Oracle Database 12c Security Cookbook
By Zoran Pavlović and Maja Veselica
()
About this ebook
- Explore and learn the new security features introduced in Oracle Database 12c, to successfully secure your sensitive data
- Learn how to identify which security strategy is right for your needs – and how to apply it
- Each ‘recipe’ provides you with a single step-by-step solution, making this book a vital resource, delivering Oracle support in one accessible place
This book is for DBAs, developers, and architects who are keen to learn more about security in Oracle Database 12c. This book is best suited to beginners and intermediate-level database security practitioners. Basic knowledge of Oracle Database is expected, but no prior experience of securing a database is required.
Related to Oracle Database 12c Security Cookbook
Related ebooks
PostgreSQL 9 High Availability Cookbook Rating: 5 out of 5 stars5/5Oracle 11g Anti-hacker's Cookbook Rating: 5 out of 5 stars5/5Oracle WebLogic Server 12c Advanced Administration Cookbook Rating: 0 out of 5 stars0 ratingsOracle Goldengate 11g Complete Cookbook Rating: 5 out of 5 stars5/5SQL Server 2014 with PowerShell v5 Cookbook Rating: 0 out of 5 stars0 ratingsOracle Database 11g R2 Performance Tuning Cookbook Rating: 0 out of 5 stars0 ratingsPostgreSQL 9 Administration Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsGit Version Control Cookbook Rating: 4 out of 5 stars4/5Oracle E-Business Suite R12 Integration and OA Framework Development and Extension Cookbook Rating: 0 out of 5 stars0 ratingsSQL Server 2016 Reporting Services Cookbook Rating: 5 out of 5 stars5/5Oracle Database 12c Release 2 New Features Rating: 0 out of 5 stars0 ratingsSecuring WebLogic Server 12c Rating: 0 out of 5 stars0 ratingsOracle Exalytics Revealed: E-Book Rating: 0 out of 5 stars0 ratingsOracle GoldenGate With Microservices: Real-Time Scenarios with Oracle GoldenGate Rating: 0 out of 5 stars0 ratingsOracle Ultimate DBA Interview Questions Rating: 5 out of 5 stars5/5Oracle Database A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsOracle Database 12c Release 2 Testing Tools and Techniques for Performance and Scalability Rating: 5 out of 5 stars5/5Oracle GoldenGate 12c Implementer's Guide Rating: 0 out of 5 stars0 ratingsOracle 19c AutoUpgrade Best Practices: A Step-by-step Expert-led Database Upgrade Guide to Oracle 19c Using AutoUpgrade Utility Rating: 0 out of 5 stars0 ratingsInstant Oracle GoldenGate Rating: 0 out of 5 stars0 ratingsOracle 11g Streams Implementer's Guide Rating: 0 out of 5 stars0 ratingsMastering Oracle Scheduler in Oracle 11g Databases Rating: 0 out of 5 stars0 ratingsIntroduction to Oracle Database Administration Rating: 5 out of 5 stars5/5Getting Started with Oracle Data Integrator 11g: A Hands-On Tutorial Rating: 5 out of 5 stars5/5Oracle Exadata Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsOracle GoldenGate 11g Implementer's guide Rating: 5 out of 5 stars5/5SOA Made Simple Rating: 0 out of 5 stars0 ratingsMigrating to the Cloud: Oracle Client/Server Modernization Rating: 0 out of 5 stars0 ratingsStarting Database Administration: Oracle DBA Rating: 3 out of 5 stars3/5Practical Oracle Cloud Infrastructure: Infrastructure as a Service, Autonomous Database, Managed Kubernetes, and Serverless Rating: 0 out of 5 stars0 ratings
Enterprise Applications For You
Scrivener For Dummies Rating: 4 out of 5 stars4/5Systems Thinking: Managing Chaos and Complexity: A Platform for Designing Business Architecture Rating: 4 out of 5 stars4/5Bitcoin For Dummies Rating: 4 out of 5 stars4/5Excel : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Excel Programming: 1 Rating: 5 out of 5 stars5/5QuickBooks 2023 All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsExcel 2019 For Dummies Rating: 3 out of 5 stars3/5Excel Formulas and Functions 2020: Excel Academy, #1 Rating: 4 out of 5 stars4/5Creating Online Courses with ChatGPT | A Step-by-Step Guide with Prompt Templates Rating: 4 out of 5 stars4/5ChatGPT Ultimate User Guide - How to Make Money Online Faster and More Precise Using AI Technology Rating: 0 out of 5 stars0 ratingsManaging Humans: Biting and Humorous Tales of a Software Engineering Manager Rating: 4 out of 5 stars4/550 Useful Excel Functions: Excel Essentials, #3 Rating: 5 out of 5 stars5/5SharePoint 2016 For Dummies Rating: 5 out of 5 stars5/5QuickBooks 2021 For Dummies Rating: 0 out of 5 stars0 ratingsUsing Word 2019: The Step-by-step Guide to Using Microsoft Word 2019 Rating: 0 out of 5 stars0 ratingsThe Ridiculously Simple Guide To Numbers For