Oracle Security the dbms_fga Package

  Oracle Security Tips by
  Burleson Consulting
 
 
 

  This is an excerpt from the
  bestselling book "Oracle
  Privacy Security Auditing", a complete Oracle security reference
  with working Oracle security scripts.


 

---

  The dbms_fga Package
  The central mechanism for the FGA is
  implemented in the package dbms_fga, where all the APIs are defined.
  Typically, a user other than SYS is given the responsibility of
  maintaining these policies. With the convention followed earlier, we
  will go with the user SECUSER, who is entrusted with much of the
  security features championed in this book. The following statement
  grants the user SECUSER enough authority to create and maintain the
  auditing facility.
  Grant execute
  on dbms_fga to secuser

  /
  The biggest problem with this package is that
  the polices are not like regular objects with owners. While a user
  with execute permission on this package can create policies, he or
  she can drop policies created by another user, too. This makes it
  extremely important to secure this package and limit the use to only
  a few users who are called to define the policies, such as SECUSER,
  a special user used in examples throughout this book.