PAAVAI ENGINEERING COLLEGE (Autonomous)

Department of Cyber Security

CY20505 – Database Security

2.1
 Unit – II Notes

UNIT II : ADMINISTRATION OF USERS & PROFILES,

PASSWORD POLICIES,PRIVILEGES AND ROLES

2.2
 SYLLABUS
UNIT II : ADMINISTRATION OF USERS & PROFILES, PASSWORD POLICIES, PRIVILEGES
AND ROLES
Administration of Users: Introduction, Authentication, Creating Users; SQL Server: User
Removing: Modifying Users, Default Users, Remote Users; Database Links - Linked Servers -
Remote Servers; Practices for Administrators and Managers: Best Practices
Profiles, Password Policies, Privileges and Roles: Introduction - Defining and Using Profiles -
Designing and Implementing Password Policies - Granting and Revoking User Privileges -
Creating, Assigning and Revoking User Roles- Best Practices

Text Book & Reference Book:

Hassan A. Afyouni, “Database Security and Auditing”, Third Edition, Cengage Learning, 2009
Ron Ben Natan, ”Implementing Database Security and Auditing”, Elsevier Digital Press, 2005.

ADMINISTRATION OF USERS: Introduction

 Authentication and Authorization are essential services for every OS.
 Another service is Administration of Users.
 Administrators use this functionality.
 Creating users.
 Set Password Policies.
 Grant privileges.

DOCUMENTATION OF USER ADMINISTRATION:

At every type of organization, many security violations are caused by negligence and ignorance and in
particular by failing to consider documentation.
Why? To improve quality and process control.
Types:
- Learning oriented tutorials
- Goal oriented -> how to guide
- Understanding oriented -> discussions
- Information oriented -> reference material
Documentation is a main part of administration process.
 There top three excuses for failing to incorporate documentation
 Lack of Time
 Belief that the administration process is already in documented in the system
 Reluctance to complicate a process that is simple
 Everything is documented for two reasons
 To provide a paper trail to retrace exactly what happened when breach of security occurs.
 To ensure administration consistency.
Documentation in Administration context includes the following:
1. Administration Policies:
Documentation includes all policies for handling new and terminated employees, managers, system and
database administrator, database managers, operation managers, and human resources.

2.3
 A detailed document should describe guidelines for every task that is required for all common administrative
situations.
2. Security Procedures:
This is an outline of a step-by-step process for performing administrative task according to company
policies.
3. Procedures implementation scripts and programs:
This is documentation of any script or program used to perform an administrative task. This includes user’s
manual and operational manual
4. Predefined roles description:
This provides the full description of all predefined roles, outlining all tasks for which the role is
responsible and the role’s relationship to other roles
5. Administration staff and management:
This is usually a detailed description of each administration staff and management position. This
document includes an organizational chart.
Many companies develop procedures and forms used to perform any security-related process. The following figure
presents a sample process of creating a database user account that you can customize per your business requirements
and company policies.

Document Completion DBA Completes all the paper work and documentation for new employees

DBA provides list of access operations that are necessary for employees to
Access Identification
perform their jobs

Account application Completion

DBA completes the database user account application form

Department Approval DBA obtains department Manger’s approval on the application

Operational Approval DBA obtains operational Manger’s approval on the application

Implement Access DBA or Operator creates the account

Account holder verifies access

Test Access

2.4
Operating System Authentication:
What?
When a computer user wants to log into a computer system, the operating system (OS) installed on that
computer system generally wants to determine or check who the user is.
OS – Gateway to DB Access
Many DBMS depends on OS to authenticate users.
5 Common Authentication Types:
• Password-based authentication. Passwords are the most common methods of authentication.
• Multi-factor authentication.
• Certificate-based authentication.
• Biometric authentication.
• Token-based authentication.
How OS authenticate users?
Authentication. Username / Password − User need to enter a registered username and password with
Operating system to login into the system. User card/key − User need to punch card in card slot, or enter
key generated by key generator in option provided by operating system to login into the system.
Why DB vendors rely on OS for user authentication and bypass authentication?
Once intruder gets control of OS, it takes very little knowledge or effort to access the DB.

Ideal Authentication Enforcement

CREATING USERS:
Creating users is one of the main tasks you will perform as a database operator or DBA.
 In most organization, this process is standardized, well documented, and surely managed.
 The DBA had written a script to create a user for every developer working on the project.
 This script granted privileges to read and write data to the database scheme.
Regardless of the database you use, creating the user is generally an easy task once a policy is documented and
followed:

2.5
Creating an ORACLE 10g User:

CREATING USERS:
User:

Specify the name of the user to be created. This name can contain only characters from your
database character set and must follow the rules described in the section "Schema Object
Naming Rules". Oracle recommends that the user name contain at least one single-byte
character regardless of whether the database character set also contains multi-byte
characters.
IDENTIFIED Clause:

The IDENTIFIED clause lets you indicate how Oracle Database authenticates the user.
BY password:

The BY password clause lets you creates a local user and indicates that the user must specify password to
log on to the database. Passwords are case sensitive. Any subsequent CONNECT string used to connect
this user to the database must specify the password using the same case (upper, lower, or
mixed) that is used in this CREATE USER statement or a subsequent ALTER USER statement.
Passwords can contain any single-byte, multi-byte, or special characters, or any combination of these,
from your database character set.
EXTERNALLY Clause:
Specify EXTERNALLY to create an external user. Such a user must be authenticated by an external service,
such as an operating system or a third-party service. In this case, Oracle Database relies on authentication
by the operating system or third-party service to ensure that a specific external user has access to a specific
database user.

