Oracle Security the dbms_fga Package
Oracle Security Tips by
This is an excerpt from the
bestselling book "Oracle
Privacy Security Auditing", a complete Oracle security reference
with working Oracle security scripts.
The dbms_fga Package
The central mechanism for the FGA is
implemented in the package dbms_fga, where all the APIs are defined.
Typically, a user other than SYS is given the responsibility of
maintaining these policies. With the convention followed earlier, we
will go with the user SECUSER, who is entrusted with much of the
security features championed in this book. The following statement
grants the user SECUSER enough authority to create and maintain the
on dbms_fga to secuser
The biggest problem with this package is that
the polices are not like regular objects with owners. While a user
with execute permission on this package can create policies, he or
she can drop policies created by another user, too. This makes it
extremely important to secure this package and limit the use to only
a few users who are called to define the policies, such as SECUSER,
a special user used in examples throughout this book.