Create user groups to ensure Oracle Database Security

Source: Internet
Author: User

Oracle DatabaseProgramSecurityThe performance objective is generally divided into two categories: one class that all users can execute, and the other class that only DBA can execute. In Unix, the configuration file set for the group is/etc/group. For details about how to configure this file, see the relevant Unix manual. Creating user groups in the operating system is an effective way to ensure database security. I hope the content involved in this article will be helpful to you.

Several methods to ensure security:

(1) Before installing OracleServer, create a database administrator group (DBA) and assign the user IDs of the root and Oracle software owner to this group. Only 710 of the programs that DBA can execute are permitted. During the installation process, the SQL * DBA system permission command is automatically assigned to the DBA group.

(2) allow some Unix users to access the Oracle server system with restrictions, add an Oracle group of authorized user groups, and ensure that the Oracle group ID and common executable programs are assigned to the Oracle server utility routine, for example, SQL * Plus, SQL * Forms, and so on should be executed by this group, and the permission of this utility routine is 710, which will allow users in the same group to execute, while other users cannot.

(3) change the permissions of programs that do not affect database security to 711. NOTE: For the convenience of installation and debugging in our System, the default password of Sys and System for two users with DBA permissions in Oracle Database is manager. To ensure the security of your database system, we strongly recommend that you delete the passwords of these two users as follows:

In SQL * DBA, type:

Alter user sys indentified by password;

Alter user system indentified by password;

Here, password is the password you set for the user.

Security of Oracle Server utilities

The following are some suggestions to protect the Oracle server from being used by illegal users:

(1) ensure that all programs under the $ ORACLE_HOME/bin directory are owned by the Oracle software owner;

(2) grant 711 permissions to all users (sqiplus, sqiforms, exp, imp, etc.) so that all users on the server can access the Oracle server;

(3) grant all DBA Utility Routines (such as SQL * DBA) 700 permissions. When an Oracle server and a Unix group access a local server, you can map the role of an Oracle server to a Unix group in the operating system to use the security of the Unix management server, this method is applicable to local access.

The format of specifying an Oracle Server role in Unix is as follows:

Ora_sid_role [_ dla]

The sid is the oracle_sid of your Oracle database;

Role is the role name on the Oracle server;

D (optional) indicates that this role is the default value;

A (optional) indicates that this role has the with admin option,

You can only assign this role to other roles, not other users.

The following example is set in the/etc/group file:

Ora_test_osoper_d: NONE: 1: jim, narry, scott

Ora_test_osdba_a: NONE: 3: pat

Ora_test_role1: NONE: 4: bob, jane, tom, mary, jim

Bin: NONE: 5: root, oracle, dba

Root: NONE: 7: root

The phrase "ora_test_osoper_d" indicates the group name; the phrase "NONE" indicates the password of the group; the number 1 indicates the ID of the group; and the next part is the members of the group. The first two rows are examples of Oracle Server roles. test is used as sid, and osoper and osdba are used as the names of Oracle Server roles. Osoper is the default role assigned to the user. osdba has the WITHADMIN option. To enable these database roles to work, you must shutdown your database system, set the OS _roles parameter in the Oracle database parameter file initORACLE_SID.ora to True, and then restart your database. If you want these roles to have the connectinternal permission, run orapwd to set a password for these roles. When you try connect internal, the password you typed indicates the permissions of the role.

This article describes how to set up a user group to ensure the security of Oracle databases. We hope that you will be able to master the methods for setting up a user group to ensure the security of Oracle databases, I believe this will be very helpful for your future work.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.