AS 'certificate_DN':

2.6
 This clause is required for and used for SSL-authenticated external users only. The certificate_DN
is the distinguished name in the user's PKI certificate in the user's wallet.
GLOBALLY Clause:
The GLOBALLY clause lets you create a global user. Such a user must be authorized by the
enterprise directory service (Oracle Internet Directory).
DEFAULT table space Clause:
Specify the default table space for objects that the user creates. If you omit this clause, then the
user's objects are stored in the database default table space. If no default table space has been specified for
the database, then the user's objects are stored in the SYSTEM table space.
Restriction on Default Table spaces: You cannot specify a locally managed temporary table space, including an
undo table space, or a dictionary-managed temporary table space, as a user’s default table space.
TEMPORARY table space Clause:
Specify the table space or table space group for the user's temporary segments. If you omit this
clause, then the user's temporary segments are stored in the database default temporary table space or, if
none has been specified, in the SYSTEM table space.
Specify table space to indicate the user's temporary table space.
Specify table space_group_name to indicate that the user can save temporary segments in any table space in
the table space group specified by table space_group_name.
Restrictions on Temporary table space: This clause is subject to the following restrictions: The table space must be
a temporary table space and must have a standard block size.
The table space cannot be an undo table space or a table space with automatic segment-space management.
QUOTA Clause:
Use the QUOTA clause to specify the maximum amount of space the user can allocate in the table space.
A CREATE USER statement can have multiple QUOTA clauses for multiple table spaces.
UNLIMITED lets the user allocate space in the table space without bound.
Restriction on the QUOTA Clause You cannot specify this clause for a temporary table space.
PASSWORD EXPIRE Clause:
Specify PASSWORD EXPIRE if you want the user's password to expire. This setting forces the user or the
DBA to change the password before the user can log in to the database.
ACCOUNT Clause:
Specify ACCOUNT LOCK to lock the user's account and disable access. Specify ACCOUNT
UNLOCK to unlock the user's account and enable access to the account.
Syntax to create the user:
CREATE USER username IDENTIFIED {BY Password l Externally l Globally As ‘external name’}
[DEFAULT tablespace table space]
[TEMPORARY table space {tablespace l table space_group_name}]
[QUOTA {integer{K l M} ON tablespace l Unlimited]
[PROFILE profile]
[PASSWORD EXPIRE]
[ACCOUNT {LOCK l UNLOCK} ]

2.7
Example:
The following create user statement implements the creation of user called shalom
SQL> CREATE USER shalom IDENTIFIED BY shalom23
DEFAULT tablespace users
TEMPORARY tablespace temp
QUOTA 25M ON users
PROFILE default
PASSWORD EXPIRE
ACCOUNT UNLOCK

/
User created
Once the user is created you can modify a user account with an ALTER USER statement using clause listed in the
previous example
Creating an ORACLE 10g User using Database Authentication:
The graphical interface of Oracle Enterprise Manager also provides a function for creating a user. This function is
called Security Management.
1. Select User node under the Security function and Click Create button on toolbar.
2. Create User dialog box appears – Enter user account details.
3. Click OK button.
The user is created and a message is displayed confirming successful creation of a user.
Creating an ORACLE 10g User using External Authentication:
1. The windows operating system account that you want Oracle 10g to use for external authentication must
belong to ORA_DBA group. It can be verified by using Computer Management tool under Administrative
tools in Control Panel. In this case, you are using an operating system account called EXTERNAL_USER.
2. You must set the Windows registry string OSAUTH_PREFIX_DOMAIN to FALSE. To locate this parameter,
navigate to HKEY_LOCAL_MACHINE. SOFTWARE, ORACLE, HOME1 where HOME1 is the home of
Oracle10g.
If this parameter does not exist, create one.
Right click in detail pane -> Click New -> Click String Value on context menu -> Enter new parameter.
3. View the setting of OS_AUTHENT_PREFIX initialization parameter. The Default Value is OPS$.
View the value:
SQL> SHOW PARAMETER
PREFIX NAME TYPE VALUE
os_authent_prefix string OPS$

4. Change the OS_AUTHENT_PREFIX initialization parameter value to NULL in the spfile or parameter
file(pfile).
os_authent_prefix = ‘ ‘
5. Now, create an Oracle user, EXTERNAL_USER, with the same user name as the Windows user name that is
used for external_authentication.

2.8
 SQL> CREATE USER EXTERNAL_USER IDENTIFIED EXTERNALLY;
User Created.

SQL> CREATE USER OPS$ EXTERNAL_USER IDENTIFIED EXTERNALLY;

User Created.
6. Provide the new user with the CREATE SESSION privilege, which enable the user to connect to the
database.
SQL> GRANT CREATE SESSION TO EXTERNAL_USER;
Grant Succeeded
7. Log Off Oracle SYS / SYSTEM account and current windows account
8. Log onto EXTERNAL_USER windows account
9. From a command prompt, log on to Oracle as EXTERNAL_USER.
The following window will be displayed:

Creating an Oracle User Using Global Authentication:

Oracle10g provide one more method of authentication called GLOBAL. This method is used as an
enterprise-level authentication solution.
To create a user you still need to issue the following statements:
CREATE USER GLOBAL_USER IDENTIFIED GLOBALLY AS ‘global_name_properties’;

DBA_USERS VIEW:
DBA_USERS describes all users of the database.
Column Datatype NULL Description
USER NAME VARCHAR2(30) NOT NULL Name of the user
USER_ID NUMBER NOT NULL ID number of the user
PASSWORD VARCHAR2(30) This column is deprecated in favor of the
AUTHENTICATION_TYPE column
ACCOUNT_ VARCHAR2(32) NOT NULL Account status:
STATUS OPEN
EXPIRED
EXPIRED(GRACE)
LOCKED(TIMED)
LOCKED
EXPIRED & LOCKED(TIMED)
EXPIRED(GRACE) & LOCKED(TIMED)
EXPIRED & LOCKED
EXPIRED(GRACE) & LOCKED

2.9
LOCK_DATE DATE Date the account was locked if accountstatus was
LOCKED
EXPIRY_DATE DATE Date of expiration of the account
DEFAULT_ table VARCHAR2(30) NOT NULL Default table space for data
space
TEMPORARY_ table VARCHAR2(30) NOT NULL Name of the default table space for temporary tables or
space the name of a table space group
CREATED DATE NOT NULL User creation date
PROFILE VARCHAR2(30) NOT NULL User resource profile name
INITIAL_RSRC VARCHAR2(30) Initial resource consumer group for the user
_CONSUMER_
GROUP
EXTERNAL_NAME VARCHAR2(4000) User external name
PASSWORD_ VARCHAR2(8) Database version in which the password was created or
VERSIONS changed
EDITIONS_ VARCHAR2(1) Indicates whether editions have been enabled for the
ENABLED corresponding user (Y) or not (N)
AUTHENTICATI VARCHAR2(8) Indicates the authentication mechanism for the
ON_TYPE user: EXTERNAL - CREATE
USER user1 IDENTIFIED EXTERNALLY;
GLOBAL - CREATE
USER user2 IDENTIFIED GLOBALLY;
PASSWORD - CREATE
USER user3 IDENTIFIED BY user3;

