- Oracle Database 12c Security Cookbook
- Zoran Pavlovi? Maja Veselica
- 443字
- 2021-07-02 16:43:14
The syskm privilege – how, when, and why should you use it?
It is recommended that you use the syskm administrative privilege instead of the sysdba administrative privilege to perform operations related to managing the transparent data encryption (TDE) keystore.
Getting ready
For this recipe, you'll need:
- An existing database user (for example,
jessica) and a password file in the 12c format, if you want to complete it using a password-authenticated user - An existing OS user (for example,
bob), who belongs to thekmdbaOS group, in order to connect to the database using OS authentication
How to do it...
Instructions are split into sections for database authentication and OS authentication.
The instructions for database authentication are as follows:
- Connect to the database as
sysdba(or another user that can grant thesyskmprivilege):sqlplus / as sysdba - Grant the
syskmprivilege to userjessica:grant syskm to jessica; - Connect user
jessicato the database assyskm:SQL> connect jessica/oracle_1 as syskm - View privileges:
SQL> select * from user_tab_privs; SQL> select * from session_privs;
How it works...
When you connect to the database as syskm, you are connected as a predefined user, syskm. Using the syskm privilege, you can connect to the database even when it is not open.
In most circumstances when using TDE, you don't have to have syskm administrative privilege. For a more detailed discussion about TDE operations and which privileges users need, see recipes in Chapter 8, Transparent Data Encryption.
In the Database authentication section after completing step 3, you can perform operations related to managing the TDE keystore. Step 4 is not necessary and its sole purpose is to show you which privileges you can use when connected as syskm. These privileges are:
ADMINISTER KEY MANAGEMENTCREATE SESSIONSELECTonV$(andGV$) views:SYS.V$ENCRYPTED_TABLESPACESSYS.V$ENCRYPTION_WALLETSYS.V$WALLETSYS.V$ENCRYPTION_KEYSSYS.V$CLIENT_SECRETSSYS.DBA_ENCRYPTION_KEY_USAGESYS.DATABASE_KEY_INFO
There's more...
You can't drop user syskm. When you are connected to the database as syskm, you are connected as the syskm user to SYS schema:
SQL> connect / as syskm Connected. SQL> show user USER is "SYSKM" SQL> select sys_context( 'userenv', 'current_schema' ) from dual; SYS_CONTEXT('USERENV','CURRENT_SCHEMA') --------------------------------------- SYS
See also
- Creating password-authenticated users
- Creating and using OS-authenticated users
- Chapter 8, Transparent Data Encryption
- ASP.NET Web API:Build RESTful web applications and services on the .NET framework
- JavaScript高效圖形編程
- C語言程序設計基礎與實驗指導
- Animate CC二維動畫設計與制作(微課版)
- UI智能化與前端智能化:工程技術、實現方法與編程思想
- SSM輕量級框架應用實戰
- Java EE 8 Application Development
- Salesforce Reporting and Dashboards
- Java Web應用開發項目教程
- Scala編程實戰
- 程序員必會的40種算法
- Microsoft Exchange Server 2016 PowerShell Cookbook(Fourth Edition)
- Laravel Design Patterns and Best Practices
- 跟小樓老師學用Axure RP 9:玩轉產品原型設計
- Delphi Cookbook