Download Role

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
Document related concepts

Entity–attribute–value model wikipedia , lookup

Database wikipedia , lookup

Extensible Storage Engine wikipedia , lookup

Microsoft Access wikipedia , lookup

Clusterpoint wikipedia , lookup

Ingres (database) wikipedia , lookup

Microsoft Jet Database Engine wikipedia , lookup

Database model wikipedia , lookup

Oracle Database wikipedia , lookup

Null (SQL) wikipedia , lookup

Relational model wikipedia , lookup

Microsoft SQL Server wikipedia , lookup

Open Database Connectivity wikipedia , lookup

SQL wikipedia , lookup

PL/SQL wikipedia , lookup

Transcript 
Session id: 36652
Oracle Sleuth: Who Did It?
Sitansu S. Mittra
Senior Principal Engineer &
Database Management Specialist
Computer Sciences Corporation
Topic Outline
 Prevention of unauthorized user access –
roles, privileges, profiles
 Detection of harmful activities – AUDIT TRAIL,
LogMiner
 Correction of impact of activities via ‘undo’
and ‘redo’ entries – LogMiner
 Roadmap for Ensuring Data Security in
Oracle Databases
 Bibliography
Prevention of Unauthorized User
Access
•Create a user account .
•Assign one or more roles to the user .
•Assign system and object level privileges to
each role
•Set up a profile for the user or use DEFAULT
profile.
Relationship among users, roles, privileges, and
profiles:
M:N
USER <<---------------------->> ROLE
M:N
ROLE <<---------------->> PRIVILEGE
M:1
USER <<--------------------> PROFILE
Role = named collection of system or object level
privileges that are granted to the role
A role can be granted to a user or to another
role.
Privilege = capability to perform authorized
function(s) in the database
A system privilege enables a user to perform
designated tasks in the database. There are
126 such privileges that can be listed by the
query:
select distinct NAME from
system_privilege_map order by 1;
An object privilege enables a user to perform
primarily DML type tasks (INSERT, UPDATE,
DELETE) on designated objects (tables, views,
sequences, procedures) in the database.
There are 8 such privileges
GRANT
Privileges are assigned to roles or users and
roles are assigned to other roles or users via
the GRANT command.
Sample Session Transcript
SQL>create role A;
Role created.
SQL>create role B;
Role created.
SQL>create user X identified by *****;
User created.
SQL> grant select any table, execute any
procedure, insert any table,delete any
table, update any table to A;
Grant succeeded.
Privileges granted directly to a role or a user can
be displayed by querying dba_sys_privs or
dba_tab_privs, as the case may be. But
privileges granted indirectly to a role or a user
cannot be so displayed.
Sample Session Transcript
SQL> grant create any table, insert any
table, create session to B;
Grant succeeded.
SQL> create role C;
Role created.
SQL> grant B to C;
Grant succeeded.
SQL> grant C to X;
Grant succeeded.
SQL> select grantee, privilege from
dba_sys_privs where grantee in ('A', 'B',
'C', 'X')
order by grantee, privilege;
GRANTEE
----------------A
A
A
A
A
B
B
B
8 rows selected.
PRIVILEGE
----------------CREATE SESSION
DELETE ANY TABLE
EXECUTE ANY PROCEDURE
SELECT ANY TABLE
UPDATE ANY TABLE
CREATE ANY TABLE
CREATE SESSION
INSERT ANY TABLE
(Note that C and X are not listed since they were
granted the privileges indirectly. But X does
have the privileges granted to B. For example, X
can create a table and insert rows into the table,
as shown below.)
SQL> connect x/*****
Connected.
SQL> create table P
2 (m number not null,
3 n varchar2 (10));
Table created.
SQL> insert into P values (17, 'sample');
1 row created.
REVOKE
Privileges granted directly to a role or a user
can be taken away from that role or user via the
REVOKE command. But privileges granted