CREATING A SQL SERVER USER:

To create a login id in SQL server can be member of SYSTEMADMIN ORSECURITYADMIN
There are two types of login IDs:
 Windows Integrated (Trusted) Logins:
User can associate a Microsoft Windows account or group with either the server in which SQL Server is installed or
the domain in which the server is a member
 SQL Server Login

Creating Windows Integrated Logins:

From the command Line:
To create a new login associated with a Window account (Windows Integrated), in the Query Analyzer tool use the
SP_GRANTLOGIN System Procedure.
The syntax is as follows:

sp_grantlogin [@login =] ‘login’

The login syntax is the fully qualified name of the Windows user account in the form of
machine_name\user_name for local Windows users.
domain\username for Windows domain accounts.
Windows integrated login can also be associated can also be associated with windows groups on either the local
server or domain
For example,
 If you have a local windows account named ‘shalom’ on the SQL Server itself where

2.9
exec sp_grantlogin ‘myserver\shalom’
 the server name is myserver, you enter the following:

 For windows domain account named ‘charish’ in the mydomain, you are entering the
following:

exec sp_grantlogin ‘mydomain\charish’

 To associate local windows group called SQL_DBA , you are entering.

exec sp_grantlogin ‘myserver\sql_dba

NOTE : A login must be between 1 to 128 characters in length and cannot contain any spaces.

CREATING A SQL SERVER USER FROM ENTERPRISE MANAGER:

To create a new login associated with a Windows account (Windows Integrated) in Enterprise Manager,take the
following steps:

1. Open Enterprise Manager.

2. Expand the server group in which your server is functioning.

3. Expand the server you want to create the login for.

4. Expand the security container.

5. Click Logins.

6. On the menu bar , click action , then click new login.

2.10
 7. Type the name of user.

8. Depending on the type of Windows account you are creating , select either the local server name
or the domain name from the domain drop-down list. Enterprise Manager automatically fills in
the machine or domain name in front of the username.
9. Select the default database for the login from the Database drop-down list.
10. Select the default language for the login from the language drop-down list.
11. Click OK.

SQL SERVER LOGIN:

The second type of login is a SQL Server Login, sometimes called a SQL Server active login.
This login is not associated with a windows account, instead , it is a security account created within SQL Server itself.

Creating SQL Server Logins:

From the Command Line:

To create a SQL Server login from the Query analyzer , you use the SP_ADDLOGIN system stored procedure.
The syntax is as follows :

sp_addlogin [@loginame = ] ‘login’

[ , [ @passwd = ] ‘password’ ]
[ , [ @defdb=] ‘database’]
[ , [ @deflanguage = ] ‘language’]
[ , [ @sid =] sid]
[ , [ @encryptopt =] ‘encryption_option’]

2.11
@loginame – choose for the login.
@defdb – Name of the default database for the user. The default is NULL.
@deflanguage – The default language for the user. The default is the current default language of the SQL Server
Instance.
@sid – Security Identification Number (SID). The default is NULL, if it is NULL SQL Server automatically
generates SID for the login.
@encryptopt – Specifies whether or not to encrypt the password in the database.
For example,
 To create a SQL Server login named ‘shalom’ with password ‘shalom23’you issue the following command

exec sp_addlogin ‘shalom’ , ‘shalom23’

 To specify a default database of Northwind for shalom, enter the following

exec sp_addlogin ‘shalom’, ‘shalom23’, ‘Northwind’

From Enterprise Manager:

To create a new SQL Server login in Enterprise Manager , follow these steps
1. Open Enterprise Manager
2. Expand the server group your is in
3. Expand the server you want to create the login for.
4. Expand the Security container
5. Click Logins
6. On the menu bar , Click Action, then click New Login
7. Type the name of the user, in this case , shalom
8. Click the SQL Server Authentication option button
9. Provide a password for the user in the password text box. The password is marked as you type
10. Click OK
The following figure gives the Server login properties – new login screen(Latest Version):

2.12
REMOVING USERS:
Dropping a user is simple.

Removing an Oracle User:

SQL provides a command called DROP that removes a user account from the database.
 In Oracle 10g, you can issue this command from SQL *Plus by simply typing the following:
SQL > DROP USER SCOTT;
User Dropped
 If the user does not have any objects, the command is successfully executed. If the user own any
objects CASECADE option should be used
SQL> DROP USER SCOTT CASCADE;
User Dropped

Removing SQL Server:

You can remove an account and login ID from a SQL Server by using either the command line or enterprise
manager.
Removing Windows Integrated Logins:
From the command Line : To drop the existing windows integrated login, use the SP_DENYLOGIN system
procedures.
sp_denylogin [ @loginame = ] ‘login’
The following statement drop the login account shalom.
exec sp_denylogin ‘myserver\shalom’

2.13
From the Enterprise Manager:
To drop the login in Enterprise Manager simply highlight the desired login and choose delete from the action
menu.
Modifying Users:
Modification can involve changing a password& its profile, locking an account, or increasing a storage quota,
database, table space, account by the DBA.
Modifying an Oracle User:
Using SQL *Plus you can issue an ALTER USER statement as shown below:
SQL > ALTER USER SCOTT IDENTIFIED BY LION;
User Altered
Using Oracle Enterprise Manager, the default table space for the SCOTT account can be changed from USERS to
EXAMPLES.
Modifying SQL Server:
Modifying Windows Integrated Login Attributes:
From the Command Line:
The default database for the user initially set to master, to change the database SP_DEFAULTDB system stored
procedure is used.
sp_default [ @loginame = ] ‘login’ ,[ @defdb =] ‘database’
To change the default database to the login mydomain\shalom , issue the following statement
exec sp_defaultdb ‘mydomain \shalom’ ,’Northwind’
DEFAULT USERS:

ORACLE default users, will be created at the time of ORACLE software installation.

