 |
|
Oracle Tips by Burleson |
Chapter 2 Introduction
to Oracle Security
There are several other types of possible
accesses to the tables. If JUDY has a table whose parent table is
CLAIMS, defining the referential integrity constraint requires a
different kind of privilege called REFERENCES, unlike the ones
already defined. Similarly, JUDY may be allowed to modify the
structure of the table, and she will need an ALTER privilege to do
that. A stored program, such as a stored procedure, package or
function, will need an EXECUTE privilege to be granted executable by
a user.
If, at any point in time, it is determined that
JUDY does not need any DELETE privileges on the CLAIMS table since
she does not delete data from that table, the privilege can be
revoked from her by using
REVOKE DELETE ON CLAIMS FROM JUDY;
The other privileges granted to Judy remain
unaffected.
Granting privileges to an object requires
careful analysis and planning. Under no circumstances should a user
be granted all the possible privileges on an object. HIPAA
requirements clearly mandate that the access privileges of users be
documented and enforced. Application developers should specify the
exact privilege requirements on the objects, and only those should
be granted. This leads to another question – who has what privilege?
This question falls under auditing for security. In Chapter 4,
several scripts have been provided that throw light on the
privileges held by users on various objects. The output from these
scripts can be reviewed by corporate security for potential holes or
just filed away as documentation.
The above text is
an excerpt from:
Oracle Privacy Security Auditing
The
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only $39.95 and has an
immediate download of working security scripts:
http://rampant-books.com/book_2003_2_audit.htm |