indirectly to a role or a user cannot be so taken
away. You must find the direct grantee from
whom you can revoke the privileges.
SQL> revoke insert any table from A;
Revoke succeeded.
DBA Views about Roles and Privileges
DBA_ROLES
DBA_ROLE_PRIVS
all roles that exist
roles granted to
users/roles
ROLE_ROLE_PRIVS roles granted to other
roles
DBA_SYS_PRIVS
system privileges
granted to users/roles
DBA_TAB_PRIVS
object privileges
granted to users/roles
GRANT WITH GRANT or ADMIN OPTION
One can grant an object privilege to a user
WITH GRANT OPTION whereby the user can
grant those privileges to other users or roles.
These are called grantable privileges and can
be assigned only to users, but not to roles.
One can grant a system privilege to a user or a
role WITH ADMIN OPTION whereby the user
can grant those privileges to other users or
roles.
Default Role
A user can have one or more roles. By
default, when a user logs in, all of his/her
roles are activated. One can designate a
subset of these roles as default roles. In that
case, only the default roles are activated at
logon time.
Profile
A profile is a collection of quotas and privileges
related to the following system resource limits
and password management:
System Resource
CPU time
I/O operation
Idle time
Connect time
System Resource (Contd.)
Memory space as private SQL area (MTS)
Concurrent sessions
Password Management
Password aging and expiration
Password history
Password complexity verification
Account locking
A user can have only one profile at a time either Oracle provided DEFAULT profile or a
profile created via CREATE PROFILE
command and assigned to a user via ALTER
USER command.
A CREATEd profile can be dropped, but not
the DEFAULT profile.
All limits of the DEFAULT profile are
UNLIMITED. But the DBA can change the
values via ALTER PROFILE command so that
the modified values apply to all users who are
assigned the DEFAULT profile.
Query to find limits of any profile:
select * from dba_profiles order by
RESOURCE_TYPE;
Changes made to a profile via ALTER PROFILE
command take effect for subsequent sessions
only.
A profile that has users assigned to it can be
dropped only via the command DROP
PROFILE profile CASCADE. In that case,
Oracle assigns the DEFAULT profile to all users
who had the dropped profile as their default
profile.
PUBLIC as User
PUBLIC is a special user in Oracle. Any
system level or object level privilege granted to
PUBLIC can be used by all current and future
users of the database. Ideally, privileges
should not be granted to PUBLIC. Privileges
granted to PUBLIC can be determined by
running the following queries:
select privilege from dba_sys_privs where
grantee = 'PUBLIC' order by 1;
select privilege from dba_tab_privs where
grantee = 'PUBLIC' order by 1;
Detection of Harmful Activities via
AUDIT TRAIL
A DBA can track the following user activities
via the auditing capability:
• login attempts,
• database actions, and
• access (retrieval and update) to database
objects.
Prerequisite:
set the initialization parameter
AUDIT_TRAIL to the value TRUE or DB (default
is FALSE or NONE).
Audit records are written to the table SYS.AUD$
DBA_ views containing auditing information:
DBA_AUDIT_EXISTS, DBA_AUDIT_OBJECT,
DBA_AUDIT_SESSION,
DBA_AUDIT_STATEMENT, DBA_AUDIT_TRAIL
DBA_AUDIT_TRAIL is most comprehensive
Auditing Login Attempts
Login as a DBA privileged account
Type “audit session;”
Allow users to login as needed.
Run the following query to see the login and
logout activities, both successful and
unsuccessful:
select username, os_username,
to_char (timestamp, 'dd-mon-yyyy
hh24:mi:ss') "Login Time",
to_char (LOGOFF_TIME, 'dd-mon-yyyy
hh24:mi:ss') "Logout Time",
decode (returncode, 0, 'Connected',
01017, 'invalid username/password',
01005, 'null password given',
