8. Tidy up:
drop user auditor;drop table system.audi;Two-Minute Drill
Create and Manage Database User Accounts
• Users connect to a user account, which is coupled with a schema.
• All users must be authenticated before they can connect.
• A user must have a quota on a tablespace before they create any objects.
• A user who owns objects cannot be dropped, unless the CASCADE keyword
is used.
Grant and Revoke Privileges
• By default, a user can do nothing. You can’t even log on.
• Direct privileges are always enabled.
• A revocation of a system privilege does not cascade; a revocation of an object
privilege does.
Create and Manage Roles
PA R T I
• Roles are not schema objects.
• Roles can contain both system and object privileges, and other roles.
• A role can be enabled or disabled for a session.
Create and Manage Profiles
• Profiles can manage passwords and resource limits.
• Password limits are always enforced; resource limits are dependent on an
instance parameter.
• Every user is associated with a profile, which by default is the DEFAULT profile.
Database Security and Principle of Least Privilege
• Everything not specifically permitted should be forbidden.
• The database administrator and the system administrator should not be the
same person.
• Privileges granted to the PUBLIC role must be monitored.
• Security-critical instance parameters must be monitored and cannot be
changed without restarting the instance.
Work with Standard Database Auditing
• Database auditing can be oriented toward privileges, commands, or objects.
• Audit records can be directed toward a database table or an operating system file.
• Database audit records are stored in the SYS.AUD$ data dictionary table.
• Fine-grained auditing can be directed toward particular rows and columns.
• Auditing can also be implemented with database triggers.
Self Test
Bạn đang xem 8. - OCA OCP ORACLE DATABASE 11G A LL IN ONE EXAM GUIDE P30 POTX