Every database has a pseudorole named PUBLIC that includes every user. All users
can use privileges granted to PUBLIC. For example, if database links are created
using the keyword PUBLIC, they will be visible to all users who have privileges to the
underlying objects for those links and synonyms. As we describe in the ???Auditing???
section of this chapter, the privilege CREATE PUBLIC DB LINK is now audited. As
database vulnerability is an increasing concern, you may want to consider limited
privileges for the PUBLIC role.
Identity Management
No amount of security can overcome the handicap of poor security administration.
The more complex the administration tasks that are being performed, the more likely
it is that errors will occur, leaving security holes in your system. In situations where
youwant to centrally control access to a number of databases, Oracle Identity Management
can provide a solution by storing user information and their authorization
in a LDAP directory such as the Oracle Internet Directory (OID). For example, you
might use OID to authorize SYSDBA and SYSOPER connections.
Pages:
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319