 SYS (Super user will all DBA rights , can’t be changed)

 SYSTEM (With Minimal DBA rights

 SCOTT (User without DBA rights)

SQL server default users, will be created at the time of SQL Server software installation

 SA ( System Administrator , It is equivalent to SYS in Oracle and can’t be

changed)

 BUILT-IN\Administrators ( Associated with the local administrators’ group

on the Windows server)

REMOTE USERS:
 All the DB user accounts are created and stored in the DB regardless of
whether they are connected locally or remotely.
 When a user logs on to the DB through the machine where the DB is located , called as Local user.
 When a user logs on to the DB through the machine where the DB is not located , called as remote user.

 ORACLE10g, remote users can be authenticated by the OS provided the REMOTE_OS_AUTHENT

initialization parameter is set to TRUE.If the parameter is set to FALSE, user can’t login from remote.

2.14
  SQL Server does not support this type of remote user authentication.

DATABASE LINKS:

It is a connection from one DB to another DB

The linked DBs can be like

 Both be ORACLE10g

 Both be SQL Server

 Mix of ORACLE10g and SQL Server

A DB link enables a user to perform Data Manipulation Language (DML) or any other valid SQL statements on a DB.

The following figure gives the architecture of DB Link

DB1 DB LINK DB2

In Oracle 10g ,DB Links can be created in two ways as

1. Public – Which makes the database links accessible by every user in DB

2. Private – Which gives the ownership of the database to a user The DB is not accessible by any
other user unless the user has been access by the owner.
There are three types of authentication methods when creating a database link. They are as follows:

Authentication Methods: Authentication methods for connecting ORACLE10g DB using DB link mechanism.

There are three types of authentication methods when creating a DB link.

Authentication Method 1: CURRENT USER

This authentication method orders ORACLE10g to use the current user credentials for authentication to the
DB to which the user is trying to link.

SQL > CONNECT SYSTEM@DB1

Enter password: ******
Connected

SQL > CREATE PUBLIC DATABASE LINK DB2

2 CONNECT TO CURRENT_USER
3 USING ‘DB2’
4 /

Database link created

2.15
Authentication Method 2: FIXED USER
This authentication method orders ORACLE10g to use the user password provided in this clause for
authentication to the DB to which the user is trying to link.

SQL > CREATE PUBLIC DATABASE LINK DB2

2 CONNECT TO SCOTT IDENTIFIED BY TIGER
3 USING DB2’
4 /

Database link created

Authentication Method 3: CONNECT USER

This authentication method orders ORACLE10g to use credentials of the connected user who has an existing
account in the database to which the user is trying to link.

SQL > CREATE PUBLIC DATABASE LINK DB2

2 USING ‘DB2’
3 /

Database link created

LINKED SERVERS:
Microsoft SQL Server 2000 also uses the concept of linked servers.
Linked servers allow you to connect to almost any object Linking Embedding Database (OLEDB) or Open Database
Connectivity(ODBC) .
OLEDB is a Microsoft component that allows Windows applications to connect and access different database systems.
ODBC is a Microsoft protocol used for connecting Windows applications to different DB systems
The following figure represents the Linked server architecture using SQLServer

Linked Server

Server shalom Server cherish

2.16
Creating a new linked server with SQL Server:

Remote Server:
Along the same line as Linked Servers, you can communicate with another SQL server by creating remote server.
Instead of using OLEDB, communications occurs across a Remote Procedure Call (RPC).

Practices for Administrators and Managers:

 The DBA job is never ending and very challenging

 DBA is constantly performing other administrative tasks such as backup, recovery and
performance tuning.

 To make wise decisions DBA have the sizable responsibility of keeping up with database
practices, database technology and database security issues.

 These are the best practices for administrating users, privileges, and roles.

 Follow you company‘s procedures and policies to create, remove or modify

database users.
 Always change the default password and never write it, or save it in a file that
neither encrypted nor safe.
 Never share the user accounts with anyone, especially DBA accounts.
 Always document and create logs for changes to removals of database user accounts.
 Never remove an account even if it is out dated, Instead disable or revoke connections privileges of
the account.
 Give access permission to users only as required and use different logins and passwords for
different applications.
 Educate users, developers and administrators on user administration best practices as well as the
company policies and procedures.

2.17
  Keep abreast (up-to date) of database and security technology. Should be aware of all
new vulnerabilities that may increase database security risks.
 Constantly review and modify the procedures as necessary to be in line up with the company’s
policies and procedures. Keep procedures up to date with the dynamic nature of database and
security technology.
PROFILES,PASSWORD POLICIES, PRIVILEGES AND ROLES
Introduction:
The key to the house is the password
 Put the scenario into the context of computer passwords.
 For home security, in addition to changing the key, you might install an alarm, motion detector, camera, etc.,
 A company’s user accounts should have equal protection.
 The company needs to protect its assets and enforce stringent (strict, precise, and exacting) guidelines to
protect the keys to computer accounts.
 This key is the password
DEFINING AND USING PROFILES:
A profile is a security concept that describes the limitation of database resources that are granted database uses.

- A profile is a way of defining database user behaviour to prevent users from wasting resources such as memory
and CPU consumption
- For this reason, some DBMS s have implemented the profile concept.
- Not every DBMS offers profile concept.
ORACLE does and Microsoft SQL Server 2000 doesn’t.

Creating Profiles in ORACLE:

A profile in ORACLE helps define two elements of Security

Restrictions on Resources

Implementation of password policy

The following figure shows the two aspects of a profile in ORACLE:

PROFILE

PASSWORD RESOURCES

CPU
Aging

Usage Memory

Verification Connections

2.18
 ORACLE allows you to create a profile using the CREATE PROFILE statement.
The full syntax of the statement follows:
Create Profile:

Resource Parameters: Password Parameters:

Resource Limits: CREATE PROFILE Profile_name

LIMIT
SESSIONS_PER_USER number
CPU_PER_SESSION hundredth of seconds
CPU_PER_CALL hundredth of seconds
CONNECT_TIME UNLIMITED minutes
IDLE_TIME minutes
LOGICAL_READS_PER_SESSIONDEFAULT db_blocks
LOGICAL_READS_PER_CALL DEFAULT db blocks
COMPOSITE_LIMITDEFAULT number
Password Limits: PRIVATE_SGA bytes
FAILED_LOGIN_ATTEMPTS number
PASSWORD_LIFE_TIME days
PASSWORD_REUSE_TIME number
PASSWORD_REUSE_MAX number
PASSWORD_LOCK_TIME days
PASSWORD_GRACE_TIME days
PASSWORD_VERIFY_FUNCTION function_name;

