Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.

Slides:



Advertisements
Similar presentations
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.
Advertisements

Chapter 9 Auditing Database Activities
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
System Administration Accounts privileges, users and roles
Triggers & Active Data Bases. Triggers What is a trigger? Trigger is like a procedure that is automatically invoked by the DBMS in response to specified.
Harvard University Oracle Database Administration Session 2 System Level.
A Guide to Oracle9i1 Advanced SQL And PL/SQL Topics Chapter 9.
Fundamentals, Design, and Implementation, 9/e Chapter 7 Using SQL in Applications.
Chapter 7 Database Auditing Models
Chapter 5 Database Application Security Models
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.
10 Copyright © 2005, Oracle. All rights reserved. Implementing Oracle Database Security.
Chapter 7 Database Auditing Models
Adapted from Afyouni, Database Security and Auditing DB Auditing Examples (Ch. 9) Dr. Mario Guimaraes.
Adapted from Afyouni, Database Security and Auditing Database Application Auditing – Ch. 8.
11 Copyright © 2004, Oracle. All rights reserved. Oracle Database Security.
Project Implementation for COSC 5050 Distributed Database Applications Lab2.
Chapter Oracle Server An Oracle Server consists of an Oracle database (stored data, control and log files.) The Server will support SQL to define.
By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.
CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.
Database Technical Session By: Prof. Adarsh Patel.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.
CSIS 4310 – Advanced Databases Virtual Private Databases.
Database Programming Sections 13–Creating, revoking objects privileges.
1 Oracle Database 11g – Flashback Data Archive. 2 Data History and Retention Data retention and change control requirements are growing Regulatory oversight.
10 Copyright © 2005, Oracle. All rights reserved. Implementing Oracle Database Security.
CSE 3330 Database Concepts Stored Procedures. How to create a user CREATE USER.. GRANT PRIVILEGE.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Triggers A Quick Reference and Summary BIT 275. Triggers SQL code permits you to access only one table for an INSERT, UPDATE, or DELETE statement. The.
Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.
In Oracle.  A PL/SQL block stored in the database and fired in response to a specified event ◦ DML statements : insert, update, delete ◦ DDL statements.
Database Design and Management CPTG /23/2015Chapter 12 of 38 Functions of a Database Store data Store data School: student records, class schedules,
Lecture2: Database Environment Prepared by L. Nouf Almujally 1 Ref. Chapter2 Lecture2.
Application Data and Database Activities Auditing Dr. Gabriel.
Roles & privileges privilege A user privilege is a right to execute a particular type of SQL statement, or a right to access another user's object. The.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 9 Auditing Database Activities.
Database Systems Design, Implementation, and Management Coronel | Morris 11e ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or.
Creating DDL and Database Event Triggers. 2 home back first prev next last What Will I Learn? Describe events that cause DDL and database event triggers.
What is a Package? A package is an Oracle object, which holds other objects within it. Objects commonly held within a package are procedures, functions,
PL/SQLPL/SQL Oracle10g Developer: PL/SQL Programming Chapter 9 Database Triggers.
Module 6: Data Protection. Overview What does Data Protection include? Protecting data from unauthorized users and authorized users who are trying to.
PL/SQLPL/SQL Oracle11g: PL/SQL Programming Chapter 9 Database Triggers.
PL/SQLPL/SQL Oracle10g Developer: PL/SQL Programming Chapter 9 Database Triggers.
PL/SQLPL/SQL Oracle10g Developer: PL/SQL Programming Chapter 8 Program Unit Dependencies.
Chapter 5 : Integrity And Security  Domain Constraints  Referential Integrity  Security  Triggers  Authorization  Authorization in SQL  Views 
1 Intro stored procedures Declaring parameters Using in a sproc Intro to transactions Concurrency control & recovery States of transactions Desirable.
Oracle 11g: SQL Chapter 7 User Creation and Management.
Chapter 6 Virtual Private Databases
11 Copyright © 2007, Oracle. All rights reserved. Implementing Oracle Database Security.
SQL Triggers, Functions & Stored Procedures Programming Operations.
18 Copyright © 2004, Oracle. All rights reserved. Implementing Oracle Database Security.
20 Copyright © 2006, Oracle. All rights reserved. Best Practices and Operational Considerations.
7.5 Using Stored-Procedure and Triggers NAME MATRIC NUM GROUP Muhammad Azwan Bin Khairul Anwar CS2305A Muhammad Faiz Bin Badrol Shah CS2305B.
ORACLE's Approach ORALCE uses a proprietary mechanism for security. They user OLS.... ORACLE Labeling Security. They do data confidentiality They do adjudication.
Understanding Core Database Concepts Lesson 1. Objectives.
Fundamental of Database Systems
Controlling User Access
Managing Privileges.
Managing Privileges.
Creating Database Triggers
IS221: Database Management
Active Database Concepts
Introduction To Database Systems
PL/SQL Programing : Triggers
Chapter 7 Using SQL in Applications
Oracle9i Developer: PL/SQL Programming Chapter 8 Database Triggers.
Managing Privileges.
Chapter 7 Using SQL in Applications
Prof. Arfaoui. COM390 Chapter 9
Presentation transcript:

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing

Database Security and Auditing2 Objectives Understand the difference between the auditing architecture of DML Action Auditing Architecture and DML changes Create and implement Oracle triggers Create and implement SQL Server triggers Define and implement Oracle fine-grained auditing

Database Security and Auditing3 Objectives (continued) Create a DML statement audit trail for Oracle and SQL Server Generate a data manipulation history Implement a DML statement auditing using a repository

Database Security and Auditing4 Objectives (continued) Understand the importance and the implementation of application errors auditing in Oracle Implement Oracle PL/SQL procedure authorization

Database Security and Auditing5 DML Action Auditing Architecture Data Manipulation Language (DML): companies use auditing architecture for DML changes DML changes can be performed on two levels: –Row level –Column level Fine-grained auditing (FGA)

Database Security and Auditing6 DML Action Auditing Architecture (continued)

Database Security and Auditing7 DML Action Auditing Architecture (continued)

Database Security and Auditing8 Oracle Triggers Stored PL/SQL procedure executed whenever: –DML operation occurs –Specific database event occurs Six DML events (trigger timings): INSERT, UPDATE, and DELETE Purposes: –Audits, controlling invalid data –Implementing business rules, generating values

Database Security and Auditing9 Oracle Triggers (continued)

Database Security and Auditing10 Oracle Triggers (continued) CREATE TRIGGER Executed in a specific order: –STATEMENT LEVEL triggers before COLUMN LEVEL triggers –BEFORE triggers before AFTER triggers USER_TRIGGERS data dictionary view: all triggers created on a table A table can have unlimited triggers: do not overuse them

Database Security and Auditing11 Oracle Triggers (continued)

Database Security and Auditing12 SQL Server Triggers CREATE TRIGGER DDL statement: creates a trigger Trigger condition: –Prevents a trigger from firing –UPDATE() and COLUMNS_UPDATE() functions Logical tables: –DELETED contains original data –INSERTED contains new data

Database Security and Auditing13 SQL Server Triggers (continued) Restrictions—Transact-SQL statements not allowed: –ALTER and CREATE DATABASE –DISK INIT and DISK RESIZE –DROP DATABASE and LOAD DATABASE –LOAD LOG –RECONFIGURE –RESTORE DATABASE –RESTORE LOG

Database Security and Auditing14 Implementation of an Historical Model with SQL Server Create a history table: –Same structure as original table –HISTORY_ID column Create a trigger: inserts original row into the HISTORY table

Database Security and Auditing15 Fine-grained Auditing (FGA) with Oracle Oracle provides column-level auditing: Oracle PL/SQL-supplied package DBMS_FGA DBMS_FGA procedures: –ADD_POLICY –DISABLE_POLICY –DROP_POLICY –ENABLE_POLICY

Database Security and Auditing16 Fine-grained Auditing (FGA) with Oracle (continued) ADD_POLICY parameters: –OBJECT_SCHEMA –OBJECT_NAME –POLICY_NAME –AUDIT_CONDITION –AUDIT_COLUMN –HANDLER_SCHEMA

Database Security and Auditing17 Fine-grained Auditing (FGA) with Oracle (continued) ADD_POLICY parameters (continued): –HANDLER_MODULE –ENABLE –STATEMENT_TYPES DBA_FGA_AUDIT_TRAIL: view the audit trail of the DML activities

Database Security and Auditing18 DML Action Auditing with Oracle Record data changes on the table: –Name of the person making the change –Date of the change –Time of the change Before or after value of the columns are not recorded

Database Security and Auditing19 DML Action Auditing with Oracle (continued)

