DATABASE SECURITY
AND AUDTING
CHAPTER 3
ADMINISTRATION OF USERS
Introduction:
This chapter presents an overview of database practices from the point of view of
both management and operations. It also supplies scenarios that broaden understanding of
user administration. The chapter begins with a discussion of the importance of
documentation with respect to user administration and then continues with a presentation
of the user account and login concepts in terms of database prospects followed by stepby-step instruction on how to put these concepts into practice.
Learning objectives:
 Documentation of user administration
 Operation system Authentication.
 Creating users.
 Removing users.
 Modify users.
 Database, Remote users
 Database link
Symbols:
Important points
Note
3.1 Documentation of user Administration:
Many security violations are caused bye negligence and ignorance, and in
particular by failing to consider documentation of practices to be part of the process of
administering users. The top three failures of administration process are.
1) Lack of time.
2) Belief that the administration process is already documented.
3) Reluctance to complicate a process that is simple.
Everything should be documented for two reasons: to provide a paper trail to retrace
exactly what happened when a breach of security occurs; and to ensure administration
consistency. Documentation in this context includes the following.
Administration policies: A detail document should describe guidelines for every task
that is required for all common administrative situations.
Security procedures: This is an outlines of a step-by-step process for performing an
administrative task according to company policies.
Procedure implementation scripts or program: This includes a user’s manual and
operational manual.
Predefined roles description: This provide a full description of all predefined roles,
outlining all tasks for which the role is responsible and the roles relationship to other
roles.
Administration staff and management: This is usually a detailed description of each
administration staff and management position. The document includes an
organization chart.
Sample process for creating a database user accounts
This process illustration which presents a sample form for a user account application.
3.2 Operation system Authentication:
If a hacker breaks into the operating system through the host machine, the
possibility of that hacker accessing the database residing on the server is high. A tight
grip on the operating system is warranted and essential. Many database management
systems depend on the operating system to authenticate users.
Figure 3-3 presents the ideal authentication enforcement for database application,
the user must be authenticated at each level: the network, the operating system, and the
database system.
3.3 creating users
Creating users is one the main task of the database administrator. In organizations,
this process is standardized, well-documented, and securely managed. If this task is
performed arbitrarily without following specific standards and policies, the database is
exposed to many types of security risks and violations.
Creating an oracle10g user
Following is the full syntax for creating a user.
Syntax:
CREATE USER username IDENTIFIED {BY password | EXTERNALLY |
GLOBALLY AS ‘external name’}
[DEFAULT TABLESPACE tables pace]
[TEMPORARY TABLESPACE {table space |
Tablespace_group_name}]
[QUOTA {integer { K | M } ON tablespace | UNLIMITED ]
[PROFILE profile ]
[PASSWORD EXPIRE]
[ACCOUNT {LOCK | UNLOCK}]
Before using this function we need to understand conceptually each option that the
CREATE USER statement offers. This statement enables database administrator to crate
a database user account. When granted the proper privileges, this user account can
perform various tasks and own different database objects.
IDENTIFIED clause
Oracle10g has three authentication methods. The architecture for authentication of
user provided by oracle10g
By password option
This is one of the options for authentication of database users. Oracle 10g encrypts and
stores an assigned password in the database. Because the password is encrypted, the
password is not visually readable. The encrypted password can be retrieved from the
PASSWORD column in the DBA_USERS
Example
See the script chap_3_password.sql.
Externally option
With this method you can create a user account to be authenticated externally by
the operating system or another authentication process.
Globally as external_name Option
User authentication by this method depends on authentication through centralized user
management such as Lightweight Directory Access Protocol (LDAP)
Default Table space tablespace_name clause
When a user creates a database table and does not specify the tablespace in which
table should reside.
Temporary Table space tablespace_identifier clause
In Oracle10g table space identifier can be:
Table space: The name of an existing temporary table space.
Tablespace_group_name: The name of a table space group. A table space group is
a collection of temporary tablespaces.
QUOTA clause
This clause tells oracle10g how much storage space a user is allowed for a specified
tablespace. This option is used when storage space is scare or to prevent users from
wasting space by retaining unnecessary data.
In the above Figure 3-5,
In Max_Bytes columns
-1
0
unlimited space
no space
PROFILE clause
This clause indicates the profile used for limiting database resource and enforcing
password policies. The default profile is DEFAULT; this profile has no resource
limitation or password restrictions.
PASSWORD EXPIRE clause
This clause tells oracle10g to expires the user password and prompts the user to enter
new password.
