Management of Security

Security in VLC Software is administered by a user with DBA privileges, VLCADMIN, and is managed through the Administration Module.The Security and Administration module provides extens

OFFICE OF THE ACCOUNTANT GENERAL (A&E),

KERALA

Management of Security

in VLC Software

Security in VLC Software is administered by a user with DBA privileges, VLCADMIN, and is managed through the Administration Module.

The Security and Administration module provides

extensive security features to safeguard the data from

both unauthorised viewing and intentional tampering In addition, it maintains the users and defines users by

creating roles and functions, audits all deleted records

and checks SQL facilities Security is provided by

granting specific privileges to roles and then assigning

roles to users Roles are created by the administrator for every module by granting the type of access, full or read only, on related database objects depending on the

module requirement and the status and responsibilities of the user

The first screen of the Administration

Module offers the Menu for all

Administration activities.

The Main Menu item are

>Module other Administration

>Roles

>Users

>Report

>Exit

Before going into the finer details of the sub menus

a detour for a brief look at

the security features in

Oracle

Database Security Concepts

• Confidentiality, integrity, and availability

are the hallmarks of database security.

• Securing your database involves not only

establishing strong password policy, but also adequate access controls.

• Security is also about the weakest link

Databases should not provide a point of weakness.

Database Security Concepts (Contd…)

• Security in Oracle has several layers

• The first layer of security is, of course, the RAW

assignment and management of users

• The second layer is the high-level system grants that give the user permission to create, alter, and use database

objects such as tables, indexes, and clusters

• The third layer of security is the object-level grants that

allow users to interact with database objects

• The fourth layer is the column grant layer that grants or

restricts access to the specific columns inside a database object

• The fifth layer involves the use of policies and contexts to

control row level access The final level of security deals with controlling access to system resources such as CPUs

In VLC Software the VLCADMIN user creates users using the ‘User Creation and Role Allocation’ sub menu

under the ‘Users’ menu item

– Data is protected by

• Defining the types/levels of users

• Defining area of work for each user

• Providing various tiers of security for each user

Types of Users :

- Data Entry Operators

- Supervisors

- Management

 VLC Software incorporates an

added security feature.

 All sub menu actions are protected

from unauthorised users.

 Each action calls for a separate

log on thus preventing

unauthorised users from

adding/deleting or modifying

Users, Roles or Modules.

• The Administration module is so

designed that first a module master is created It is followed by the creation

of Roles.

• A user can be created only after

creation of Modules and Roles.

• This ensures effective

implementation of the Oracle Security feature of user grants and privileges.

User Grants and Privileges

> Privileges specify the type of Data

Manipulation Language (DML)

operations, which the user can

perform upon data.

> Two distinct categories of

privileges within a database are :

• System Privileges

• Schema Object Privileges

• System Privileges

System privileges allow users to perform

a particular systemwide action or a

particular action on a particular type of

schema object For example, the

privileges to create a tablespace, table or

to insert or delete the rows of any table in the database are system privileges Many system privileges are available only to

administrators and application developers because the privileges are very powerful.

User Grants and Privileges(Contd…)

• Schema Object Privileges

Schema object privileges for tables allow table

security at the level of data manipulation language (DML) and data dictionary language (DDL)

operations.

Object privileges allow a user to perform a

particular action on a specific object including

tables, views, sequences, procedures, functions, and packages For example, the privilege to insert rows into a particular table is an object privilege Object privilege grants always include the name of the object for which the privilege is granted.

User Grants and Privileges(Contd…)

Managing System and Object Privileges

• The user’s ability to supply a valid

username and password can be used as a first level of authorization for a user to

access a database or specific database

tables.

• Additional techniques that can be used to

further manage system and object

privileges are:

> Roles

> Stored Procedures

> Network Facilities

Using Roles to Manage Privileges

• A Role mechanism can be used to

provide authorisation A single person

or a group of people can be granted a role or a group of roles One role can

be granted in turn to other roles By

defining different types of roles,

administrators can manage access

privileges much more easily.