Mac Rating: 0 out of 5 stars0 ratingsEnterprise AI For Dummies Rating: 3 out of 5 stars3/5Essential Office 365 Third Edition: The Illustrated Guide to Using Microsoft Office Rating: 3 out of 5 stars3/5Mastering QuickBooks 2020: The ultimate guide to bookkeeping and QuickBooks Online Rating: 0 out of 5 stars0 ratingsLearning Python Rating: 5 out of 5 stars5/5Learn Windows PowerShell in a Month of Lunches Rating: 0 out of 5 stars0 ratingsNotion for Beginners: Notion for Work, Play, and Productivity Rating: 4 out of 5 stars4/5Excel Tips and Tricks Rating: 0 out of 5 stars0 ratingsQuickBooks Online For Dummies Rating: 0 out of 5 stars0 ratingsExcel 2016 For Dummies Rating: 4 out of 5 stars4/5The New Email Revolution: Save Time, Make Money, and Write Emails People Actually Want to Read! Rating: 5 out of 5 stars5/5
Reviews for Oracle Database 12c Security Cookbook
0 ratings0 reviews
Book preview
Oracle Database 12c Security Cookbook - Zoran Pavlović
Table of Contents
Oracle Database 12c Security Cookbook
Credits
About the Authors
About the Reviewers
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Instant updates on new Packt books
Preface
What this book covers
What you need for this book
Who this book is for
Sections
Getting ready
How to do it…
How it works…
There's more…
See also
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Basic Database Security
Introduction
Creating a password profile
Getting ready
How to do it...
How it works...
There's more...
See also
Creating password-authenticated users
Getting ready
How to do it...
How it works...
There's more...
How to create a user using EM Express
See also
Changing a user's password
Getting ready
How to do it...
How it works...
There's more...
See also
Creating a user with the same credentials on another database
Getting ready
How to do it...
How it works...
There's more...
See also
Locking a user account
Getting ready
How to do it...
How it works...
See also
Expiring a user's password
Getting ready
How to do it...
How it works...
See also
Creating and using OS-authenticated users
Getting ready
How to do it...
How it works...
There's more...
Creating and using proxy users
Getting ready
How to do it...
How it works...
There's more...
Creating and using database roles
Getting ready
How to do it...
How it works...
There's more...
See also
The sysbackup privilege – how, when, and why should you use it?
Getting ready
How to do it...
Database authentication
OS authentication
How it works...
There's more...
See also
The syskm privilege – how, when, and why should you use it?
Getting ready
How to do it...
Database authentication
OS authentication
How it works...
There's more...
See also
The sysdg privilege – how, when, and why should you use it?
Getting ready
How to do it...
Database authentication
OS authentication
How it works...
There's more...
See also
2. Security Considerations in Multitenant Environment
Introduction
Creating a common user
Getting ready
How to do it...
How it works...
Rules/guidelines for creating and managing common users
There's more...
How to create a common user using OEM 12c
Creating a local user
Getting ready
How to do it...
How it works...
Rules/guidelines for creating and managing local users
There's more...
How to create a local user using OEM 12c
Creating a common role
Getting ready
How to do it...
How it works...
There's more...
How to create a common role using OEM 12c
Creating a local role
Getting ready
How to do it...
How it works...
There's more...
How to create a local role using OEM 12c
Granting privileges and roles commonly
Getting ready
How to do it...
How it works...
Granting privileges and roles locally
Getting ready
How to do it...
How it works...
Effects of plugging/unplugging operations on users, roles, and privileges
Getting ready
How to do it...
How it works...
3. PL/SQL Security
Introduction
Creating and using definer's rights procedures
Getting ready
How to do it...
How it works...
Creating and using invoker's right procedures
Getting ready
How to do it...
How it works...
There's more...
Using code-based access control
Getting ready
How to do it...
How it works...
There's more...
Restricting access to program units by using accessible by
Getting ready
How to do it...
How it works...
4. Virtual Private Database
Introduction
Creating different policy functions
Getting ready
How to do it...
How it works...
There's more...
See also
Creating Oracle Virtual Private Database row-level policies
Getting ready
How to do it...
There's more...
See also
Creating column-level policies
Getting ready
How to do it...
