Database Security and User Management

Questions and Answers

PDF Questions PDF Answers

What are the fundamental data security requirements?

Confidentiality

Integrity

Availability

All of the above (correct)

What is authentication?

Authentication verifies the user’s identity.

Strong authentication includes only passwords.

False

What does authorisation primarily include?

Giving users certain permissions to access, process, or alter data and applying limitations on user access or actions.

What is auditing in database security?

Auditing is the monitoring and recording of selected user database actions.

What command is used to create a database user account in SQL*Plus?

CREATE USER

What is a profile in database security?

A profile is a named set of resource limits and password parameters that restrict database usage and instance resources for a user.

What is the syntax to create a profile?

CREATE PROFILE profile_name LIMIT { resource_parameters | password_parameters };

Object privileges can be granted along with system privileges in the same GRANT statement.

False

The default name for the temporary tablespace is ___ if not explicitly assigned.

TEMP

How can privileges be revoked from a user?

REVOKE { system_privilege | role | ALL PRIVILEGES } FROM { user | role | PUBLIC };

What is the purpose of allocating roles in database user management?

Roles simplify the management of multiple system and object privileges.

Which of the following is a predefined role in Oracle Database?

All of the above

Study Notes

Database Security Principles

• Key principles of database security include Authentication, Authorisation, and Auditing (AAA).
• Fundamental security requirements are confidentiality, integrity, and availability.

Authentication Methods

• Authentication verifies user identity and can be classified into three types:
  • Something you know: Password
  • Something you are: Biometric data
  • Something you have: Smart cards
• Basic authentication methods include using a password or operating system identification.
• Strong authentication involves additional measures such as biometric verification or certificates.

Authorisation Processes

• Authorisation grants users permissions and sets limitations on access.
• Limitations can be placed on database objects (schemas, tables, rows) or resources (CPU, idle time).

Auditing

• Auditing involves monitoring and recording specific database actions, identifiable by SQL statements or combinations of user name, application, and time.
• It provides insights into both successful and failed activities but increases the workload on the database.

Database User Accounts

• Each user account comprises:
  • Unique username, authentication method, default tablespace, temporary tablespace, tablespace quota, and user profile.

User Creation in SQL*Plus

• Use CREATE USER SQL statement to create a user account, requiring CREATE USER system privilege typically held by administrators.

Tablespaces

• Users need a default tablespace for object storage, ideally set to "USERS" instead of "SYSTEM" to avoid issues.
• Tablespace quota can be assigned to limit storage use by users.

User Profiles

• A profile is a set of resource limits and password security features managing user database access.
• Syntax for creating a profile includes resource and password parameters to regulate usage limits.

Profile Enforcement

• Profiles can only be assigned to users, not other profiles, and are enforced when resource limits are enabled in the database.

User Authorisation

• Authorisation defines allowed access to objects, privileges, and resources, limited by a user-specific profile.
• Privileges are classified into system and object privileges, controlling DDL and DML operations, respectively.

Granting Privileges

• Privileges can be granted using GRANT statement, either with or without ADMIN OPTION, to share privileges with other users.

Revoking Privileges

• Privileges revoked only if granted with ADMIN OPTION, using REVOKE syntax, which also allows for cascading revokes.

Object Privileges

• Object privileges vary by object type, with owners having all privileges on their objects and the ability to grant selected privileges to others.

Roles in Database Security

• Roles simplify privilege management by grouping related privileges and allowing the assignment of multiple privileges at once.
• Common predefined roles include:
  • CONNECT: Allows connection to the database.
  • RESOURCE: Enables creation and modification of schema objects.
  • DBA: Grants administrative functions, excluding database instance management.

Managing Roles

• Roles can be created, assigned privileges, and allocated to users or other roles, facilitating hierarchical privilege structures.

Description

This quiz covers database security principles, creating and managing database user accounts, profiles, and authorization implementation.