week 6 lecture 2 system and object privileges. learning objectives identify and manage system and...
TRANSCRIPT
Week 6Lecture 2
System and Object Privileges
Learning Objectives
Identify and manage system and object privileges
Grant and revoke privileges to users
Understand auditing capabilities and practice using auditing commands
Overview of Privileges
Privileges allow users to perform operations on the database.
2 types of privileges: System privileges: gives user the ability to
manage some part of the database Object privileges: gives user the ability to
perform tasks on tables and objects owned by a schema
Identifying System Privileges
Common system privileges include:
SYSDBA: Allows the user to start up and shut down the database and to
create an spfile (system initialization parameter file). The SYSTEM and SYS predefined users have this privilege.
SYSOPER: Same as SYSDBA, but does not include the ability to create a
database. CREATE SESSION:
You assigned this privilege to a user in the previous chapter. This allows a user to log onto the database.
More System Privileges
CREATE TABLE, CREATE INDEX, and CREATE VIEW: Allow users to create their own tables, indexes, and views.
CREATE USER: DBA must have this privilege to create new users. You logged on
as SYSTEM to create users in the previous chapter. CREATE ANY TABLE:
Usually reserved for the DBA, allowing him or her to create a table in any schema.
DROP ANY TABLE: Allows the user to drop any schema’s tables, except those
needed by the database system itself (the data dictionary tables).
More System Privileges
SELECT ANY TABLE: Usually reserved for the DBA, because it allows the user to query any
table on the database. GRANT ANY PRIVILEGE, GRANT ANY OBJECT PRIVILEGE:
Allow the user (preferably the DBA) to assign any system privilege or any object privilege to other users.
BACKUP ANY TABLE: Allows the user to use the Export utility to export any table in the
database. Exporting
a form of backup that can be used to back up specific tables or schemas, or to back up the entire database.
Using Object Privileges
Object privileges more pinpointed than system privileges. An object privilege has a much narrower focus. Object privileges always pertain to a table, function, procedure, or
other object. Several different object privileges:
some available only for tables and views others only available for functions, procedures, packages, or
user-defined types.
Managing System and Object Privileges
Privileges managed by granting and revoking privileges to users and roles.
Granting a privilege allows the user to perform some action Revoking a privilege removes a privilege from a user so that he
can no longer perform the action
Granting and Revoking System Privileges
Basic syntax of the GRANT command for system privileges:
GRANT <systempriv>, <systempriv>,...|ALL PRIVILEGES
TO <user>,<user>...|PUBLIC
WITH ADMIN OPTION;
Granting System Privileges
List as many system privileges as you want, separating each with a comma. Can also substitute ALL PRIVILEGES for a list of privileges. Use with
caution, because it grants the user all of the 100 plus system privileges except SELECT ANY DICTIONARY.
Add the WITH ADMIN OPTION only when you want the user to be able to grant the same system privilege to other users.
List all the users to whom you want to grant the same system privileges. Alternatively, use PUBLIC instead of a specific user name to grant the
privilege to all users, including users created in the future.
Revoking System Privileges
Basic syntax of the REVOKE command for system privileges:
REVOKE <systempriv>, <systempriv>,...|ALL PRIVILEGES
FROM <user>, <user>,...|PUBLIC;
Final note about system privileges: System privileges are needed to create tables in the database. The
owner (schema) of a table can automatically select, insert, update, and delete data in his own tables. However, no other users (except the DBA) are allowed to even see the table’s name without permission from the owner or the DBA. This is where object privileges come into play.
Granting Object Privileges
Basic syntax for granting object privileges:
GRANT <objectpriv>, <objectpriv>,... |ALL
(<colname>,...) ON <schema>.<object>
TO <user>,...|PUBLIC
WITH GRANT OPTION
WITH HIERARCHY OPTION;
Granting Object Privileges
Column list: Used only when you want to grant a privilege for specific
columns in the table or view. Could employ it as a security feature to restrict users from
updating sensitive fields. Can only be used to grant UPDATE, REFERENCES, and
DELETE privileges.
PUBLIC: Can list object privileges for one object, and you can also
list users who receive those privileges. Substituted for user names when you want to grant the
privilege to all users.
Granting Object Privileges
WITH GRANT OPTION: Similar to the WITH ADMIN OPTION. Use when you want the user to be able to issue
grants to other users.
WITH HIERARCHY OPTION: special feature used for objects that have
subobjects. subobject is an object based on another object
The option is included for completeness of syntax. Instructs Oracle9i to grant the object privilege to the user
on the object and on all its subobjects.
Viewing Privileges
DBA_SYS_PRIVS• All system privileges granted
DBA_TAB_PRIVS• All object privileges granted
USER_TAB_PRIVS_MADE • All object privileges granted by the user
USER_TAB_PRIVS_RECD• All object privileges when the user is the grantee
DBA_COL_PRIVS• All object privileges on column lists
SESSION_PRIVS • User’s privileges currently enabled
Description of Auditing Capabilities
Monitoring activity on the database is called auditing Frequently used to determine who is making unauthorized
updates or deletions to sensitive data Three types of auditing that Oracle9i can run automatically
Description of Auditing Capabilities
Statement auditing: Audits types of SQL commands. You must have the AUDIT
SYSTEM privilege to use this type of auditing.