How it works...
Creating a driving context
Getting ready
How to do it...
Creating policy groups
Getting ready
How to do it...
Setting context as a driving context
Getting ready
How to do it...
Adding policy to a group
Getting ready
How to do it...
Exempting users from VPD policies
Getting ready
How to do it...
5. Data Redaction
Introduction
Creating a redaction policy when using full redaction
Getting ready
How to do it...
How it works...
There's more...
How to change the default value
See also
Creating a redaction policy when using partial redaction
How to do it...
How it works...
There's more...
Creating a redaction policy when using random redaction
Getting ready
How to do it...
How it works...
Creating a redaction policy when using regular expression redaction
Getting ready
How to do it...
How it works...
Using Oracle Enterprise Manager Cloud Control 12c to manage redaction policies
Getting ready
How to do it...
Changing the function parameters for a specified column
Getting ready
How to do it...
Add a column to the redaction policy
Getting ready
How to do it...
How it works...
See also
Enabling, disabling, and dropping redaction policy
Getting ready
How to do it...
See also
Exempting users from data redaction policies
Getting ready
How to do it...
How it works...
6. Transparent Sensitive Data Protection
Introduction
Creating a sensitive type
Getting ready
How to do it...
How it works...
There's more...
Determining sensitive columns
Getting ready
How to do it...
How it works...
Creating transparent sensitive data protection policy
Getting ready
How to do it...
How it works...
See also
Associating transparent sensitive data protection policy with sensitive type
Getting ready
How to do it...
There's more...
See also
Enabling, disabling, and dropping policy
Getting ready
How to do it...
How it works...
There's more...
Altering transparent sensitive data protection policy
Getting ready
How to do it...
How it works...
See also
7. Privilege Analysis
Introduction
Creating database analysis policy
Getting ready
How to do it...
How it works...
There's more...
See also
Creating role analysis policy
Getting ready
How to do it...
There's more...
See also
Creating context analysis policy
Getting ready
How to do it...
There's more...
See also
Creating combined analysis policy
Getting ready
How to do it...
There's more...
See also
Starting and stopping privilege analysis
Getting ready
How to do it...
How it works...
There's more...
Reporting on used system privileges
Getting ready
How to do it...
There's more...
Reporting on used object privileges
Getting ready
How to do it...
There's more...
Reporting on unused system privileges
Getting ready
How to do it...
There's more...
Reporting on unused object privileges
Getting ready
How to do it...
There's more...
How to revoke unused privileges
How to do it...
There's more...
Dropping the analysis
Getting ready
How to do it...
There's more...
8. Transparent Data Encryption
Introduction
Configuring keystore location in sqlnet.ora
How to do it...
Creating and opening the keystore
Getting ready
How to do it...
How it works...
There's more...
Setting master encryption key in software keystore
Getting ready
How to do it...
There's more...
See also
Column encryption - adding new encrypted column to table
Getting ready
How to do it...
Column encryption - creating new table that has encrypted column(s)
Getting ready
How to do it...
Using salt and MAC
Getting ready
How to do it...
How it works...
There's more...
Column encryption - encrypting existing column
Getting ready
How to do it...
There's more...
Auto-login keystore
Getting ready
How to do it...
How it works...
Encrypting tablespace
Getting ready
How to do it...
How it works...
There's more...
Rekeying
Getting ready
How to do it...
How it works...
Backup and Recovery
How to do it...
There's more...
9. Database Vault
Introduction
Registering Database Vault
Getting ready
How to do it...
How it works...
There's more...
See also
Preventing users from exercising system privileges on schema objects
Getting ready
How to do it...
There's more...
See also
Securing roles
Getting ready
How to do it...
There's more...
See also
Preventing users from executing specific command on specific object
How to do it...
How it works...
Creating a rule set
Getting ready
How to do it...
There's more...
Creating a secure application role
How to do it...
There's more...
See also
Using Database Vault to implement that administrators cannot view data
How to do it...
There's more...
Running Oracle Database Vault reports
How to do it...
Disabling Database Vault
How to do it...
Re-enabling Database Vault
How to do it...
10. Unified Auditing
Introduction
Enabling Unified Auditing mode
Getting ready
How to do it...
How it works...
Predefined unified audit policies
There's more...
See also
Configuring whether loss of audit data is acceptable
Getting ready
How to do it...
How it works...
Which roles do you need to have to be able to create audit policies and to view audit data?
Getting ready
How to do it...
How it works...
There's more...
Auditing RMAN operations
Getting ready
How to do it...
How it works...
See also
Auditing Data Pump operations
Getting ready
How to do it...
