Database Security

Database Security
• Multi-user database systems like Oracle
include security to control how the
database is accessed and used for
example security Mechanisms:
– Prevent unauthorized database access
– Prevent unauthorized access to schema
objects
– Control disk usage
– Audit user actions
 Database security

Data security system security

 System Security
covers access and use of the database at
:the system level, such as
• the username and password
• the disk space allocated to users,
• and the system operations that users can
perform
 Data security
covers access and use of the database
objects and the actions that those users
can have on the objects such as
selecting data from a table or retrieving a
value from a sequence
 User Security
• AAA security model:
– Authentication: verifying the identity of someone (a
user, device, or an entity) who wants to access data,
resources, or applications.
• It give us initial access & many authentication methods
– Authorization: Access limits for authenticated users
• Least privileges principle: user must be able to access only
the information and resources that are necessary for its
legitimate purpose and no more
– Accounting: auditing
 User Security
• DB Account
• Privileges
• Roles
• profiles
 User Accounts
• Default user accounts:
– The following administrative user accounts are
automatically created when you install Oracle
Database
• SYS: granted by DBA role, owns Data Dictionary
• SYSTEM: granted the DBA role. This is the user account
that you log in with to perform all administrative
functions, except:
1. Startup and shutdown database
2. Backup database
Components of an oracle user account
• Unique username : it should be less than 30 character,
contains alphanumeric, $ and _
– You can not use keyword. E.g. insert, create … etc.
• Authentication method: password, OS or biometrics
• Default tablespace to store data
– It will be set to SYSTEM if not specified
• temporary tablespace for query processing work space
• Profile: It allows you to regulate the amount of resources
used by each database user & enforce complexity of
password
– To apply specific setting to a group of users. First create a profile then
assign users to it.
• account status : it can be: open, locked( attempts) or expired
 Creating Users

• The DBA creates the user by executing

the CREATE USER statement.
• The user does not have any privileges at
this point.
• The DBA can then grant privileges to that
user.
• These privileges determine what the
user can do at the database level.
 Creating Users

• The syntax for creating a user is:

CREATE USER user
IDENTIFIED BY password
DEFAULT TABLESPACE tablespace_name
TEMPORARY TABLESPACE tablespace_name
QUOTA [UNLIMITED ] [integer M] on tablespace_name
PROFILE profile_name;

• Example:
CREATE USER Scott
IDENTIFIED BY tiger
DEFAULT TABLESPACE system
TEMPORARY TABLESPACE temp
QUOTA UNLIMITED on system
PROFILE managerProfile;
User created.
 Privileges
• Privileges are the right to execute particular
SQL statements. The database administrator
(DBA) is a high-level user with the ability to grant
users access to the database and its objects
• Example:
▪ The ability to connect to the database
▪ The ability to create a user
▪ The ability to create a table
• System privileges: Gaining access to the
database
• Object privileges: Manipulating the content of the
database objects
 schema
• A schema is a collection of objects, such
as tables, views, and sequences.
• The schema is owned by a database user
who create it and has the same name as
that user.
 System Privileges
• System privileges can be given to a user by another user who has
administrator privileges or by a user who has the right to grant a
system privilege
• More than 200 privileges are available such as:
– Creating new users
– Removing users
– Removing tables
– Backing up tables
• Special Administrative privileges: required for an administrator to
perform basic database operations are granted through two special
system privileges
• SYSDBA privilege: can do anything
• SYSOPER privilege: sub-admin access, can perform:
– Backup, recover, startup, shutdown
– No access to data itself
 System Privilege Operations Authorized

CREATE USER Grantee can create other Oracle

users (a privilege required
for a DBA role).

DROP USER Grantee can drop another user.

DROP ANY TABLE Grantee can drop a table in any
schema.
BACKUP ANY TABLE Grantee can back up any table in
any schema with the export utility
CREATE ANY TABLE Grantee can create tables in any
schema.

SELECT ANY TABLE Grantee can query tables, views,

or snapshots in any schema
 User System Privileges

• Once a user is created, the DBA can grant specific

system privileges to a user.
GRANT privilege
TO user [WITH ADMIN OPTION] ;
• WITH ADMIN OPTION: it means give grantee right to
grant the same privileges to other users
• An application developer, for example, may have
the following system privileges:
– CREATE SESSION
– CREATE TABLE
– CREATE SEQUENCE
– CREATE VIEW
– CREATE PROCEDURE
 Granting System Privileges
• The DBA can grant a user specific
system privileges. Example:
GRANT create session, create table,
create sequence, create view
TO Scott;
Grant succeeded.
 Object Privileges

• An object privilege is a privilege or right to

perform a particular action on a specific
(object) table, view, sequence, or procedure
• Each object has a particular set of grantable
privileges. The table in the next slide lists the
privileges for various objects
Object Privileges
 Object Privileges
• Object privileges vary from object to object.
• An owner has all the privileges on the object.
• An owner can give specific privileges on that
owner’s object.
• Syntax:
GRANT object_privilege [(columns)]
ON object
TO user
[WITH GRANT OPTION];
• If the grant includes WITH GRANT OPTION, then the
grantee can further grant the object privilege to other
users; otherwise, the grantee can use the privilege but
cannot grant it to other users.
 Granting Object Privileges

• Grant query privileges on the EMPLOYEES table.

