Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 
 Home
 E-mail Us
 Oracle Articles


 Oracle Training
 Oracle Tips

 Oracle Forum
 Class Catalog


 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Analysis
 Design
 Implementation
 Oracle Support


 SQL Tuning
 Security

 Oracle UNIX
 Oracle Linux
 Monitoring
 Remote s
upport
 Remote plans
 Remote
services
 Application Server

 Applications
 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support

 Remote S
upport  
 Development  

 Implementation


 Consulting Staff
 Consulting Prices
 Help Wanted!

 


 Oracle Posters
 Oracle Books

 Oracle Scripts
 Ion
 Excel-DB  

Don Burleson Blog 


 

 

 


 

 

 

 

 

Oracle Column Privileges Security

Oracle Security Tips by Burleson Consulting


This is an excerpt from the bestselling book "Oracle Privacy Security Auditing", a complete Oracle security reference with working Oracle security scripts.
 


Column Privileges

A lesser-known feature of Oracle is the ability to grant privileges on individual columns, rather than complete tables. For instance, the user CLAIM_SCHEMA can grant privileges to JUDY so that she can update only the PAID_AMOUNT field of the table CLAIMS, nothing else. The CLAIM_SCHEMA can issue:

grant update (paid_amount) on claims to judy;

If the user JUDY updates any other column as:

update
   claim_schema.claim
set
   claim_amount = 10000
where
   claim_id = 1234
/

The output comes back as:

update claim_schema.claim                    *

ERROR at line 1:

ORA-01031: insufficient privileges

She gets an insufficient privileges error. To find out the column privileges granted, you could query the data dictionary view dba_col_privs as follows:

* find_col_privs.sql

--**********************************************
--
--   Copyright ? 2003 by Rampant TechPress Inc.
--
--   Free for non-commercial use.
--   For commercial licensing, e-mail info@rampant.cc
--
-- *********************************************

select
    owner,
    table_name,
    column_name,
    grantor,
    privilege,
    grantable

 from
    dba_col_privs
 where
    grantee = 'JUDY'
/

The output may look like this:

OWNER        TABLE_ COLUMN_NAME GRAN  PRIVILEGE  GRA
------------ ------ ----------- ----  ---------- ---
CLAIM_SCHEMA CLAIMS PAID_AMOUNT JUDY  INSERT     NO
CLAIM_SCHEMA CLAIMS PAID_AMOUNT JUDY  UPDATE     NO

Note the column COLUMN_NAME. It indicates which column has been granted the privilege to the grantee. Just like the above discussion on object privileges, the privileges can be granted with GRANT OPTION. If someone other than the owner grants it, the GRANTOR column will be different.

In addition to the UPDATE privileges, the column level privileges can be set on INSERT and REFERENCES statements. If set on INSERT, the grantee can insert some value into those columns only; all other columns will be merely defaulted or left with null values. Setting this on REFERENCES limits the grantee's ability to create foreign key constraints against those columns only.

* For HIPAA requirements, one of the key things is to protect the Protected Health Information (PHI). This can be easily met by protecting the PHI columns on the tables with the INSERT and UPDATE column privileges, as described.

System Privileges

The preceding section talked about the privileges required for the regular users to access certain specific objects in some specific manner, e.g. the user JUDY can SELECT from table MEMBERS, but not UPDATE it. However, they can do that only when they have privileges to get into the database in the first place. Similarly, the user can create a table, but we can control which tablespace she can create the table on, etc.

These types of privileges, which are not tied to any specific objects, are known as system privileges. Oracle has several system privileges, as described in the Administrators Manual of the Oracle documentation. We will not repeat the information. In this section we will discuss only a few of the system privileges related to the security of the database as defined in table 4.6.

PRIVILEGES

DESCRIPTION

CREATE SESSION

This allows a user to connect to the database, but that is all this privilege can do. It does not allow creation of any objects, nor does it allow the reading of data. All users who need a connection to the database need this privilege.

ALTER SESSION

Typically, this privilege is not necessary in regular operation. Users can issue session altering statements such as ALTER SESSION SET NLS_DATE_FORMAT without needing this privilege. Therefore, this is not necessary. The only time it is needed is when the session has to write something on the server side filesystem, such as in ALTER SESSION SET SQL_TRACE = TRUE statement.

RESTRICTED SESSION

When a database is started in restricted mode, typically to conduct some maintenance operations, regular users are not allowed to connect. However some non-DBA users can be allowed to connect during this restricted session status; and this system privilege allows that. Suppose a report program uses an id called REPUSER that has only SELECT privileges on the tables, not any modification privileges. This user can be allowed to connect during the time when some maintenance is going on since the user does not modify anything. However, issue this privilege if and only if you determine that the user does not do something that is consistent with the maintenance activities.

CREATE DATABASE LINK

This allows the user to create database links. Typically, you would give these privileges very selectively, only to those users who might create private database links to other databases. However, good security models suggest that PUBLIC database links be created by the SYS user instead, without password, whenever possible.

CREATE TABLE,
CREATE INDEX, CREATE SEQUENCE,
CREATE VIEW, CREATE SNAPSHOT, etc.

Create Table privilege, as the name suggests, allows the user to create a table. However, it does not allow the creation in a tablespace where the user does not have a quota. We will discuss more about quotas later. In the meantime, this privilege should be granted only to the users who will have schema objects. Typically, in an application, a specific user or a group of users own the table, and all other users are given access to them. Only the former, never the latter, should be given these privileges.

CREATE ANY TABLE,
CREAT EANY VIEW, etc.

Note the keyword ANY before the object type. This allows the user to create an object of that type in any schema, not just his or her schema. For example, if JUDY is given this privilege like:

Grant create any table to JUDY;

Judy can now create a table like

Create table NATHAN.CLAIMS (..);

Note the table was created as owned by Nathan, not Judy. This is a very powerful privilege; Judy can even create objects owned by the SYSTEM user! Needless to say, never grant this privilege to anyone.

UNLIMITED TABLESPACE

This privilege allows the user to create objects without any boundaries in any tablespace, including the SYSTEM tablespace. This should not be given to any user.

SELECT ANY TABLE

This privilege allows the user to select from any table/view owned by any user, including the data dictionary tables and views. Obviously, this creates several security holes as the user can see data that could be sensitive. Therefore, this privilege should not be given out without a proper analysis. In most cases, this privilege is never required and should not be given. If a user truly has to select from other users' tables, say, for reporting, then explicit grants should be given to the user on those objects.

SELECT ANY

DICTIONARY

This privilege, new in Oracle 9i, allows the user to select any data dictionary table. This may not be necessary in any normal case. Suppose you want to create a user for a performance-monitoring tool you installed. This tool will have to query all the data dictionary views such as v$sysstat to get the performance metrics. Earlier, the SELECT ANY TABLE privilege was needed, but not anymore. The SELECT ANY DICTIONARY privilege allows the user to select any dictionary table and at the same time protect sensitive database tables.

Table 4.6 Important System Privileges

The system privileges are granted by the following command.

GRANT CREATE TABLE TO JUDY;

The privileges can be retracted using:

REVOKE CREATE TABLE TO JUDY;

 

This is an excerpt from the book "Oracle Privacy Security Auditing".

You can buy it direct from the publisher for 30%-off and get instant access to the code depot of Oracle security and auditing scripts.


 

 
  
 

 
 
 
 
 

 
 
 
 
 
 
Oracle training Excel
 
Oracle performance tuning software 
 

 

Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  and include the URL for the page.


                    









Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


 

Copyright ? 1996 -  2014

All rights reserved by Burleson

Oracle ? is the registered trademark of Oracle Corporation.