- Oracle Database 12c Security Cookbook
- Zoran Pavlovi? Maja Veselica
- 443字
- 2021-07-02 16:43:14
The syskm privilege – how, when, and why should you use it?
It is recommended that you use the syskm administrative privilege instead of the sysdba administrative privilege to perform operations related to managing the transparent data encryption (TDE) keystore.
Getting ready
For this recipe, you'll need:
- An existing database user (for example,
jessica) and a password file in the 12c format, if you want to complete it using a password-authenticated user - An existing OS user (for example,
bob), who belongs to thekmdbaOS group, in order to connect to the database using OS authentication
How to do it...
Instructions are split into sections for database authentication and OS authentication.
The instructions for database authentication are as follows:
- Connect to the database as
sysdba(or another user that can grant thesyskmprivilege):sqlplus / as sysdba - Grant the
syskmprivilege to userjessica:grant syskm to jessica; - Connect user
jessicato the database assyskm:SQL> connect jessica/oracle_1 as syskm - View privileges:
SQL> select * from user_tab_privs; SQL> select * from session_privs;
How it works...
When you connect to the database as syskm, you are connected as a predefined user, syskm. Using the syskm privilege, you can connect to the database even when it is not open.
In most circumstances when using TDE, you don't have to have syskm administrative privilege. For a more detailed discussion about TDE operations and which privileges users need, see recipes in Chapter 8, Transparent Data Encryption.
In the Database authentication section after completing step 3, you can perform operations related to managing the TDE keystore. Step 4 is not necessary and its sole purpose is to show you which privileges you can use when connected as syskm. These privileges are:
ADMINISTER KEY MANAGEMENTCREATE SESSIONSELECTonV$(andGV$) views:SYS.V$ENCRYPTED_TABLESPACESSYS.V$ENCRYPTION_WALLETSYS.V$WALLETSYS.V$ENCRYPTION_KEYSSYS.V$CLIENT_SECRETSSYS.DBA_ENCRYPTION_KEY_USAGESYS.DATABASE_KEY_INFO
There's more...
You can't drop user syskm. When you are connected to the database as syskm, you are connected as the syskm user to SYS schema:
SQL> connect / as syskm Connected. SQL> show user USER is "SYSKM" SQL> select sys_context( 'userenv', 'current_schema' ) from dual; SYS_CONTEXT('USERENV','CURRENT_SCHEMA') --------------------------------------- SYS
See also
- Creating password-authenticated users
- Creating and using OS-authenticated users
- Chapter 8, Transparent Data Encryption
- INSTANT OpenCV Starter
- JavaScript 網(wǎng)頁編程從入門到精通 (清華社"視頻大講堂"大系·網(wǎng)絡(luò)開發(fā)視頻大講堂)
- Getting Started with CreateJS
- MySQL 8 DBA基礎(chǔ)教程
- Linux環(huán)境編程:從應(yīng)用到內(nèi)核
- iOS應(yīng)用逆向工程(第2版)
- Mastering Google App Engine
- Python機器學(xué)習(xí)算法與實戰(zhàn)
- Haskell Data Analysis Cookbook
- Visual Basic程序設(shè)計(第三版)
- 從Power BI到Analysis Services:企業(yè)級數(shù)據(jù)分析實戰(zhàn)
- Mastering jQuery Mobile
- Penetration Testing with the Bash shell
- 計算語言學(xué)導(dǎo)論
- C/C++代碼調(diào)試的藝術(shù)