Database Security and Auditing20 DML Action Auditing with Oracle (continued) Steps: –Use any user other than SYSTEM or SYS; with privileges to create tables, sequences, and triggers –Create the auditing table –Create a sequence object –Create the trigger that will record DML operations –Test your implementation

Database Security and Auditing21 History Auditing Model Implementation Using Oracle Historical data auditing is simple to implement; main components are TRIGGER objects and TABLE objects Keeps record of: –Date and time the copy of the record was captured –Type of operation applied to the record

Database Security and Auditing22 History Auditing Model Implementation Using Oracle (continued) Steps: –Use any user other than SYSTEM or SYS; with privileges to create tables, sequences, and triggers –Create history table –Create the trigger to track changes and record all the values of the columns –Test your implementation

Database Security and Auditing23 DML Auditing Using Repository with Oracle (Simple 1) Simple Auditing Model 1 Flag users, tables, or columns for auditing Requires less database administrative skills: –Application administrators can do it –User interface is built in top of the repository Auditing flags are flexible Does not record before or after column values; only registers type of DML operations

Database Security and Auditing24 DML Auditing Using Repository with Oracle (Simple 1) (continued)

Database Security and Auditing25 DML Auditing Using Repository with Oracle (Simple 1) (continued) Steps: –Use any user other than SYSTEM or SYS –Create triggers –Create sequence object –Build tables to use for applications –Populate application tables

Database Security and Auditing26 DML Auditing Using Repository with Oracle (Simple 1) (continued) Steps (continued): –Populate auditing repository with metadata –Create the stored package to be used with the trigger –Create triggers for application tables –Test your implementation

Database Security and Auditing27 DML Auditing Using Repository with Oracle (Simple 2) Simple Auditing Model 2: requires a higher level of expertise in PL/SQL Stores two types of data: –Audit data: value before or after a DML statement –Audit table: name of the tables to be audited

Database Security and Auditing28 DML Auditing Using Repository with Oracle (Simple 2) (continued)

Database Security and Auditing29 DML Auditing Using Repository with Oracle (Simple 2) (continued) Steps: –Use any user other than SYSTEM or SYS; with privileges to create tables, and triggers –Create the auditing repository –Establish a foreign key in AUDIT_DATA table referencing AUDIT_TABLE table –Create a sequence object –Create the application schema

Database Security and Auditing30 DML Auditing Using Repository with Oracle (Simple 2) (continued) Steps (continued): –Add data to tables –A stored PL/SQL package will be used for auditing within the triggers –Create triggers for audited tables –Add auditing metadata –Test your implementation

Database Security and Auditing31 Auditing Application Errors with Oracle Application errors must be recorded for further analysis Business requirements mandate to keep an audit trail of all application errors Materials: –Repository consisting of one table –Methodology for your application

Database Security and Auditing32 Auditing Application Errors with Oracle (continued) Steps: –Select any user other than SYSTEM or SYS; with privileges to create tables, and procedures –Populate tables –Create the ERROR table –Create a stored package to perform the UPDATE statement –Test your implementation: perform and update using the CREATE package

Database Security and Auditing33 Oracle PL/SQL Procedure Authorization Oracle PL/SQL stored procedures are the mainstay of implementing business rules Security modes: –Invoker rights: procedure is executed using security credentials of the caller –Definer rights: procedure is executed using security credentials of the owner

Database Security and Auditing34 Oracle PL/SQL Procedure Authorization (continued) Steps: –Create a new user –Select a user with CREATE TABLE and PROCEDURE privileges –Populate tables –Create stored procedure to select rows in a table –Grant EXECUTE privileges on new procedure –Log on as the new user and query the table –Execute procedure

Database Security and Auditing35 Summary Two approaches for DML auditing: –Set up an audit trail for DML activities –Register all column values before or after the DML statement (column-level auditing) Fine-grained auditing (Oracle) Triggers: –Stored PL/SQL procedure automatically executed –Oracle has six DML events

Database Security and Auditing36 Summary (continued) Triggers are executed in order USER_TRIGGERS data dictionary view: shows all triggers SQL Server 2000: –CREATE TRIGGER DDL statement –Conditional functions: UPDATE() and COLUMNS_UPDATED() FGA allows generation of audit trail of DML activities

Database Security and Auditing37 Summary (continued) FGA is capable of auditing columns or tables; Oracle PL/SQL-supplied package DBMS_FGA PL/SQL stored procedures security modes: –Invoker rights –Definer rights

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.