Implement authorization, authentication, privileges on database.
Authentication means verifying the identity of a user, device, or other entity who wants to use data, resources, or applications. Validating this identity establishes a trust relationship for further interactions. Authentication also enables accountability by making it possible to link access and actions to specific identities. After authentication, authorization processes can allow or limit the levels of access and action permitted to that entity.
You can authenticate both database and non database users for an Oracle database. For simplicity, the same authentication method is generally used for all database users, but Oracle Database allows a single database instance to use any or all methods. Oracle Database requires special authentication procedures for database administrators, because they perform special database operations. Oracle Database also encrypts passwords during transmission to ensure the security of network authentication.
Minimum Requirements for Passwords
Oracle provides a set of minimum requirements for passwords.
Passwords can be at most 30 bytes long. There are a variety of ways that you can secure passwords, ranging from requiring passwords to be of a sensible length to creating custom password complexity verification scripts that enforce the password complexity policy requirements that apply at your site.
Creating a Password by Using the IDENTIFIED BY Clause
SQL statements that accept the IDENTIFIED BY clause also enable you to create passwords.
To create passwords for users, use the CREATE USER, ALTER USER, GRANT CREATE SESSION, or CREATE DATABASE LINK SQL statement. The following SQL statements create passwords with the IDENTIFIED BY clause.
CREATE USER Raj IDENTIFIED BY password;
GRANT CREATE SESSION TO Raj IDENTIFIED BY password;
Authorization and Privileges
Authorization permits only certain users to access, process, or alter data. It also creates limitations on user access or actions.
The limitations placed on (or removed from) users can apply to objects such as schemas, entire tables, or table rows.
A user privilege is the right to run a particular type of SQL statement, or the right to access an object that belongs to another user, run a PL/SQL package, and so on. The types of privileges are defined by Oracle Database.
Privileges can fall into the following general categories:
==> System privileges:- These privileges allow the grantee to perform standard administrator tasks in the database.
==> Object privileges:- Each type of object has privileges associated with it. Managing Object Privileges describes how to manage privileges for different types of objects.
==> Table privileges:- These privileges enable security at the DML (data manipulation language) or DDL (data definition language) level.Table Privilegesdescribes how to manage table privileges.
==> View privileges:- You can apply DML object privileges to views, similar to tables. See View Privileges for more information.
==> Procedure privileges:- Procedures, including standalone procedures and functions, can be granted the EXECUTE privilege. See Procedure Privileges for more information.
==> Type privileges:- You can grant system privileges to named types (object types, VARRAYs, and nested tables). You grant privileges to users so they can accomplish tasks required for their jobs.
You should grant a privilege only to a user who requires that privilege to accomplish the necessary work. Excessive granting of unnecessary privileges can compromise security. For example, you never should grant SYSDBA or SYSOPER administrative privilege to users who do not perform administrative tasks.
You can grant privileges to a user in two ways:
==> You can grant privileges to users explicitly. For example, you can explicitly grant to user Raj the privilege to insert records into the employees table.
==> You can grant privileges to a role (a named group of privileges), and then grant the role to one or more users. For example, you can grant the privileges to select, insert, update, and delete records from the employees table to the role named clerk, which in turn you can grant to users.
I hope this article will help you