Privilege auditing: Audits use of particular privileges. You must have the
AUDIT SYSTEM privilege to use this type of auditing.
Object auditing: Audits activity on a certain object. You can use the AUDIT
command to set up object auditing for any object you own. Otherwise, you must have the AUDIT ANY privilege to audit objects.
Description of Auditing Capabilities
Auditing has no effect until you set the AUDIT_TRAIL initialization parameter. Valid settings for AUDIT_TRAIL include:
TRUE or DB: • Starts auditing and places the audit trail records into the
SYS.AUD$ table.
FALSE or NONE: • Turns off auditing. Default is NONE.
OS: • Starts auditing and places the audit trail records into an operating
system file in the directory named in the AUDIT_FILE_DEST initialization parameter.
Object Auditing
Syntax of the AUDIT command for object auditing:
AUDIT <objpriv>,<objpriv>,...|ALL
ON <schema>.<object>|DEFAULT|NOT EXISTS
BY SESSION|BY ACCESS
WHENEVER SUCCESSFUL|WHENEVER NOT SUCCESSFUL;
Object Auditing
To set this auditing for the automatic turn on of any new object that is created, substitute DEFAULT for an object name.
Substitute NOT EXISTS for an object name, and Oracle9i creates an audit trail record for attempted actions that fail with the “object does not exist” error.
Privilege Auditing
Syntax of the AUDIT command for privilege auditing:
AUDIT <priv>,<priv>,...|ALL PRIVILEGES|CONNECT|RESOURCE|DBA
BY <username>
BY SESSION|BY ACCESS
WHENEVER SUCCESSFUL|WHENEVER NOT SUCCESSFUL;
SQL Statement Auditing
Syntax of the AUDIT command for SQL statement auditing:
AUDIT <sql>,<sql>,...|ALL
BY <username>
BY SESSION|BY ACCESS
WHENEVER SUCCESSFUL|WHENEVER NOT SUCCESSFUL;
Description of Auditing Capabilities
BY SESSION: Tells Oracle9i to write one record to the audit trail for each
session for the same SQL or privilege on the same object. Saves space in the audit trail.
BY ACCESS: Tells Oracle9i to write one record to the audit trail for every
occurrence of the audited event. The default. Can specify either BY ACCESS or BY SESSION, but not
both.
Description of Auditing Capabilities
WHENEVER SUCCESSFUL: Tells Oracle9i to write a record to the audit trail only
when the operation is successful.
WHENEVER NOT SUCCESSFUL: Tells Oracle9i to write a record to the audit trail only
when the operation is not successful. If you don’t specify this or the previous clause,
Oracle9i writes a record for the operation it is auditing regardless of whether it succeeds.
Viewing Audit Results
DBA_AUDIT_EXISTS: • Audit trail records generated by object auditing of non-existent objects
DBA_AUDIT_OBJECT: • Audit trail records generated by object auditing
DBA_AUDIT_SESSION: • Audit trail records generated by session auditing
DBA_AUDIT_STATEMENT: • Audit trail records generated by statement auditing
DBA_AUDIT_TRAIL: • All audit trail records All of these have a corresponding
USER_counterpart, except DBA_AUDIT_EXISTS.
Stopping and Altering Audits
Audits are turned off and modified with the NOAUDIT command
The NOAUDIT command’s structure is exactly like the AUDIT command; it turns off the auditing it names
You can turn off selective portions of the audit you have set up
Lecture Summary
System privileges allow a user to manage some part of the database system
Object privileges allow a user to work with an object. SYSDBA and SYSOPER are system privileges that allow a
user to start up and shut down the database, as well as other high-level tasks
The CREATE SESSION system privilege is needed to log onto the database
Lecture Summary
Typical object privileges for a table include SELECT, INSERT, UPDATE, and DELETE
The GRANT and REVOKE commands are used for both system and object privileges
Use WITH ADMIN OPTION when granting system privileges to allow the user to grant that privilege to others
Lecture Summary
A grant made to PUBLIC gives all users the privilege Revoked system privileges do not cascade to other users Use WITH GRANT OPTION when granting object
privileges to allow the user to grant that privilege to others Revoked object privileges cascade to other users
Lecture Summary
Object privileges can be granted on columns The owner of a table can grant object privileges on that
table The grantor grants the privilege and the grantee receives
the privilege Querying an object without privileges to query causes an
error stating that the object does not exist
Lecture Summary
Statement auditing is the monitoring of activity on a particular type of statement, such as SELECT
Privilege auditing audits any command that is authorized by the privilege, such as CREATE TABLE
Object auditing generates audit trail records as soon as the object is used, such as with SELECT or DELETE statements
Lecture Summary
The SYS.AUD$ table holds auditing records unless the AUDIT_TRAIL initialization parameter is set to “OS”
AUDIT_SYS_OPERATIONS is an initialization parameter that, when set to “TRUE,” causes Oracle9i to audit all activity by SYS or users with SYSDBA privileges
BY ACCESS or BY SESSION tell Oracle9i whether to write a record for each occurrence of an audited event or a summary record for the session
Lecture Summary
The following clauses limit the writing of audit trail records: WHENEVER SUCCESSFUL and WHENEVER NOT SUCCESSFUL
AUDIT_TRAIL is a static parameter, so you must restart the database after changing it
A group of data dictionary views shows audit trail records for each type of auditing
Use the NOAUDIT command to stop specific auditing activities