returncode) "Login Status"
from dba_audit_session
order by 1, 3 desc;
Auditing Database Actions
DBA can audit any action affecting a database
object .
Oracle allows 144 actions that can be listed with
the query
select action, name from audit_actions;
Possible actions such as CREATE, ALTER, and
DROP that can affect a specific object type can
be grouped together during auditing;
e.g., “audit table;” will audit all actions affecting
a table
With auditing activated for an object, all actions
pertaining to that object are recorded in the view
DBA_AUDIT_OBJECT. Run the following query
to get a list of all such actions :
select username, os_username, owner,
obj_name, action_name,
to_char (timestamp, 'dd-mon-yyyy
hh24:mi:ss') "Transaction Time” from
dba_audit_object
order by 1, 4, 6 desc;
DBA can analyze the result to identify users
responsible for harmful activities
Access (Retrieval and Update) to
Database Objects
Access includes four DML commands,
SELECT, INSERT, UPDATE, and DELETE
For each table to be audited, enter the
command
AUDIT ALL ON table_name BY ACCESS;
“BY ACCESS” option causes an audit record to
be written to the table SYS.AUD$ once for
each time the table is accessed;
e.g., if a user performs four update transactions
(INSERT, UPDATE, DELETE) on a table, then
four separate records are written to SYS.AUD$.
They can be viewed by querying the view
DBA_AUDIT_OBJECT.
Run the query:
select username, os_username, owner,
obj_name, action_name,
to_char (timestamp, 'dd-mon-yyyy
hh24:mi:ss') "Transaction Time"
from dba_audit_object
order by 1, 4, 6 desc;
Sample Session Transcript
SQL> audit table;
Audit succeeded.
SQL> audit view;
Audit succeeded.
SQL> audit all on dqsmith.explore by
access;
Audit succeeded.
SQL> audit all on EXPLORE_COPY by access;
Audit succeeded.
SQL> audit all on EXPLORE_ORIGINAL by
access;
Audit succeeded.
SQL> select username, os_username,
owner, obj_name, action_name,
to_char (timestamp, 'dd-mon-yyyy
hh24:mi:ss') "Transaction Time" from
dba_audit_object order by 1, 4, 6 desc;
USERNAME
OBJ_NAME
OS_USERNAME OWNER
ACTION_NAME
---------- ------------ ---------------Transaction Time
--------------------
DQSMITH
EXPLORE
Mittra
DQSMITH
CREATE TABLE
18-jul-2003 15:38:36
DQSMITH
EXPLORE
Mittra
SEKHAR
INSERT
17-jul-2003 09:07:26
DQSMITH
Mittra
SEKHAR
EXPLORE_ORIGINAL SELECT
18-jul-2003 12:50:38
etc. etc. etc. ……
Storage Management for AUD$
During auditing AUD$ grows rapidly and
fragments SYSTEM tablespace. Archive its
rows frequently to remedy this situation:
•Determine archiving frequency based on
growth rate of AUD$.
•Copy the rows of AUD$ into AUD$_COPY,
say, created in a non-SYSTEM tablespace.
•Truncate AUD$.
Correction of Impact of Harmful
Activities with LogMiner
LogMiner provides two additional capabilities
not available with AUDIT TRAIL:
•DML commands executed and DML
commands to reverse them
•Session information to identify the user
LogMiner under Oracle 8i
Allows DBA to read binary Redo Log files,
online or archived
Setup
•Include initialization parameter utl_file_dir in
init.ora file whose value is a directory to which
Oracle can write.
•Run scripts dbmslmd.sql and dbmslm.sql
located in $ORACLE_HOME/rdbms/admin.
Setup (Contd.)
•Create LogMiner dictionary.
•Include Redo Log files for LogMiner analysis.
•Start a LogMiner session.
•Always end LogMiner session with the
procedure DBMS_LOGMNR.END_LOGMNR to
avoid an Ora-00600 internal error.
(Appendix 1 contains all the scripts to setup
LogMiner under Oracle 8i.)
LogMiner Output
Four v$ views, v$logmnr_logs,
v$logmnr_contents, v$logmnr_dictionary, and
v$logmnr_parameters, contain LogMiner data.
Query v$logmnr_contents on columns
•sql_redo (retrieve executed DML commands)
and sql_undo (retrieve reverse of executed
DML commands) to track user activities