Syntax:
SQL> ALTER USER sam PASSWORD EXPIRE
In this SQL statement user sam password is expired, which means that next time sam
tries to log on to enter a new password.
ACCOUNT clause
This option tells Oracle10g to lock (disable) account access when the ACCOUNT LOCK
clause is selected. The selection of ACCOUNT UNLOCK indicates that account is
enabling, which is the default behavior for this clause.
Example for CREATING USER using SQL
The following are the company policies
 User must have their application form approved by their manager and database
manager, then the form can be submitted to the database administration group.
 The application form must describe the role and purpose of the user account.
 The application form must be authenticated by the database.
 The first time the user logs on; the user must be prompted to enter a new
password.
 Storage for all users is assigned to USER tablesapce unless specific otherwise.
 All users must be assigned to the TEMP tablespace unless specific otherwise.
 The storage quota is 25 MB.
Solution:
For solution see SQL script chap_3_create_user.sql.
When an Oracle10g user account is created, the new user cannot log in to the
account until the database administrator provides the CREATE SESSION system
privilege to allow the account to connect to the database.
Creating an Oracle10g using Database Authentication
The graphical interface of Oracle Enterprise Manger also provides a function for creating
a user. This function is called security Management as show below
Select the users node under the security function and click the create button on the
toolbar on right as shown. When this button is clicked, a dialog box pops up.
The create user dialog box appears
Once you click create, the create user dialog box appears. Here you enter the user account
details.
I entered
Name EXTERNAL_USER
Profile DEFAULT
Authentication PASSWORD
Enter Password (my password (External)) but can give your own password.
Default Tablespace USER.
Temporary Tablespace TEMP
Status UNLOCK
Click the ok button. The user is created and a message is displayed confirming successful
creation of a user,
User Created success message
3.4 Removing users
Dropping a user is simple
Removing an oracle user
SQL provides a command called DROP that removes a user account from the
database.
Syntax:
DROP USER username;
If the user does not own any objects, the command is successfully executed.
If the user owns one or more objects an error will be displayed.
This message informs you that if you want to drop a user who owns
objects you must use the CASCADE option as shown below.
Syntax:
DROP USER username CASCADE;
3.5 Modifying user
Modification can involve changing a password, locking an account, or increasing
a storage quota. We need to how to follow best practices to make these changes.
Syntax:
ALTER USER username IDENTIFIED BY administrator (any upper level)
The following code block represents the full syntax needed to modify an oracle
user account using the ALTER statement.
Syntax:
ALTER USER username
IDENTIFIED {BY password | EXTERNAL | GLOBALLY AS ‘external name’}
[DEFAULT TABLESPACE table space]
[TEMPORARY TABLE SPACE {table space | table space group name}]
[QUOTA {integer {K | M} ON table space | UNLIMITED]
[PROFILE profile]
[PASSWORD EXPIRE]
[ACCOUNT {LOCK | UNLOCK}]
3.6 Remote user
All database user account are created and stored in the database regardless of
whether they are connected or remotely. When a user logs on to the database through the
machine where the database is located, the database is called a local database.
You should never use remote user authentication because it exposes the database to
security violation risks such as unintended or illegal access to the hosted server or
database it.
3.7 Database Links
In oracle10g, database links can be created in two ways: as PUBLIC, which makes the
database links accessible to every user in the database, or as PRIVATE, which gives
ownership of the database to a user. With PRIVATE, the database is not accessible by
any other user unless the user has been given access by the owner.
Authentication Methods
This section describes authentication methods for connection to Oracle10g database using
database link mechanisms.
Authentication Methods 1: CURRENT USER
This authentication method order Oracle10g to use the current user credentials for
authentication to the database to which the user is trying to link.
Syntax:
SQL> CREATE PUBLIC DATABASE LINK PRD
CONNECT TO CURRENT_USER
USING ‘PRD’.
Authentication Method 2: FIXED USER
This authentication method orders Oracle10g to use the user and password
provided in this clause for authentication to the database to which the user is trying to
link.
Syntax:
SQL> CREATE PUBLIC DATABASE LINK PRD
CONNECT TO SCOTT IDENTIFIED BY TIGER
USING ‘PRD’.
Authentication Method 3: CONNECT USER
This authentication method order Oracle 10g to use the credentials of the
connected user who has an existing account in the database to which the user is trying to
link.
Syntax:
SQL> CREATE PUBLIC DATABASE LINK PRD
USING ‘PRD’