Use of Roles

• Roles are collections of system,

object, and row grants This allows the DBA to collect all related grants for a specific application function under one object that can then be easily granted to your users with a single command Using roles has several benefits:

> Reduces the number of grants and

thereby makes it easier to manage security

> Dynamically changes the privileges

for many users with a single

grant/revoke

> Can be selectively enabled/disabled

depending upon the application

> Reduces the number of grants and thereby makes it easier to manage security

> Dynamically changes the privileges for many users with a single

> Roles can be used for most system

and object privileges Privileges

granted through a role cannot be

used for creating a stored object

(views, packages, triggers, java,

procedures, and function) You need

to grant privileges directly to the

user for this

> Roles can be used for most system

and object privileges Privileges

granted through a role cannot be

used for creating a stored object

(views, packages, triggers, java,

procedures, and function) You need

to grant privileges directly to the

user for this

Use of Roles (Contd…)

At user level the privileges are assigned in

VLC software as given below:

The privileges for

– Data Entry operator (Select + Insert +

Update + Delete),

– Supervisors (select + Update Check Flag),

- Management (Select)

 Area of work for each user

• Each user would be working on a particular

module or a part within a module This is

determined by providing privileges to roles

Overall security is managed in VLC

Software in 3 security tiers

+ Tier I: Log on Level- Through

Password protection

+ Tier II: Menu level The user can

operate that Module which is

assigned to him - Through Roles.

+ Tier III: Form/Report Level Only

those tasks that the role permits -Through Modules.

+ Tier I: Log on Level- Through

Password protection

+ Tier II: Menu level The user can

operate that Module which is

assigned to him - Through Roles.

+ Tier III: Form/Report Level Only

those tasks that the role permits -Through Modules.

User Administration - Passwords

Oracle supports a number of passwords

features You need to consider all of the following when you set password standards:

> Passwords aging and expiration: To help ensure that a password will not be compromised,

passwords should be changed on a system at

least every three months The decision of

whether to enforce password aging and

expiration should be identified in the security

plan The longer a password remains in effect for

an account, the greater the possibility that the

password can be compromised.

User Administration - Passwords (Contd….)

> Password reuse : If a password will be permitted to

be reused, restrict its use to no more frequently

than every seventh password cycle A better

approach would be to completely exclude a

password that has been used from being used by that person again.

> Failed login attempts : The number of failed login

attempts that will be tolerated on a system should

be defined in the security plan You must also

determine the actions that should be taken when the number of failed login attempts has been

exceeded.

User Administration - Passwords (Contd….)

> Account locking and unlocking :

If account locking is going to be

enabled, you can define the

personnel who will be in charge

of performing the account

unlocking.

> Passwords in Oracle can now be

aged and expired.

In Oracle one can manage passwords through profiles Some of the parameters one can

control are:

• FAILED_LOGIN_ATTEMPTS - failed login attempts before the account is locked

• PASSWORD_LIFE_TIME - limits the

number of days the same password can

be used for authentication

• PASSWORD_REUSE_TIME - number of days before a password can be reused

• PASSWORD_REUSE_MAX - number of password changes required before the

One can manage passwords through profiles Some of the

parameters one can control are: (Contd…)

• PASSWORD_LOCK_TIME - number of days

an account will be locked after maximum

failed login attempts

• PASSWORD_GRACE_TIME - number of days after the grace period begins during which a warning is issued and login is allowed

• PASSWORD_VERIFY_FUNCTION - password complexity verification script

VLC Software incorporates the Oracle Security features

through its menus A detailed look at the software will clarify how it is implemented in the VLC Software

A Detailed look at Security and Administration Module of VLC

Software

The first step in the implementation of the Security features is the

creation of the Module

Master

• VLCADMIN user has the privilege to create this Master table Login as VLCADMIN user

to use this menu item.

• Each module in the Software is given a

Module Code.

• The relevant Forms and Reports are

attached to the module through this form.

• The Form/Report Status flag is set to valid for the Forms/Reports to be available to

users.

• If a Form/Report is to be made inaccessible

to all users this flag is set to invalid.

