|
- A profile is a way of defining database user behavior to prevent user from wasting resource such as memory or CPU resources.
- A profile in Oracle has two aspects: limitation on resource and implementation of a password policy.
- Use Oracle DBA_PROFILES dictionary view to display all profiles and their attributes.
- User the ALTER USER statement to assign a profile to user.
- A user cannot have more than one profile, but a profile can be assigned to many users.
- In Oracle you use the profile concept to implement password policies.
- A password policy is a set of guidelines that enhance the robustness of a password and reduces the likelihood of it being broken.
- NTLM authentication requires a trusted third resource known as a Key Distribution Center (KDC).
- In Oracle, system privileges are granted only by a database administrator or user who has been granted the administration option.
- In Oracle, object privileges are granted only by a database object or a user who has been granted the GRANT privilege.
- Use the GRANT statement to give permission to perform specific system or object tasks.
- Use the REVOKE statement to take away permission to perform tasks.
- A role is a concept used to organize and administer privileges in an easy manner.
- A role is like a user, except it cannot own objects.
- A role can be assigned privileges and then assigned to users.
- Use GRANT and REVOKE statement to administer roles.
- Public roles cannot be dropped.
- Use the best practices listed in this chapter to develop a secure environment internally, as well as externally.
|