2.19
In this syntax:

 First, specify the name of the profile that you want to create.
 Second, specify the LIMIT on either database resources or password
 Resource Parameters:
 SESSIONS_PER_USER – specify the number of concurrent sessions that a user can have when connecting to
the Oracle database.
 CPU_PER_SESSION – specify the CPU time limit for a user session, represented in hundredth of seconds.
 CPU_PER_CALL – specify the CPU time limit for a call such as a parse, execute, or fetch, expressed in
hundredths of seconds.
 CONNECT_TIME – specify the total elapsed time limit for a user session, expressed in minutes.
 IDLE_TIME – specify the number of minutes allowed periods of continuous inactive time during a user
session. Note that the long-running queries and other operations will not subject to this limit.
 LOGICAL_READS_PER_SESSION – specify the allowed number of data blocks read in a user session,
including blocks read from both memory and disk.
 LOGICAL_READS_PER_CALL – specify the allowed number of data blocks read for a call to process a SQL
statement.
 PRIVATE_SGA – specify the amount of private memory space that a session can allocate in the shared pool
of the system global area (SGA).
 COMPOSITE_LIMIT – specify the total resource cost for a session, expressed in service units. The total
service units are calculated as a weighted sum of CPU_PER_SESSION CONNECT_TIME,
LOGICAL_READS_PER_SESSION,

 Password_Parameters:

 You use the following clauses to set the limits for password parameters:

 FAILED_LOGIN_ATTEMPTS – Specify the number of consecutive failed login attempts before

the user is locked. The default is 10 times.

 PASSWORD_LIFE_TIME – specify the number of days that a user can use the same
password for authentication. The default value is 180 days.

 PASSWORD_REUSE_TIME – specify the number of days before a user can reuse a password.

 PASSWORD_REUSE_MAX – specify the number of password changes required before the

current password can be reused. Note that you must set values for both
PASSWORD_REUSE_TIME and PASSWORD_REUSE_MAX parameters make these parameters
take effect.

 PASSWORD_LOCK_TIME – specify the number of days that Oracle will lock an account after a
specified number of a consecutive failed login. The default is 1 day if you omit this clause.

 PASSWORD_GRACE_TIME – specify the number of days after the grace period starts during which a
warning is issued and login is allowed. The default is 7 days when you omit this clause.
Note that to create a new profile, your user needs to have the CREATE PROFILE system privilege.

2.20
Setting Profile Resourc e Limits: Example
The following statement creates the profile app_user:
SQL> CREATE PROFILE app_user2
LIMIT
SESSIONS_PER_USER UNLIMITED
CPU_PER_SESSION UNLIMITED
CPU_PER_CALL 3000
CONNECT_TIME 45
IDLE_TIME 15
LOGICAL_READS_PER_SESSION DEFAULT
LOGICAL_READS_PER_C ALL 1000
PRIVATE_SGA 15K
COMPOSITE_LIMIT 5000000;
/
Profile created

To view all profiles created in the database, query the data dictionary view, DBA_P ROFILES

SQL> select * from dba_profiles where profile = 'DEFAULT';

PROFILE RESOURCE_NAME RESOURCE_TYPE

DEFAULT COMPOSITE_LIMIT KERNEL

DEFAULT SESSIONS_PER_USER KERNEL
DEFAULT CPU_PER_SESSION KERNEL
DEFAULT CPU_PER_CALL KERNEL
DEFAULT LOGICAL_READS_PER_SESSION KERNEL
DEFAULT LOGICAL_READS_PER_CALL KERNEL
DEFAULT IDLE_TIME KERNEL
DEFAULT CONNECT_TIME KERNEL
DEFAULT PRIVATE_SGA KERNEL
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD
DEFAULT PASSWORD_LIFE_TIME PASSWORD
DEFAULT PASSWORD_REUSE_TIME PASSWORD
DEFAULT PASSWORD_REUSE_MAX PASSWORD
DEFAULT PASSWORD_VERIFY_FUNCTION PASSWORD
DEFAULT PASSWORD_LOCK_TIME PASSWORD
DEFAULT PASSWORD_GRACE_TIME PASSWORD

16 rows selected.

To Modify a limit for profile, you use ALTER PROFILE as follows:

SQL> ALTER PROFILE APP_USER

2.21
LIMIT IDLE_TIME 30;
Profile altered
To assign a profile, use ALTER USER as follows:
SQL> ALTER USER SHALOM PROFILE APP_USER
/
User altered

Creating Profiles in SQL Server 2000:

At the time of this writing, profiles or similar objects are not available in Microsoft SQL Server 2000 or 2005.
You may recall that Oracle profiles limit the resources available to the user within the database. This allows you to
tune connections and resource utilization to prevent a user from crashing a server with a bad query. Query and
connection time-outs in a SQL server-based application handled at the application level within OLEDB. Theses
settings keep connection time-outs and bad queries from crashing your SQL server.
In SQL Server 2000 or 2005 profiles of similar objects are not available.

Designing and Implementing password policies:

Password is key to opening the user account.
 The stronger the password, the longer it takes a hacker to break it.
 Many hackers security violations begin with breaking password.
 If you joining any financial company the orientation program on security administration including password
selection, password storage, and the company’s policies on password.
 Password policy is a set of guidelines that enhances the robustness of the password and reduces the
likelihood of its being broken
Importance of Password Policies
 The front line defence of your account is your password.
 If your password is weak, the hacker can break in, destroy your data, and violate your sense of security .
 For this specific reason, most of the companies invest considerable resources to strengthen authentication
by adopting technological measures that protect their assets.
Designing Password Policies
Most companies use a standard set of guidelines for their password policies
These guidelines can comprise one or more of the following:
Password Complexity – A set of guidelines used when selecting password, for example minimum 8 characters, 1
special character, 1 Capital letter, etc.,
The purpose of password complexity is to decrease the chances of a hacker guessing or breaking a password.

Implementing Password Policies

How to implement password policy depends on whether or not DBMS provides functions that support password
security?