• The next step is the creation of

Roles

• Roles are module dependent

• As users are of 3 types, Roles

too have 3 types of

classification.

• The 3 types are:

• Data Entry Operators identified by D.

• Supervisors identified by S and

• Managers identified by M.

+ Again, depending on the type of access

to objects, a further classification is

made

– ALL – Select – Insert etc.

– The Role name is thus a combination of Module and the

two classifications like AC_D_ALL1

Login as the owner of objects to create Roles

• After creation of the role, objects necessary to

run the functions for that role are attached to the role.

• Depending on the groups of users, who will be

assigned this role the privileges are checked in the check box It could be All or a combination

of Select, Update, Insert and Delete.

• If All is checked, checking any of the other

items will throw an error message.

• And if one of the rest is checked, checking All

will throw an error message.

In the VLC Software, VLC is the owner of all objects Therefore, even after

attaching the objects to the respective

roles ORA-00942 error will be thrown up when a user tries to work with

Forms/Reports in this module This is

overcome by creation of Public Synonyms for all objects.

Clicking ‘Create Synonyms’ button

creates synonyms for all objects in one go.

Once the appropriate Roles are

created we are ready for

creation of users Login as VLCADMIN to create

users

You can choose the user type from the List, type the user name, userID

Password, Section, Default tablespace, Temporary tablespace and Profile

The user account status is set as ‘valid’

by default.

If you want to temporarily block a

user this flag can be set to invalid.

The Role/Roles allocated to the user is attached in the lower block.

SQL*PLUS Facilities

# By default all SQL*PLUS privileges

are disabled for all users.

# Login as System to grant

SQL*PLUS facilities.

# The SQL*PLUS attributes can be

selectively granted to a user by the System user

A user’s password usage and resources can be controlled through profiles.

The Administrative module has a form to

Use of profiles is an easy and efficient method of enforcing password control

Among other things, it will ensure that users

will change passwords regularly.

After a user is created, the DBA communicates the userid and password (same as the userid, to begin with) to the user with instructions to change the

password immediately.

Passwords are changed using the following The user logs in using the original password to this form.

form:-The new password is typed in the two text boxes.

The program rejects passwords that are shorter

Restriction on Forms and Reports

• The ‘Forms and Reports for

users’ sub menu under Users

menu item is used to restrict use

of Forms and Reports.

• Only those Forms and Reports

attached through this menu will

be accessible to the user.

Restriction on Forms and Reports

(Contd…)

• Even from among those Forms and

Reports attached to a user, the DBA

can restrict usage through the ‘User

Form Status’ Flag.

• Only those Form/Reports whose status

is ‘Valid’ is accessible to the user.

• By setting status to ‘Invalid’, access

can be denied to any Form/Report,

notwithstanding the fact that those

Forms/Reports are attached to the user.

Audit of Deleted Records

• The Security and Administration

Module provides auditing of deleted records.

• It keeps track of all deleted records.

• You can view the list of deleted

records on screen.

• This is accessed through the ‘List of

deleted records’ submenu under

‘Module Other Administration’ menu.

• You can also generate hard copies

of the list of deleted records.

• That was the preview of the report.

• The Report is generated using the

‘List of deleted records’ submenu under the ‘Reports’ Menu.

• Details are shown user-wise with date in the descending order.

Relation between Supervisors and DEOs

VLC Software includes a feature whereby a

supervisory user, with whom the software has established a supervisor-DEO

relationship, is given the privilege to

update, or delete records entered by DEOs.

These relationships are created through

the ‘Supervisor DEO Master’ sub menu

under the ‘Module Other Administration’

Menu.

Relation between Supervisors and DEOs (Contd…)

Userids and usernames of all DEOs under

a Supervisor are attached through this

form.

Once the relationship is established the

supervisor gets the privilege to update or delete records entered by DEOs

supervised by him/her.

This is helpful in making corrections when the Supervisory user checks data entered

by the DEOs.

Need for enhancement through Backend Privilege Management

facilities for privilege

management like

– Stored procedures – Views and

– Virtual Private Database (VPD)