- Oracle Database 12c Security Cookbook
- Zoran Pavlovi? Maja Veselica
- 443字
- 2021-07-02 16:43:14
The syskm privilege – how, when, and why should you use it?
It is recommended that you use the syskm administrative privilege instead of the sysdba administrative privilege to perform operations related to managing the transparent data encryption (TDE) keystore.
Getting ready
For this recipe, you'll need:
- An existing database user (for example,
jessica) and a password file in the 12c format, if you want to complete it using a password-authenticated user - An existing OS user (for example,
bob), who belongs to thekmdbaOS group, in order to connect to the database using OS authentication
How to do it...
Instructions are split into sections for database authentication and OS authentication.
The instructions for database authentication are as follows:
- Connect to the database as
sysdba(or another user that can grant thesyskmprivilege):sqlplus / as sysdba - Grant the
syskmprivilege to userjessica:grant syskm to jessica; - Connect user
jessicato the database assyskm:SQL> connect jessica/oracle_1 as syskm - View privileges:
SQL> select * from user_tab_privs; SQL> select * from session_privs;
How it works...
When you connect to the database as syskm, you are connected as a predefined user, syskm. Using the syskm privilege, you can connect to the database even when it is not open.
In most circumstances when using TDE, you don't have to have syskm administrative privilege. For a more detailed discussion about TDE operations and which privileges users need, see recipes in Chapter 8, Transparent Data Encryption.
In the Database authentication section after completing step 3, you can perform operations related to managing the TDE keystore. Step 4 is not necessary and its sole purpose is to show you which privileges you can use when connected as syskm. These privileges are:
ADMINISTER KEY MANAGEMENTCREATE SESSIONSELECTonV$(andGV$) views:SYS.V$ENCRYPTED_TABLESPACESSYS.V$ENCRYPTION_WALLETSYS.V$WALLETSYS.V$ENCRYPTION_KEYSSYS.V$CLIENT_SECRETSSYS.DBA_ENCRYPTION_KEY_USAGESYS.DATABASE_KEY_INFO
There's more...
You can't drop user syskm. When you are connected to the database as syskm, you are connected as the syskm user to SYS schema:
SQL> connect / as syskm Connected. SQL> show user USER is "SYSKM" SQL> select sys_context( 'userenv', 'current_schema' ) from dual; SYS_CONTEXT('USERENV','CURRENT_SCHEMA') --------------------------------------- SYS
See also
- Creating password-authenticated users
- Creating and using OS-authenticated users
- Chapter 8, Transparent Data Encryption
- Python for Secret Agents:Volume II
- Flink SQL與DataStream入門、進階與實戰
- Java程序員面試算法寶典
- 精通網絡視頻核心開發技術
- C語言程序設計
- Procedural Content Generation for C++ Game Development
- Learning C++ by Creating Games with UE4
- Android高級開發實戰:UI、NDK與安全
- 3ds Max 2018從入門到精通
- Hadoop Blueprints
- 軟件開發中的決策:權衡與取舍
- C/C++程序設計教程
- C語言從入門到精通(微視頻精編版)
- 歐姆龍PLC編程指令與梯形圖快速入門
- SQL Server 2014數據庫設計與開發教程(微課版)