2.22
ORACLE has invested heavily in providing mechanism to enforce security , including implementation of password
policies.
Whereas a Microsoft SQL Server depends on the OS to implement password policies.
Password Policies in ORACLE:
CREATE PROFILE PASSWORD _POLICYLIMIT
{{
|PASSWORD_LIFE_TIME 365
|PASSWORD_GRACE_TIME 10
|PASSWORD_REUSE_TIME UNLIMITED
|PASSWORD_REUSE_MAX 0
|FAILED_LOGIN_ATTEMPTS 3
|PASSWORD_LOCK_TIME UNLIMITED;
}
{ expr | UNLIMITED | DEFAULT }
|PASSWORD_VERYFY_FUNCTION
{function | NULL | DEFAULT }
}
Oracle password security profile parameters
Here are the password security parameters:
failed_login_attempts - This is the number of failed login attempts before locking the Oracle user account. The
default in 11g is 10 failed attempts.
password_grace_time - This is the grace period after the password_life_time limit is exceeded.
password_life_time - This is how long an existing password is valid. The default in 11g forces a password
change every 180 days.
password_lock_time - This is the number of days that must pass after an account is locked before it is
unlocked. It specifies how long to lock the account after the failed login attempts is met. The default in 11gis one day.
password_reuse_max - This is the number of times that you may reuse a password and is intended to prevent
repeating password cycles (north, south,east, west).
password_reuse_time - This parameter specifies a time limit before a previous password can be re-entered. To allow
unlimited use of previously used passwords, set password_reuse_time to UNLIMITED.
password_verify_function - This allows you to specify the name of a custom password verification function.
Profile creation using ORACLE Enterprise Manager Security Tools:

2.23
Password Policies in SQL Server:
Microsoft SQL Server 2000 as a stand-alone product, does not provide for password policy enforcement when
logging on a SQL Server.
Microsoft architecture follows a model known as an Integrated Server System.
In this method all the server applications and the resources they provide are tightly integrated with the Windows
server system and its security architecture.
Password policy enforcement in a SQL Server environment handled by implementing SQL server in Windows
authentication mode and applying polices within the Windows Server System
There are two authentication protocols supported by Windows
 NTLM (Network LAN Manager)
 Kerberos 5

 NTLM:
NTLM authenticates using a challenge / response methodology
When the user attempt to access a resource , the server hosting the resource “challenges” , user to prove his / her
identity.
User then issue a “response” to that challenge. If the response is correct then the user is authenticated to the server.
The server goes through an authorization process for the requested resource.
 Authentication process consists of three messages
Message 1 : Sent from the client to the server and is the initial request for authentication
Message 2 : Sent from the server to client, contains challenge ( Eight bytes of Random Data)
Message 3 : Sent from client to server , contains response to the challenge

Workstation Server
Message 1

Message 2

Message 3

The response is a 24-byte DES encrypted hash of the 8 byte challenge that can be decrypted only by a set of DES
keys created using the user’s password.
The benefit to NTLM is that password is verified without ever actually sending the password across the Web.

Kerberos:
Kerberos authentication differs from NTLM in many ways.
Instead of using password encrypt / decrypt challenge / response messages, a secret key,known only to the server and
client and also unique to the session, used to encrypt the handshake data.

2.24
 This allows not only for the server to validate the authenticity of client , but for the client to validate the authenticity of
the server.
This is an important difference and is one the reason Kerberos is more secure than NTLM.
Kerberos authentication requires a trusted third resource known as Key Distribution Center (KDC).
The KDC generates the secret key for each session established.
The new session ticket , containing the new key, has a time-out value associated with
it. Once the secret key is obtained from the KDC
The client encrypts its request fora resource with the secret key.
The server decrypts the message using the same key, decrypts just on time stamp on the message and send back to client.
This tells the server and the client has the same key for the session which is established.
The following figures explain the authentication process in Kerberos:

Workstation Server
Clients wants to access a Server

KDC issues key : Kclient {Scs for Server} , ticket = Kserver {Scs for Client}

KDC generates a key and issues a session ticket to the client

Workstation Server
Scs { Client Credentials , time}, ticket = Kserver { Scs for Client }

Scs { time }

Client sends authentication proof to the server

Setting Password Policies:

2.25
2.26
2.27
Granting and Revoking User Privileges:
Privilege is a method to permit or deny access to data or to perform database operations (Data Manipulation)
Privileges in ORACLE:
System Privileges – Privileges granted only by DBA or users who have been granted the administration option.
Object Privileges – Privileges granted to an ORACLE user by the scheme owner of a database object or a user who
has been granted the GRANT option.

System Privileges: Object Privileges:

There are more than 100 system privileges in All DML are come into object
important frequently privileges
used privileges.

 CREATE USER  INSERT

 CREATE SESSION
 CREATE ROLE  UPDATE
 CREATE PROCEDURE
 CREATE TRIGGER  DELETE


CREATE table space
CREATE TYPE
 SELECT
 CREATE DATABASE LINK  INDEX
 CREATE TABLE
 CREATE VIEW  REFERENCES
 CREATE SEQUENCE
 DROP VIEW
 DROP USER
 DROP TABLE

Granting and Revoking System Privileges:

The easiest task for a DBA is granting a privilege, and yet it is a very critical job and should be considered
seriously. The privileges process should also include revoking privileges, which is a sensitive task that is too easy to
perform without knowing the consequences.
In Oracle you can grant a privilege by using the data control language (DCL) GRANT statement.
GRANT statement is used to grant system privileges, object privileges, and roles.
SQL GRANT Command:
SQL GRANT is a command used to provide access or privileges on the database objects to the users.
The Syntax for the GRANT command is:
GRANT { system_privilege | role | ALL PRIVILEGES}
[, {system_privilege | role | ALL PRIVILEGES} ]
TO
{user |role | PUBLIC}
[, {user |role | PUBLIC} ] …
[IDENTIFIED BY password ]
[WITH ADMIN OPTION]

2.28
System_privilege is one of the listed system privileges.
All privileges – is all system privilege granted to the user. You should never use this clause.
user_name is the name of the user to whom an access right is being granted.
PUBLIC is used to grant access rights to all users.
ROLES are a set of privileges grouped together.
WITH ADMIN OPTION - allows a user to grant access rights to other users.
Example :
SQL > Grant select any table to shalom;
Grant succeeded
SQL > Grant select on emp to shalom;
Grant succeeded
The schema owner of emp object gave select privilege to user shalom

SQL REVOKE Command:

The REVOKE command removes user access rights or privileges to the database objects.
The Syntax for the REVOKE command is:
REVOKE { system_privilege | role | ALL PRIVILEGES}
[, {system_privilege | role | ALL PRIVILEGES} ]
FROM
{user |role | PUBLIC}
[, {user |role | PUBLIC} ] …
[IDENTIFIED BY password ]
[WITH ADMIN OPTION]

Example :
SQL > Revoke select any table from shalom;
Revoke succeeded
SQL > Revoke select on emp from shalom;
Revoke succeeded
The schema owner of emp object get back the select privilege to user shalom.

