Orcle 12c new features --- enhance the PDB Lockdown Profiles

Others 2019-06-20 15:23:52 views: null

1 Description

1.1 Lockdown Profiles on PDB

PDB lockdown profile is a named set of operations can be controlled. PDB control operating authority is to take effect for all users.

For example: the user can control prohibit the syntax straight ALTER SYSTEM. To some extent guarantee the security of the database.

Limiting operation can be the following four aspects:

  1. Network access features. These are operations that use the network to communicate outside the PDB. For example, the PL/SQL packages UTL_TCP, UTL_HTTP, UTL_MAIL, UTL_SNMP, UTL_INADDR, and DBMS_DEBUG_JDWP perform these kinds of operations. Currently, ACLs are used to control this kind of access to share network identity.

  2. Common user or object access. These are operations in which a local user in the PDB can proxy through common user accounts or access objects in a common schema. These kinds of operations include adding or replacing objects in a common schema, granting privileges to common objects, accessing common directory objects, granting the INHERIT PRIVILEGES role to a common user, and manipulating a user proxy to a common user.

  3. Operating System access. For example, you can restrict access to the UTL_FILE or DBMS_FILE_TRANSFER PL/SQL packages.

  4. Connections. For example, you can restrict common users from connecting to the PDB or you can restrict a local user who has the SYSOPER administrative privilege from connecting to a PDB that is open in restricted mode.

Experiment 2

2.1 Creating PDB Lockdown Profile

- Log on to the CDB root, and then create Lockdown profile

SQL> create lockdown profile cndba_prof;
Lockdown Profile created.

- Modify Lockdown profile, disable the refresh shared pool

SQL> ALTER LOCKDOWN PROFILE cndba_prof DISABLE STATEMENT = ('ALTER SYSTEM') clause = ('flush shared_pool');

Lockdown Profile altered.

Note: a Lockdown profile is in use, if you modify it, it will take effect immediately.

2.2 Enabling PDB Lockdown Profile

  • CDB level enable Lockdown Profile, it will all PDB under the CDB take effect
SQL> alter system set pdb_lockdown=cndba_prof;
System altered.
  • PDB level enable Lockdown Profile, only the entry into force of this PDB
alter system set pdb_lockdown=cndba_prof;

2.3 Log on to the PDB test is valid

According Lockdown profile all restrictions of operations, make clear the shared pool operation.

SQL> alter system flush shared_pool;
alter system flush shared_pool
*
ERROR at line 1:
ORA-01031: insufficient privileges

Tip do not have permission to operate, other normal operations. Such as:

SQL>  alter system set sessions=400;
System altered.

2.4 disable PDB Lockdown Profile

The same distinction CDB level and level setting PDB

alter system set pdb_lockdown='';

2.5 Delete PDB Lockdown Profile

SQL > DROP Lockdown Profile cndba_prof;
Lockdown Profile dropped.

More PDB Lockdown Profile information, please see the official document:
http://docs.oracle.com/database/122/DBSEG/configuring-privilege-and-role-authorization.htm#DBSEG-GUID-0D525203-A1A7-46BB -B9DB-03F2D1A3803F

Guess you like

Origin blog.csdn.net/qianglei6077/article/details/92795435
Recommended
Ranking
vue project automated build tools 1.0, support for multi-page build
JDBC add, update, delete data
SpringCloud combat service in response to the decline tutorial series (Chapter IV)
A segmentation fault (core dumped) error occurs when C+11 compiles and calls the PCL library
Django achieve websocket
Go语言并发之道--笔记1
Three-tier structure and application
Zhejiang data structure after-school exercise practice two 7-2 Reversing Linked List (25 points)
Front-end interview brushing day9 (updated daily high-frequency inspection points for front-end interviews)
The difference between the shell of the single and double quote
Daily
More
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)

Code World

© 2018 codetd.com