Oracle Database Security Policy Analysis (iii) 1th/2 page _oracle

The Oracle tutorial you are looking at is: Oracle Database Security Policy Analysis (iii). security Policy for data:

Data should be considered based on the importance of data. If the data is not very important, then the security policy of the data can be slightly relaxed. However, if data is important, there should be a cautious security policy that maintains effective control over access to data objects.

　　User Security Policy:

(1) Security of general users

Security of a password
If a user is authenticated as a user through a database, it is recommended that you connect to the database using a password encryption method.

This approach is set up in the following ways:

Set in the client's Oracle.ini file
The number of Ora_encrypt_login is true;

Set in the server-side Initoracle_sid.ora file
The Dbling_encypt_login parameter is true.

B Rights Management
For those with many users, applications and data objects are very rich database, should take full advantage of the "role" of the convenience of the mechanism to effectively manage the rights. For a complex system environment, "role" can greatly simplify the management of permissions.

(2) Security of end users

You must develop security policies for end users. For example, for a large database with many users, security managers can determine user group classifications, create user roles for those groups, grant the required permissions and application roles to each user role, and assign users to the appropriate user roles. When dealing with special application requirements, security managers must explicitly grant certain permission requirements to the user. You can use roles to manage the rights of end users.

Current 1/2 page 12 Next read the full text