You can also use the Oracle Enterprise Manager Security tool to grant and revoke system privileges by the following
steps:
1. Open Enterprise Manager and select the database to which you want to connect.
2. Click the Users link and locate the user to whom you want to grant a privilege.
3. Click the System privileges link, then click Modify, and apply the privilege you want to grant the user. You
may grant as many privileges as you want.
4. When ready, click the OK button to apply these privileges.
Oracle provides several useful data dictionary views as follows:
 DBA_SYS_PRIVS

2.29
  ALL_SYS_PRIVS
 USER_SYS_PRIVS

Granting and Revoking Object Privileges:

Oracle uses the same GRANT statement to provide database object privileges to another user.
SQL GRANT Command:
SQL GRANT is a command used to provide access or privileges on the database objects to the users.
The Syntax for the GRANT command is:
GRANT { object_privilege | ALL [PRIVILEGES]} [ (column [, column]… ) ]
[, {object_privilege | ALL [PRIVILEGES] } [, (column [, column] ]
ON
{schema.object | {DIRECTORY directory_name |
JAVA {SOURCE | RESOURCE } [ schema. ] object
}
TO {user |role | PUBLIC} [,
{user |role | PUBLIC} ] …
[WITH HIERARCHY OPTION ]
[WITH GRANT OPTION]

WITH HIERARCHY OPTION – grantee is granted privilege to all sub-objects.

WITH GRANT OPTION - allows a user to grant access rights to other users.
Example :
SQL > CONN SCOTT@SEC
Enter Password: *****
Connected.
Grant select on emp to shalom;
Grant succeeded
SQL > Grant select on emp to shalom;
/
Grant succeeded
SQL REVOKE Command:
The REVOKE command removes user access rights or privileges.
The Syntax for the REVOKE command is:
REVOKE { (object_privilege | role | ALL PRIVILEGES}
[, {object_privilege | role | ALL PRIVILEGES} }
FROM
{user |role | PUBLIC}
[, {user |role | PUBLIC} ] …
};

2.30
Example :
SQL > Revoke select on emp from shalom;
Revoke succeeded

You can also use the Oracle Enterprise Manager Security tool to grant and revoke object privileges by the following
steps:
1. Open Enterprise Manager and select the database to which you want to connect.
2. Click the Users link and locate the user to whom you want to grant a privilege.
3. Click the Object privileges link and apply the privilege you want to grant the user. You may grant as many
privileges as you want.
4. When ready, click the OK button to apply these privileges.
Oracle provides several useful data dictionary views as follows:
 USER_TAB_PRIVS
 USER_TAB_PRIVS_MADE
 USER_TAB_PRIVS_RECD
 ALL_TAB_PRIVS
 ALL_TAB_PRIVS_MADE
 ALL_TAB_PRIVS_RECD
 DBA_ TAB_PRIVS

Privileges in SQL Server:

SQL Server has four levels of permissions:
1. System or Server level
2. Database level
3. Table (Object) level
4. Column level
Note : It is important to note that having server or database level permission doesn’t mean you have access to
subordinate objects.

Privileges in SQL Server:

Server Privileges:
Sysadmin – Can perform any function within the system
Serveradmin – Can perform certain server-level functions.
Setupadmin – Can manage linked servers and startup procedures
Securityadmin – Can manage logons, change passwords
Processadmin – Can manage processes running
Dbcreator – Create, Alter and Drop Databases
Diskadmin – Can manage the disk files for the server and database
Bulkadmin – Can insert bulk insert operations

2.31
Privileges in SQL Server:
Database Privileges – Fixed Database Roles
db_owner – Have complete access to the database
db_accessadmin – Can add or remove users
db_securityadmin – Can change all permissions, object ownership, roles and role membership
db_ddladmin – Can execute all DDL statements
db_backupoperator – Can execute DBCC statements (DBCC is a SQL Server tool used for DB performance)
db_datareader – Can issue SELECT and READTEXT statements
db_datawriter – Can issue INSERT, UPDATE, DELETE and UPDATENEXT statements
db_denydatareader – Explicitly denied SELECT and READTEXT statements
db_denydatawriter – Explicitly denied INSERT, UPDATE, DELETE and UPDATENEXT statements

Privileges in SQL Server:

Database Privileges – Statement permissions
CREATE TABLE
CREATE VIEW
CREATE PROCEDURE
CREATE FUNCTION
CREATE DEFAULT
CREATE ROLE
BACKUP DATABASE
BACKUP LOG
Granting Statement Permissions:
To grant statement permission using Query Analyzer, you use the GRANT statement.
Syntax: GRANT { ALL | statement [ ,…n] } TO security_account [ ,… n]
SQL Command:
Grant all permission: SQL>GRANT ALL TO admins
Grant to create table & view: GRANT CREATE VIEW, CREATE TABLE TO shalom, cherish
Using Enterprise Manager, you can grant statement permission by the following steps:
 Open Enterprise Manager
 Expand the server that contains the database in which you want to grant the statement permission.
 Open the Properties dialog box for the database.
 Click the permission tab.
 Place a check mark in desired option.
 Click OK.
Revoking Statement Permissions:
To revoke statement permission using Query Analyzer, you use the REVOKE statement.
Syntax: REVOKE { ALL | statement [ ,…n] }
FROM security_account [ ,… n]

