System Management Lesson 06. Administering User Security

News 2020-09-22 10:11:19 views: null

System Management Lesson 06. Administering User Security

1. What security features must an Oracle user account have?

  • A unique username
  • An authentication
  • A default tablespace
  • A temporary tablespace
  • A user profile
  • An initial consumer group
  • An account status
    Translation
  • Unique username
  • Authentication method
  • Default tablespace
  • Temporary table space
  • User profile
  • Initial user group
  • Account Status

2. After the database is created, what are the predefined management accounts and what are their functions?

SYS:

  • Owns the data dictionary and the Automatic Workload Repository(AWR)
  • Used for startup and shutdown of the database instance

SYSTEM:Owns additional administrative tables and views
SYSBACKUP:Facilitates Oracle Recouvery Manager(RMAN) backup and recovery operations
SYSDG:Facilitates Oracle Data Guard operations
SYSKM:Facilitates Transparent Data Encryption wallet operatioins
翻译
SYS:

  • Have a data dictionary and自动工作量资料档案库(AWR)
  • Used for startup and shutdown of database instances

SYSTEM: Have additional management tables and views
SYSBACKUP: Implement Oracle recovery Manager (RMAN) backup and recovery operations
SYSDG: Implement Oracle Data Guard operations
SYSKM: Implement 透明数据加密密钥operations

3. What are the methods to verify authorized accounts?

Password:User definition includes a password that must be supplied when the user attempts to log in to the database
External:Authentication by a method outside the database(operating system, Kerberos, or Radius)
Global:Users are identified by using an LDAP-based Directory service
translation
Password authentication: user definition includes the password that users must provide when they try to log in to the database.
External authentication: authentication through methods outside the database (operating system, Kerberos, or Radius).
Global authentication: identification by using LDAP-based directory services user

4. Please write SQL statements to unlock the account and modify the account password.

Unlock account
alter user account account unlock;
modify account password
alter user account identified by password;

5. When using the grant command, what is the difference between with admin option and with grant option?

With admin option
, the user who is granted this permission has the right to grant a certain permission (such as create any table) to other users or roles.
Cancellation is not cascading

Scenes

  1. The DBA grants Joe the CREATE TABLE system authority with ADMIN OPTION.
  2. Joe creates the table.
  3. Joe grants the CREATE TABLE system privilege to Emily.
  4. Emily creates the table.
  5. The DBA revokes Joe's CREATE TABLE system authority.

As a result,
Joe's table still exists, but Joe can no longer create new tables. Emily's table still exists, and she still has the CREATE TABLE system privilege.

With grant option
permission grant/cancel is cascading. The
granted user can also grant this object permission to other users or roles. When the administrator takes back the user object permission, the permission will become invalid due to propagation

Scenes

  1. Joe was granted SELECT object privileges (with GRANT OPTION) on EMPLOYEES.
  2. Joe grants Emily the SELECT permission on EMPLOYEES.
  3. Revoke Joe's SELECT permission. This revocation is also cascaded to Emily.

6. What is a role and what are the benefits of using a role?

Roles:

  • Used to group together privileges and roles
  • Facilitate granting of multiple privileges or roles to uers

Benefits of roles:

  • Easier privilege management
  • Dynamic privilege management
  • Selective availability of privileges

Character:

  • Used to group permissions and roles
  • Convenient to grant multiple permissions or roles to users

benefit:

  • Simplify rights management
  • Perform dynamic rights management
  • Provide permissions selectively

7. Please talk about the basic process of using DBMS_PRIVILEGE_CAPTURE for permission analysis.

a. Create analysis
b. Start analyzing used privileges
c. Stop analyzing
d. Generate report
e. Compare with unused privileges
f. Revoke unuesd privileges
translate
a, create an analysis
b, start analysis using privileges
c, stop analysis
d, generate report
e 、 Compare with unused permissions
f, revoke unused permissions

8. What are the functions of a user account profile (Profiles)?

Users are assigned onlu one profile at a time.
Profiles:

  • Control resource consumption
  • Manage account status and password expiration

Translation:
Users can only assign one profile at a time.
Configuration file:

  • Control resource usage
  • Manage account status and password expiration.
    Administrators use profiles to control system resources (CPU, network/memory, disk I/O)

9. Why does Oracle recommend not to impose password restrictions on the use of profiles for management accounts such as SYS, SYSMAN, and DBSNMP?

Expiring the SYS, SYSMAN, and DBSNMP account passwords and locking these accounts will cause Oracle Enterprise Manager to fail to run normally.
The application must capture the "password expired" warning message and handle the password change; otherwise, as soon as the grace period expires, the user will be locked without notifying the reason.
Once locked, it will be cold, and you have to find Oracle. Oracle's charges are very high.

10. Please talk about your understanding of the best practice requirement of "using the principle of least privilege".

1️⃣must assign authority to the operator (define the operator's authority boundary) before operating.
When an operator wants to operate on a certain resource, the system will match whether there is an operation permission for the resource within his permission boundary. If there is, he can be allowed to operate, if not, it will be rejected.
2️⃣ The user must be granted the permissions necessary to complete the task efficiently.
Reduce the chance that users modify or view (unintentionally or maliciously) they do not have the right to modify or view data.

11. Please translate the following content into Chinese:

Insert picture description here

The Oracle database includes five administrative privileges, which are provided to facilitate separation of duties.
SYSDBA and SYSOPER management authority are used to perform various standard database operations, including starting and closing database instances.
For a complete list of authorized operations for SYSDBA and SYSOPER permissions, please refer to the Oracle Database Administrator's Guide.
SYSBACKUP, SYSDG and SYSKM are new features of Oracle Database 12c. They are management tasks for specific backup and recovery, Oracle Data Guard and transparent data encryption key management.
In previous versions, these tasks required SYSDBA authority.
These privileges enable you to connect to the database even if the database is not open.
For a list of supported operations for SYSBACKUP, SYSDG, and SYSKM permissions, please refer to the race database security guide.

Guess you like

Origin blog.csdn.net/hezuijiudexiaobai/article/details/108712142
Recommended
NYSE technical issues send Berkshire Hathaway (BRK.A) down nearly 100%
Ranking
Why is BufferedReader read() much slower than readLine()?
postman Interface learning from entry to the master
Create function example
Bitmap compression strategy
Day05 common data type built-in method
統一されたセマンティック表現に基づくマルチユーザー異種セマンティック ネットワーク
The "4+1" view of the system architect's architecture and the "4+1" view of UML
[User Tutorial] Migrating DGPals to Cronos Protocol
Summer training topics
Version 3.2.0 preview! Remote logs solve the problem of unable to obtain logs due to Worker failure
Daily
More
2024-06-03(1)
2024-06-02(0)
2024-06-01(1)
2024-05-31(1)
2024-05-30(0)
2024-05-29(1)
2024-05-28(1)
2024-05-27(1)
2024-05-26(0)
2024-05-25(3)

Code World

© 2018 codetd.com