting ready
How to do it...
How it works...
There's more...
Determining sensitive columns
Getting ready
How to do it...
How it works...
Creating transparent sensitive data protection policy
Getting ready
How to do it...
How it works...
See also
Associating transparent sensitive data protection policy with sensitive type
Getting ready
How to do it...
There's more...
See also
Enabling, disabling, and dropping policy
Getting ready
How to do it...
How it works...
There's more...
Altering transparent sensitive data protection policy
Getting ready
How to do it...
How it works...
See also
7. Privilege Analysis
Introduction
Creating database analysis policy
Getting ready
How to do it...
How it works...
There's more...
See also
Creating role analysis policy
Getting ready
How to do it...
There's more...
See also
Creating context analysis policy
Getting ready
How to do it...
There's more...
See also
Creating combined analysis policy
Getting ready
How to do it...
There's more...
See also
Starting and stopping privilege analysis
Getting ready
How to do it...
How it works...
There's more...
Reporting on used system privileges
Getting ready
How to do it...
There's more...
Reporting on used object privileges
Getting ready
How to do it...
There's more...
Reporting on unused system privileges
Getting ready
How to do it...
There's more...
Reporting on unused object privileges
Getting ready
How to do it...
There's more...
How to revoke unused privileges
How to do it...
There's more...
Dropping the analysis
Getting ready
How to do it...
There's more...
8. Transparent Data Encryption
Introduction
Configuring keystore location in sqlnet.ora
How to do it...
Creating and opening the keystore
Getting ready
How to do it...
How it works...
There's more...
Setting master encryption key in software keystore
Getting ready
How to do it...
There's more...
See also
Column encryption - adding new encrypted column to table
Getting ready
How to do it...
Column encryption - creating new table that has encrypted column(s)
Getting ready
How to do it...
Using salt and MAC
Getting ready
How to do it...
How it works...
There's more...
Column encryption - encrypting existing column
Getting ready
How to do it...
There's more...
Auto-login keystore
Getting ready
How to do it...
How it works...
Encrypting tablespace
Getting ready
How to do it...
How it works...
There's more...
Rekeying
Getting ready
How to do it...
How it works...
Backup and Recovery
How to do it...
There's more...
9. Database Vault
Introduction
Registering Database Vault
Getting ready
How to do it...
How it works...
There's more...
See also
Preventing users from exercising system privileges on schema objects
Getting ready
How to do it...
There's more...
See also
Securing roles
Getting ready
How to do it...
There's more...
See also
Preventing users from executing specific command on specific object
How to do it...
How it works...
Creating a rule set
Getting ready
How to do it...
There's more...
Creating a secure application role
How to do it...
There's more...
See also
Using Database Vault to implement that administrators cannot view data
How to do it...
There's more...
Running Oracle Database Vault reports
How to do it...
Disabling Database Vault
How to do it...
Re-enabling Database Vault
How to do it...
10. Unified Auditing
Introduction
Enabling Unified Auditing mode
Getting ready
How to do it...
How it works...
Predefined unified audit policies
There's more...
See also
Configuring whether loss of audit data is acceptable
Getting ready
How to do it...
How it works...
Which roles do you need to have to be able to create audit policies and to view audit data?
Getting ready
How to do it...
How it works...
There's more...
Auditing RMAN operations
Getting ready
How to do it...
How it works...
See also
Auditing Data Pump operations
Getting ready
How to do it...
See also
Auditing Database Vault operations
Getting ready
How to do it...
How it works...
There's more...
See also
Creating audit policies to audit privileges, actions and roles under specified conditions
Getting ready
How to do it...
How it works...
See also
Enabling audit policy
Getting ready
How to do it...
How it works...
Finding information about audit policies and audited data
Getting ready
How to do it...
Auditing application contexts
Getting ready
How to do it...
How it works...
There's more...
See also
Purging audit trail
Getting ready
How to do it...
How it works...
There's more...
Disabling and dropping audit policies
Getting ready
How to do it...
How it works...
