• Blog
  • Get Help Now!
  • Customer Portal

BlueGecko Denmark

  • Why you need us
    • Why act now
    • Why are we unique
  • What we do
    • Products Supported 24/7
      • MySQL
      • Postgres
      • SQL Server
      • Open Source
      • OS & Storage
  • How we do it
    • Consulting
    • System Monitoring
    • Security
  • Support
    • Blog
      • Oracle
      • MySQL
      • News & Events
      • Oracle Applications
      • Amazon Web Services
      • Jeremiah Wilton’s Oradeblog
      • OurSQL Community Podcast
      • Remote DBA
    • Team viewer
    • Whitepapers
  • About Us
    • Philosophy
    • The Blue Gecko Teams
    • Employment Opportunities
    • Partners
    • News
    • Press
  • Contact Us

May 5, 2009 by cedwards

Enterprise Database Security – A Practical Example

I attended this presentation without a lot of practical hands-on knowledge of using OID with either the database or E-Business Suite.  Blue Gecko has several SOX-beholden customers, and we plan to implement OID for EBS soon; centralized control for database accounts would also be a huge boon.

Gary is clearly familiar with setting up OID – he was fluid with the material; however, he relied heavily on GUI tools, claiming in some cases it was the “only way” to register database schemas and roles with an OID LDAP tree.  If that’s the case, setup could be very cumbersome indeed.

The basic relationship between the database and OID from a user rights perspective is that database schemas and roles map to OID global users and groups, respectively.  Effectively, the user is de-coupled from the schema.  When a user signs in and authenticates a global user account in OID, privileges and a schema are assigned by OID.  If someone has gone around the back door and assigned privileges to the schema unbeknownst to OID, well, that will work too, so an auditing burden certainly exists.

This sounds great – create a global user, then in OID, assign it to various groups that map to schemas (ostensibly with nothing more than a create session privilege) and roles in each database.  Trouble is, the roles have to exist in each database.  If you want to manage hundreds of database (presumably where OID would add the most value) you need to replicate (and monitor for changes) roles in each database.  This sounds like a pain and another (albeit existing) audit risk.  I was hoping OID solved this problem.

Regardless, the presentation was delivered well and I’m definitely going to do some more OID research when I get back to Seattle.

Filed Under: Oracle, Oracle Applications Tagged With: collaborate 09, EUS, Oracle EUS, Oracle OID

Categories

  • Amazon Web Services
  • Configuration Management
  • downtime
  • Drizzle
  • ebs
  • Education
  • elastic block store
  • elastic compute cloud
  • hosting
  • hot backup
  • ignorance
  • Infrastructure
  • IOUG
  • Jeremiah Wilton's Oradeblog
  • misconception
  • misconceptions
  • Monocle
  • MySQL
  • MySQL Council
  • News
  • News & Events
  • Oracle
  • Oracle APEX
  • Oracle Applications
  • Oracle Data Guard
  • Oracle Database
  • Oracle Database Appliance
  • Oracle Linux
  • Our People
  • OurSQL Community Podcast
  • outage
  • parallel
  • performance
  • podcast
  • proof
  • Remote DBA
  • replication
  • S3
  • Security
  • SQL Server
  • System monitoring
  • Tomcat
  • Uncategorized

Contact Blue Gecko

  • This field is for validation purposes and should be left unchanged.

Get Our Newsletter

  • This field is for validation purposes and should be left unchanged.

The Fine Print

  • Privacy Policy
  • Terms of Use
  • When is remote DBA the right solution
  • What are remote DBA services
  • Get Help

Blog Categories

  • 24/7 support
  • Blue Gecko 360° Services
  • Products Supported 24/7

Virtual runs

Contact Blue Gecko

Blue Gecko A/S
Slotsgade 21
DK – 4200 Slagelse
Denmark
Phone: (DK) +45 70 60 51 20

Networks

  • Email
  • Twitter

© Blue Gecko Group