See also
Auditing Database Vault operations
Getting ready
How to do it...
How it works...
There's more...
See also
Creating audit policies to audit privileges, actions and roles under specified conditions
Getting ready
How to do it...
How it works...
See also
Enabling audit policy
Getting ready
How to do it...
How it works...
Finding information about audit policies and audited data
Getting ready
How to do it...
Auditing application contexts
Getting ready
How to do it...
How it works...
There's more...
See also
Purging audit trail
Getting ready
How to do it...
How it works...
There's more...
Disabling and dropping audit policies
Getting ready
How to do it...
How it works...
See also
11. Additional Topics
Introduction
Exporting data using Oracle Data Pump in Oracle Database Vault environment
Getting ready
How to do it...
How it works...
There's more...
See also
Creating factors in Oracle Database Vault
Getting ready
How to do it...
How it works...
There's more...
See also
Using TDE in a multitenant environment
Getting ready
How to do it...
How it works...
See also
12. Appendix – Application Contexts
Introduction
Exploring and using built-in contexts
Getting ready
How to do it...
How it works...
There's more...
See also
Creating an application context
Getting ready
How to do it...
How it works...
Setting application context attributes
Getting ready
How to do it...
How it works...
There's more...
See also
Using an application context
Getting ready
How to do it...
How it works...
See also
Oracle Database 12c Security Cookbook
Oracle Database 12c Security Cookbook
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: May 2016
Production reference: 1270516
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78217-212-3
www.packtpub.com
Credits
About the Authors
Zoran Pavlović has worked on various complex database environments including RAC, ASM, Data Guard, GoldenGate, and so on. Areas of his expertise are security, performance/SQL tuning and high availabilty/disaster recovery of Oracle database. He has been working as an instructor for Oracle University since 2010 and during that time he has trained more than 200 students in Europe. In the last couple of years, Zoran has also been working on projects for Oracle Consulting. He is an Oracle ACE and he has been featured speaker/author at many conferences/magazines. He was actively engaged in beta testing Oracle Database 12c. Currently, Zoran is working as an Oracle Technical Architect in Parallel d.o.o. Belgrade.
I would like to take this opportunity to acknowledge some important people in my life who continuously inspire and support me. First, I want to say thank you to my parents Milenko and Stanojka Pavlovic, for everything they taught me, and for all the support they gave me during all these years. Second, I would like to say thank you to my family and my good friends, who helped me become a better person and a better professional. I am very thankful to our excellent team of technical reviewers: Arup Nanda, Gokhan Atil, Dmitri Levin, Osama Mustafa, and Kenneth Roth for their great suggestions and a very helpful feedback. I am also very thankful to Maja Veselica (it was a pleasure writing this book with you), all the editors, and everyone involved in this book.
Maja Veselica, MSc in software engineering, is currently working for Parallel d.o.o., Belgrade, as an Oracle Database consultant (security, performance tuning, and so on). She has been working as an instructor for Oracle University since 2010. In the last couple of years, she has also been working for Oracle Consulting. Also, Maja is a member of Oracle ACE Program and has more than 20 Oracle certificates. She enjoys (beta) testing Oracle products and participating in other Oracle-related activities.
This is the first book I've written, and because of that, it will always be special to me. I would like to thank my entire family and friends for their patience and support. I am especially grateful to my parents, Mirko and Sanja Veselica, who informally reviewed most parts of the book, and to my uncle Dušan, aunt Zora, and my best friend Mirjana Marković for very creative suggestions.
I am very thankful to the technical reviewers: Arup Nanda, Gokhan Atil, Dmitri Levin, Osama Mustafa, and Kenneth Roth for spending their spare time reviewing this book and for providing us with very valuable feedback (corrections, suggestions, ideas, and opinions). Also, this book couldn't have been written without the Packt Publishing team - thank you all!
Zoran, I always enjoy working with you. Hopefully someday, we'll write another book together.
About the Reviewers
Gokhan Atil is an Oracle ACE Director and DBA team lead at Bilyoner.com in Istanbul, Turkey. He has more than 15 years of experience in the IT industry, working with Oracle, PostgreSQL, Microsoft SQL Server, MySQL, and NoSQL databases. He has a strong background in software development and UNIX systems. Gokhan is an Oracle Certified Professional (OCP), and he specializes in high availability solutions, performance tuning, and monitoring tools.
Gokhan is a founding member and current vice president of Turkish Oracle User Group (TROUG). He's also a member of Independent Oracle User Group (IOUG). Gokhan has presented at various conferences, and he is a coauthor of Expert Oracle Enterprise Manager 12c book.
Gokhan shares his experience of working with Oracle products by blogging