DROP USER AUDITOR;DROP TABLE SYSTEM

Question

8.  Tidy up:drop user auditor;drop table system.audi;Two-Minute DrillCreate and Manage Database User Accounts• Users connect to a user account, which is coupled with a schema.• All users must be authenticated before they can connect.• A user must have a quota on a tablespace before they create any objects.• A user who owns objects cannot be dropped, unless the CASCADE keyword is used.Grant and Revoke Privileges• By default, a user can do nothing. You can’t even log on.• Direct privileges are always enabled.• A revocation of a system privilege does not cascade; a revocation of an object privilege does.Create and Manage RolesPA R T  I• Roles are not schema objects.• Roles can contain both system and object privileges, and other roles.• A role can be enabled or disabled for a session.Create and Manage Profiles• Profiles can manage passwords and resource limits.• Password limits are always enforced; resource limits are dependent on an instance parameter.• Every user is associated with a profile, which by default is the DEFAULT profile.Database Security and Principle of Least Privilege• Everything not specifically permitted should be forbidden.• The database administrator and the system administrator should not be the same person.• Privileges granted to the PUBLIC role must be monitored.• Security-critical instance parameters must be monitored and cannot be changed without restarting the instance.Work with Standard Database Auditing• Database auditing can be oriented toward privileges, commands, or objects.• Audit records can be directed toward a database table or an operating system file.• Database audit records are stored in the SYS.AUD$ data dictionary table.• Fine-grained auditing can be directed toward particular rows and columns.• Auditing can also be implemented with database triggers.Self Test

DROP USER AUDITOR;DROP TABLE SYSTEM

8. Tidy up:

Two-Minute Drill

Create and Manage Database User Accounts

• Users connect to a user account, which is coupled with a schema.

• All users must be authenticated before they can connect.

• A user must have a quota on a tablespace before they create any objects.

• A user who owns objects cannot be dropped, unless the CASCADE keyword

is used.

Grant and Revoke Privileges

• By default, a user can do nothing. You can’t even log on.

• Direct privileges are always enabled.

• A revocation of a system privilege does not cascade; a revocation of an object

privilege does.

Create and Manage Roles

PA R T I

• Roles are not schema objects.

• Roles can contain both system and object privileges, and other roles.

• A role can be enabled or disabled for a session.

Create and Manage Profiles

• Profiles can manage passwords and resource limits.

• Password limits are always enforced; resource limits are dependent on an

instance parameter.

• Every user is associated with a profile, which by default is the DEFAULT profile.

Database Security and Principle of Least Privilege

• Everything not specifically permitted should be forbidden.

• The database administrator and the system administrator should not be the

same person.

• Privileges granted to the PUBLIC role must be monitored.

• Security-critical instance parameters must be monitored and cannot be

changed without restarting the instance.

Work with Standard Database Auditing

• Database auditing can be oriented toward privileges, commands, or objects.

• Audit records can be directed toward a database table or an operating system file.

• Database audit records are stored in the SYS.AUD$ data dictionary table.

• Fine-grained auditing can be directed toward particular rows and columns.

• Auditing can also be implemented with database triggers.

Self Test

Bạn đang xem 8. - OCA OCP ORACLE DATABASE 11G A LL IN ONE EXAM GUIDE P30 POTX