Wednesday, July 23, 2008

Grid Control Levels of Security

A large site told me that their engineering team is concerned that once you login to Grid Control, "you are able to observe and manage all databases in the company and that is a security risk".

We need to make these people aware that there are two levels of security in Grid Control. First you login to the Grid Console using either the "sysman" login (not recommended for large sites, the sysman schema is the owner of the Grid Control repository) or a Grid Control Administrator login (recommended), and then you must also logon to the database.

So it is not possible that a login at the console is able to manage all databases in the whole compnay, unless some has saved the password for all databases when logging on. The rule of course is, never save the database password for the Dba user - always force a logon.

The second point to note is, we are able to create Target Groups in Grid control. Each database, listener, and host is a target. So we can group together targets and then assign to Grid Control Administrators that we can create easily on the console.

The DBA then logins to Grid Control using the partitcular console administrator login that is assigned to him/her. Such an admin is not sysman, so he/she can only see and manage the targets in the target group that is assigned to that console administrator. So it is not possible that a console login can even see all targets in the company, unless of course the login is the sysman, or the login is a console admin that has been purposely assigned ALL targets.

This I have been explaining to many clients in the past 3-4 years as a consultant, and even before that to project teams and the security team in my past companies.

You have the security capability, and you should use it. Take the case of a database - you can easily have all schemas assigned the DBA role, and I have seen that done by many development outfits just as a shortcut. Or you can have proper role-level security set up at the database level. So, just because every schema has been set up by a developer as a DBA, does it mean there is no security in the database? The truth is, there is enough security, and we should know the way to use it.

No comments:

Disclaimer

Opinions expressed in this blog are entirely the opinions of the writers of this blog, and do not reflect the position of Oracle corporation. No responsiblity will be taken for any resulting effects if any of the instructions or notes in the blog are followed. It is at the reader's own risk and liability.

Blog Archive