•session_info and related columns to retrieve
user identification information
LogMiner Session Transcript
sql_redo
SQL>select to_char (timestamp, 'dd-monyyyy hh24:mi:ss') "Transaction Time",
sql_redo from v$logmnr_contents
where table_space != 'SYSTEM' and
timestamp > '15-JUL-2003‘ order by 1;
Transaction Time
SQL_REDO
----------------
----------------
24-jul-2003 15:51:29
insert into
"SYS"."TEST_LOG_MINER"("TEST_ID","TEST_DAT
E","TESTER_NAME","FINDINGS") values
(856,TO_DATE('17-MAY-1966 00:00:00', 'DD-M
ON-YYYY HH24:MI:SS'),'Sakuntala
Datta','All success'
LogMiner Session Transcript
(Contd.)
sql_undo
SQL>select to_char (timestamp, 'dd-monyyyy hh24:mi:ss') "Transaction Time",
sql_undo from v$logmnr_contents
where table_space != 'SYSTEM' and
timestamp > '15-JUL-2003‘ order by 1;
Transaction Time
SQL_UNDO
----------------
------------------
24-jul-2003 15:51:29
delete from "SYS"."TEST_LOG_MINER" where
"TEST_ID" = 856 and "TEST_DATE" =
TO_DATE('17-MAY-1966 00:00:00', 'DD-MONYYYY HH24:MI:SS')
and "TESTER_NAME" = 'Sakuntala Datta'
and "FINDINGS" = 'All success' and ROWID
= 'AAAA7NAAGAAAACPAAE';
LogMiner Session Transcript
(Contd.)
SESSION_INFO and Related Columns
select to_char (timestamp, 'dd-mon-yyyy
hh24:mi:ss') "Transaction Time",username,
session#, serial#, operation,session_info
from v$logmnr_contents
where timestamp > '07-AUG-2003'
and seg_name = 'EXPLORE' order by 1;
Transaction Time
USERNAME
SESSION#
SERIAL# OPERATION
-------------------- ------------------SESSION_INFO
---------------------------------------07-aug-2003 09:00:05 TIMS
8
4975 INSERT
LoginUserName = TIMS, ClientInfo = ,
OsUserName = Mittra, MachineName = DTS57\CSC-TIMS33
LogMiner Limitations
(1) LogMiner must be invoked afresh with
each new session. All LogMiner session
information resides in the PGA (Program Global
Area) which is a component of the SGA (System
Global Area). PGA is flushed when a user
session ends normally or abnormally and all the
session information is lost.
LogMiner Limitations (Contd.)
A session ends normally by executing the
procedure dbms_logmnr.end_logmnr.
A session ends abnormally generating a silent
internal Oracle error ORA-00600 when the
user types “exit” or issues the command
“connect username/password” without exiting.
Session Transcript
SQL> connect / as sysdba
Connected. (Session as user “SYS” starts)
SQL> show user
USER is "SYS”
(LogMiner is started successfully.)
SQL> connect tims/*******
Connected.
(Session as user “SYS” ends abnormally.
PGA is flushed. LogMiner session is lost)
SQL> select to_char (timestamp, 'dd-monyyyy hh24:mi:ss') "Transaction Time",
username, sql_redo, sql_undo from
v$logmnr_contents where TABLE_SPACE =
'TIMSDATA' order by 1 desc;
sql_redo, sql_undo from v$logmnr_contents
*
ERROR at line 2:
ORA-01306: dbms_logmnr.start_logmnr()
must be invoked before selecting from
v$logmnr_contents
LogMiner Limitations (Contd.)
(2) All LogMiner tables are created in the
SYSTEM tablespace, which may get fragmented
over time due to the growth of these tables. So,
Oracle recommends that a separate tablespace
be created to store the tables created and used
by LogMiner. The procedure
dbms_logmnr_d.set_tablespace can be used to
create such a tablespace.
Session Transcript
SQL> create tablespace logmnr_tblspc
datafile
'/tims1/ssmittra/dev01/monami_instance/l
ogminer/LOGMNR_TBLSPC01.dbf'
size 200M;
Tablespace created.
SQL> EXEC DBMS_LOGMNR_D.SET_TABLESPACE
('logmnr_tblspc');
PL/SQL procedure successfully completed.
LogMiner Limitations (Contd.)
(3) LogMiner dictionary is static under 8i,
but dynamic under 9i. This means that DML
actions made after the dictionary is created
are not recorded there under 8i. But this
limitation has been removed in 9i.
LogMiner under Oracle 9i
Setup is same as under Oracle 8i except
that there is no need to run dbmslmd.sql to