2.32
SQL Command:
Revoke all permission: SQL>REVOKE ALL FROM public
Grant to create table & view: REVOKE CREATE VIEW, CREATE TABLE FROM shalom, cherish
Denying Statement Permissions:
To deny statement permission using Query Analyzer, you use the DENY statement.
Syntax: DENY { ALL | statement [ ,…n] }
TO security_account [ ,… n]
SQL Command:
Deny all permission: SQL> DENY ALL TO public
Grant to create table & view: DENY CREATE VIEW, CREATE TABLE TO shalom, cherish

Privileges in SQL Server:

Table and Database Object Privileges:
You can also set privileges for accessing database objects themselves.
Granting Object Permissions:
You use the GRANT statement.
Syntax: GRANT { ALL [PRIVILEGES] | permission [,…n] }
{
[ (column [, … n ] ) ] ON {table | view}
| ON { table | view } [ (column [ ,..n] ) ]
}
TO security_account [ ,… n]
[WITH GRANT OPTION]
[AS {group | role } ]
SQL Command: GRANT SELECT ON sales TO shalom WITH GRANT OPTION
Using Enterprise Manager, you can grant statement permission by the following steps:
 Open Enterprise Manager
 Expand the server that contains the database and select the desired user.
 Open the Properties dialog box for the database.
 Click the permission tab.
 Place a check mark in desired option.
 Click OK.
 Click OK again.
Revoking Object Permissions:
Just as in Oracle, you can revoke object permissions using the REVOKE statement.
Syntax: REVOKE [ GRANT OPTION FOR]
{ ALL [PRIVILEGES ] | permission [,…n] } ON object
{TO | FROM} security_account [ ,… n]
[CASCADE]

2.33
 [AS {group | role } ]
SQL Command: REVOKE SELECT ON sales FROM shalom CASCADE
Denying Object Permissions:
You can use DENY statements to prevent users from gaining permissions through a GRANT to their user
accounts.
Syntax: DENY
{ ALL [PRIVILEGES ] | permission [,…n] } ON object
TO security_account [ ,… n]
[CASCADE]
SQL Command: DENY SELECT ON sales TO shalom

Privileges in SQL Server:

Column level Privileges:
Granting Permissions on Columns:
Syntax: GRANT { ALL [PRIVILEGES] | permission [,…n] }
{
[ (column [, … n ] ) ] ON {table | view}
| ON { table | view } [ (column [ ,..n] ) ]
}
TO security_account [ ,… n]
[WITH GRANT OPTION]
[AS {group | role } ]
SQL Command: GRANT SELECT ON emp (first-name, last_name, address, city, state, zip) TO public
GRANT SELECT, UPDATE (first-name, last_name, address, city, state, zip) ON emp TO
emp_details
Revoking Permissions on Columns:
Syntax: REVOKE [GRANT OPTION FOR ]
{ ALL [PRIVILEGES] | permission [,…n] }
{
[ (column [, … n ] ) ] ON {table | view}
| ON { table | view } [ (column [ ,..n] ) ]
}
{TO | FROM}
security_account [ ,… n]
[CASCADE]
[AS {group | role } ]
SQL Command: REVOKE ALL ON emp FROM public
Denying Permissions on Columns:
Syntax: DENY

2.34
 { ALL [PRIVILEGES] | permission [,…n] }
{
[ (column [, … n ] ) ] ON {table | view}
| ON { table | view } [ (column [ ,..n] ) ]
}
TO security_account [ ,… n]
[CASCADE]
SQL Command:
Deny all permission: DENY ALL ON emp TO general_users

Creating, Assigning and Revoking User Roles:

Creating role with ORACLE:

NOT IDENTIFIED Clause - Specify NOT IDENTIFIED to indicate that this role is authorized by the database and
that no password is required to enable the role.
IDENTIFIED Clause - Use the IDENTIFIED clause to indicate that a user must be authorized by the specified
method before the role is enabled with the SET ROLE statement.
Creating role with ORACLE:
Example
The following statement creates the role dw_manager:

CREATE ROLE dw_manager;

Users who are subsequently granted the dw_manager role will inherit all of the privileges that have been granted to
this role.
You can add a layer of security to roles by specifying a password, as in the following example:

CREATE ROLE dw_manager IDENTIFIED BY warehouse;

Users who are subsequently granted the dw_manager role must specify the password warehouse to enable the role with

2.35
the SET ROLE statement.
The following statement creates global role warehouse_user:

CREATE ROLE warehouse_user IDENTIFIED GLOBALLY;

The following statement creates the same role as an external role:

CREATE ROLE warehouse_user IDENTIFIED EXTERNALLY;

Assigning Role to User in ORACLE - Example

 To assign privileges to role issue the following statement:

SQL > GRANT CREATE SESSION TO dw_manager;

Grant succeeded

 To assign a role to a user (Ex: shalom) issue the following statement

SQL > GRANT dw_manager to shalom;

Grant succeeded

Create Roles with SQL Server:

To create a new database role using Query Analyzer , execute the SP_ADDROLE system stored procedure

sp_addrole [ @rolename = ] ‘role’ [ , [ @ownername = ] ‘owner’ ]

@rolename – The name of the new role

@ownername – The owner of new role ,

default is dbo

To add the role of “sales” to the database Northwind

use northwind
exec sp_addrolem
‘saelm
esb’ er ‘sales’ , ‘shalom’

To add the user shalom to the role sales

Dropping a Role in ORACLE
Example : To drop the role dw_manager, issue the following statement

2.36
 DROP ROLE dw_manager;

Dropping a Role in SQL Server

Example : To drop the user ‘shalom’ from the role sales, issue the following statement:

use northwind

exec sp_drop rolemember ‘sales’ , ‘jason’

CREATING , ASSIGNING AND REVOKING USER ROLE BEST PRACTICES

 Never store passwords in plain text, make sure it is encrypted

 Change passwords frequently

 Make sure the passwords are complex

 Pick password that you can remember

 Use roles to control administer privileges

 Should report the compromise or loss of password security

 Should report to security any violation of company guidelines like roles, profiles, privileges,
passwords, etc.,

 Never give / share the password

 Never give the password over the phone

 Never type your password in an e-mail

 Use Windows integrated security mode for securing SQL Server

 Use Kerberos

 When Configuring Policies: Require complex passwords, Set an account lockout threshold,

 Do not allow passwords to automatically reset ,

 Expire end-user passwords ,

 Enforce password history

2.37