See also
11. Additional Topics
Introduction
Exporting data using Oracle Data Pump in Oracle Database Vault environment
Getting ready
How to do it...
How it works...
There's more...
See also
Creating factors in Oracle Database Vault
Getting ready
How to do it...
How it works...
There's more...
See also
Using TDE in a multitenant environment
Getting ready
How to do it...
How it works...
See also
12. Appendix – Application Contexts
Introduction
Exploring and using built-in contexts
Getting ready
How to do it...
How it works...
There's more...
See also
Creating an application context
Getting ready
How to do it...
How it works...
Setting application context attributes
Getting ready
How to do it...
How it works...
There's more...
See also
Using an application context
Getting ready
How to do it...
How it works...
See also
Oracle Database 12c Security Cookbook
Oracle Database 12c Security Cookbook
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: May 2016
Production reference: 1270516
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78217-212-3
www.packtpub.com
Credits
About the Authors
Zoran Pavlović has worked on various complex database environments including RAC, ASM, Data Guard, GoldenGate, and so on. Areas of his expertise are security, performance/SQL tuning and high availabilty/disaster recovery of Oracle database. He has been working as an instructor for Oracle University since 2010 and during that time he has trained more than 200 students in Europe. In the last couple of years, Zoran has also been working on projects for Oracle Consulting. He is an Oracle ACE and he has been featured speaker/author at many conferences/magazines. He was actively engaged in beta testing Oracle Database 12c. Currently, Zoran is working as an Oracle Technical Architect in Parallel d.o.o. Belgrade.
I would like to take this opportunity to acknowledge some important people in my life who continuously inspire and support me. First, I want to say thank you to my parents Milenko and Stanojka Pavlovic, for everything they taught me, and for all the support they gave me during all these years. Second, I would like to say thank you to my family and my good friends, who helped me become a better person and a better professional. I am very thankful to our excellent team of technical reviewers: Arup Nanda, Gokhan Atil, Dmitri Levin, Osama Mustafa, and Kenneth Roth for their great suggestions and a very helpful feedback. I am also very thankful to Maja Veselica (it was a pleasure writing this book with you), all the editors, and everyone involved in this book.
Maja Veselica, MSc in software engineering, is currently working for Parallel d.o.o., Belgrade, as an Oracle Database consultant (security, performance tuning, and so on). She has been working as an instructor for Oracle University since 2010. In the last couple of years, she has also been working for Oracle Consulting. Also, Maja is a member of Oracle ACE Program and has more than 20 Oracle certificates. She enjoys (beta) testing Oracle products and participating in other Oracle-related activities.
This is the first book I've written, and because of that, it will always be special to me. I would like to thank my entire family and friends for their patience and support. I am especially grateful to my parents, Mirko and Sanja Veselica, who informally reviewed most parts of the book, and to my uncle Dušan, aunt Zora, and my best friend Mirjana Marković for very creative suggestions.
I am very thankful to the technical reviewers: Arup Nanda, Gokhan Atil, Dmitri Levin, Osama Mustafa, and Kenneth Roth for spending their spare time reviewing this book and for providing us with very valuable feedback (corrections, suggestions, ideas, and opinions). Also, this book couldn't have been written without the Packt Publishing team - thank you all!
Zoran, I always enjoy working with you. Hopefully someday, we'll write another book together.
About the Reviewers
Gokhan Atil is an Oracle ACE Director and DBA team lead at Bilyoner.com in Istanbul, Turkey. He has more than 15 years of experience in the IT industry, working with Oracle, PostgreSQL, Microsoft SQL Server, MySQL, and NoSQL databases. He has a strong background in software development and UNIX systems. Gokhan is an Oracle Certified Professional (OCP), and he specializes in high availability solutions, performance tuning, and monitoring tools.
Gokhan is a founding member and current vice president of Turkish Oracle User Group (TROUG). He's also a member of Independent Oracle User Group (IOUG). Gokhan has presented at various conferences, and he is a coauthor of Expert Oracle Enterprise Manager 12c book.
Gokhan shares his experience of working with Oracle products by blogging