create a static dictionary, because the
LogMiner dictionary is dynamically updated
continuously from the online data dictionary.
Appendix 2 contains all the scripts to setup
LogMiner under Oracle 9i.
LogMiner under Oracle 9i (Contd.)
•Columns of v$logmnr_contents (e.g.,
sql_redo, sql_undo, session_info) return the
same information as under Oracle 8i
•Other three LogMiner v$ views are identical
under 8i and 9i
LogMiner dictionary is dynamic
under 9i
Sample Session Transcript
09:25:42 SQL> select to_char (timestamp,
'dd-mon-yyyy hh24:mi:ss') "Transaction
Time", username,sql_redo from
v$logmnr_contents
where TABLE_SPACE = 'TIMSDATA’ and
to_char (timestamp, 'dd-mon-yyyy
hh24:mi:ss') > '04-aug-2003 11:24:27'
order by 1;
Transaction Time
USERNAME
-------------------- --------------SQL_REDO
----------------------------------------04-aug-2003 11:25:06 SYS
insert into
"TIMS"."EXPLORE"("COL01","COL02","COL03",
"COL04") values ('35128','a
vav',TO_DATE('02-AUG-03', 'DD-MONRR'),'17');
(ENTER ONE INSERT AND ONE DELETE)
09:40:48 SQL> INSERT into tims.explore
values (6513, 'Indumati', sysdate - 3,
16);
1 row created.
09:43:31 SQL> DELETE from
tims.explore_copy where col02 = 'cxxc';
1 row deleted.
09:44:14 SQL> select to_char
(timestamp, 'dd-mon-yyyy hh24:mi:ss')
"Transaction Time", username,sql_redo
from v$logmnr_contents
where TABLE_SPACE = 'TIMSDATA’ and
to_char (timestamp, 'dd-mon-yyyy
hh24:mi:ss') > '04-aug-2003 11:24:27'
order by 1;
Transaction Time
USERNAME
-------------------- --------------SQL_REDO
---------------------------------------04-aug-2003 11:25:06 SYS
insert into
"TIMS"."EXPLORE"("COL01","COL02","COL03"
,"COL04") values ('35128','a
vav',TO_DATE('02-AUG-03', 'DD-MONRR'),'17');
05-aug-2003 09:41:11 SYS
INSERT into
“TIMS"."EXPLORE"("COL01","COL02","COL0
3","COL04") values ('6513','In
dumati',TO_DATE('02-AUG-03', 'DD-MONRR'),'16');
05-aug-2003 09:44:16 SYS
DELETE from "TIMS"."EXPLORE_COPY" where
"COL01" = '2013' and "COL02" = 'cxxc'
an
d "COL03" = TO_DATE('04-AUG-03', 'DDMON-RR') and "COL04" = '11' and ROWID =
'AA
AHxBAMgAAASOUAAB';
(INSERT AND DELETE COMMANDS HAVE BEEN
RECORDED IN THE DICTIONARY DYNAMICALLY)
Roadmap for Ensuring Data
Security in Oracle Databases
•Follow the principle of prevention, detection,
and correction of harmful user activities,
intentional or unintentional.
•Restore database to an instant prior to the
occurrence of a harmful event.
•Avoid PUBLIC as user as far as possible.
•Review and update security management plan.
Bibliography
•Kevin Loney and Marlene Theriault – Oracle 9i
DBA Handbook, Chapters. 10 and 11, Oracle Press,
2002.
•Sitansu S. Mittra – Database Performance Tuning
and Optimization Using Oracle, Chapter 5,
Springer-Verlag, 2003.
•Oracle MetaLink – papers on LogMiner; e.g., Notes
62508.1, 111886.1, etc.
•Marlene Theriault and Aaron Newman - Oracle
Security Handbook, Chapters 16 and 17, Oracle
Press, 2001.
Related documents
Using Power BI with my DBA Database
Using Power BI with my DBA Database
Database
Database
Oracle Demo Database Sample Queries
Oracle Demo Database Sample Queries
IMS Maxims – Multinational Company
IMS Maxims – Multinational Company
Job Descriptions - Human Resources Department JOB GOAL
Job Descriptions - Human Resources Department JOB GOAL
Business Intelligence and Data Warehousing
Business Intelligence and Data Warehousing
WESCO DISTRIBUTION, INC.
WESCO DISTRIBUTION, INC.
Data Warehouse performance and maintenance
Data Warehouse performance and maintenance
SQL Server Tools
SQL Server Tools
Recruitment Authorisation Form
Recruitment Authorisation Form
MidRange Concepts - Fox Valley Technical College
MidRange Concepts - Fox Valley Technical College
Deliver, Manage and Control Optimal Database Performance
Deliver, Manage and Control Optimal Database Performance