oracle

intro

This document describes best-practices for application-development on oracle-dbms. The rationale is to GRANT minumum rights for security and simplicity. The sample project used within this document is called ELVE.

Security threats addressed:

• Force Majeure

  • T 1.1 Loss of personnel

• Organisational Shortcomings

  • T 2.39 Complexity of a DBMS
  • T 2.40 Complexity of database access

• Human Failure

  • T 3.16 Incorrect administration of site and data access rights
  • T 3.23 Improper administration of a DBMS
  • T 3.24 Inadvertent manipulation of data

• Technical Failure

  • T 4.30 Loss of database integrity/consistency

Countermeasures addressed:

• Organisation

  • S 2.25 Documentation of the system configuration
  • S 2.31 Documentation on Authorised Users and on Rights Profiles
  • S 2.34 Documentation on changes made to an existing IT system
  • S 2.111 Keeping manuals at hand
  • S 2.125 Installation and configuration of a database
  • S 2.126 Creation of a database security concept
  • S 2.127 Inference prevention
  • S 2.128 Controlling access to a database system
  • S 2.129 Controlling access to database information
  • S 2.131 Separation of administrative tasks for database systems

• Personnel

  • S 3.5 Education on IT security measures
  • S 3.11 Training of maintenance and administration staff

schemes

ELVE

This is the project-schema. It is used to store all db-objects like tables and views that belong to the project.

ELVE_TEST

This is the test-user-schema of the project. It is used to test the security settings for project users. It is assigned one single role: ELVE_USER.

roles

Each function is given a role, so that these roles can be granted and revoked from users without interference of other functions. Each following role is a superset of the preceding one, so that only one single role is needed to be granted to access all relevant functions. Currently there are 4 known levels of access:

1. ELVE_USER_ANON

   This is the lowest level role for anonymous users of the project like web-/wap-servers and other machines. It does allow CREATE SESSION and SELECT on public data only and normally no modification to the database.

2. ELVE_USER

   This is the role for users of the project. It has minimum rights on the objects used by the project. Especially theres no SELECT-privilege on tables that are encapsulated by views and no UPDATE-privilege on tables or views that are used for display only.

3. ELVE_ADMIN

   This is the role for administrators of the project. It does allow setting some global parameters of the project that affect all users and the system behavior.

4. ELVE_DEVELOPER

   This is the role for developers of the project. It is assigned additional rights and privileges needed to create the projects database-objects. Especially different CREATE-privileges are needed. Also it must have the right to grant to the other roles.