Generally System user have a right to access most of the tables in database. which could be a security breach in many cases for critical application. Where DBA can access the table data which they are not authorized to do so.
Here we are demonstrating how to protect HR schema from system access. the same can be applied to other schema's
Once the Database Vault is configured it become easy to achieve above.
1) Connect as the Database Vault owner
2) Move to Administration tab to create a REALM :- [Protected Zone for your database Objects ]
3) Clicking on REALM will take you to default Realm's Page. You can create Realm from this page by hitting create button
4) Create a Realm Page will allow you to define name of realm and audit policy.
5) Once basic info provided it will take you to Realm status page from where you can view the protection and authorization level.
6) Now its time to add schema + Schema Object to the Protection Zone .i.e. Realm. For Doing that you need to move to Realm's definition page and move to realm secured object section
We are ready to test the Database Security feature [protecting Schema from super users]
Here in below screen shot we can see that after logging as system in database. System user is not able to get any data from HR schema. But he is still able to view SCOTT Schema table [EMP]. As Scott schema table is not in Protected Zone.
The same can be achieved using command line too.. and for other schemas
:)
Here we are demonstrating how to protect HR schema from system access. the same can be applied to other schema's
Once the Database Vault is configured it become easy to achieve above.
1) Connect as the Database Vault owner
2) Move to Administration tab to create a REALM :- [Protected Zone for your database Objects ]
3) Clicking on REALM will take you to default Realm's Page. You can create Realm from this page by hitting create button
4) Create a Realm Page will allow you to define name of realm and audit policy.
5) Once basic info provided it will take you to Realm status page from where you can view the protection and authorization level.
6) Now its time to add schema + Schema Object to the Protection Zone .i.e. Realm. For Doing that you need to move to Realm's definition page and move to realm secured object section
We are ready to test the Database Security feature [protecting Schema from super users]
Here in below screen shot we can see that after logging as system in database. System user is not able to get any data from HR schema. But he is still able to view SCOTT Schema table [EMP]. As Scott schema table is not in Protected Zone.
The same can be achieved using command line too.. and for other schemas
:)
You have created realm to restrict only hr schema tables so obviously it can access scott schema tables..
ReplyDelete