GRANT select
ON employees
TO Norah, Sarah;
Grant succeeded.
• Grant privileges to update specific columns to
users and roles.
GRANT update (department_name, location_id)
ON departments
TO Scott, manager;
Grant succeeded.
 How to Revoke Object Privileges

• Remove privileges granted to other users

by using the REVOKE statement. When
you use the REVOKE statement you
prevent the user from doing specific
actions depending on the privileges you
revoke from the user.
 How to Revoke Object Privileges

• Syntax:
REVOKE privilege ,ALL
ON object
FROM user,role,PUBLIC;
Example:
REVOKE select, insert
ON departments
FROM Scott;
Revoke succeeded.
 How to Revoke Object Privileges

• Privileges granted to others through the WITH GRANT

OPTION clause are also revoked.
• For example, if user A grants SELECT privilege on a
table to user B including the WITH GRANT OPTION
clause, user B can grant to user C the SELECT privilege
with the WITH GRANT OPTION clause as well,
and user C can then grant to user D the SELECT
privilege. If user A revokes privilege from user B, then
the privileges granted to users C and D are also revoked.
 ?What Is a Role

• A role is a named group of related privileges that can be

granted to the user.
• This method makes it easier to revoke and maintain
privileges.
• user can have access to several roles, and several users
can be assigned the same role
• Pre-defined roles:
– DBA: it has all system privileges (which SYS/SYSTEM have)
– RESOURCE: Enables a user to create certain types of objects in
his own schema
– CONNECT: Enables a user to connect to the database. Grant
this role to any user or application that needs database access.
 Creating and Assigning a Role

• First, the DBA must create the role. Then

the DBA can assign privileges to the role
and users to the role.
Syntax
CREATE ROLE role;
Creating and Granting Privileges
to a Role
• Create a role
CREATE ROLE manager;

• Grant system privileges to a role

GRANT create table, create view
TO manager;

• Grant a role to users

GRANT manager TO Maha, Nora;
 Changing Your Password

• The DBA creates your user account and initializes your

password.
• You can change your password by using the
ALTER USER statement.
• Syntax
ALTER USER user IDENTIFIED BY newpassword;
EX:
• ALTER USER Scott
IDENTIFIED BY lion;
User altered.
 Using the WITH GRANT OPTION and
PUBLIC Keywords

• Give a user authority to pass along privileges.

GRANT select, insert
ON departments
TO Scott
WITH GRANT OPTION;
Grant succeeded.
• Allow all users on the system to query data from
Alice’s DEPARTMENTS table.
GRANT select
ON alice.departments
TO PUBLIC;
Grant succeeded.
 User Security Guidelines
• To grant privileges on an object, the object must be in
your own schema, or you must have been granted the
object privileges WITH GRANT OPTION .
• An object owner can grant any object privilege on the
object to any other user or role of the database.
• The owner of an object automatically acquires all object
privileges on that object.
• Do not give your users more abilities than they need to
get the job done.
• Expire and lock unnecessary users.
• Create many user profile, each with different level of
security setting then assign each one of them to
appropriate group of user based on their privileges.
 Transparent Data Encryption
• Oracle Database 10g uses authentication,
authorization, and auditing mechanisms to secure data
in the database, but not in the operating system files
where the data is stored.
• To protect those files, Oracle Database 10g provides
transparent data encryption. This feature enables you
to protect sensitive data in database columns stored in
operating system files by encrypting it.
• Transparent data encryption enables simple and easy
encryption for sensitive data in columns without
requiring users or applications to manage the
encryption key.
 How Transparent Data Encryption
Works
• Transparent data encryption is a key-based
access control system. Even if the encrypted
data is retrieved, it cannot be understood until
authorized decryption occurs, which is
automatic for users authorized to access the
table.
• single key is used regardless of the number of
encrypted columns for one table
• Creating a New Table with an Encrypted Column
CREATE TABLE employee ( first_name VARCHAR2(128),
last_name VARCHAR2(128), empID NUMBER, salary
NUMBER(6) ENCRYPT );
• Encrypting Unencrypted Columns
ALTER TABLE employee MODIFY (first_name ENCRYPT);
• Disabling Encryption on a Column
ALTER TABLE employee MODIFY (first_name DECRYPT);
 links
• http://www.dba-oracle.com/art_karam_oracle_user_security.htm