Creating a Secure Application Role to Control Access to Applications
See Also: ■
■
Chapter 4, "Configuring Privilege and Role Authorization" for a complete discussion of creating, enabling, and disabling roles, and granting and revoking privileges "Finding Information About User Privileges and Roles" on page 4-57 for more information about the security uses of the ROLE_TAB_PRIVS, ROLE_SYS_PRIVS, and DBA_ROLE_PRIVS data dictionary views
Creating a Secure Application Role to Control Access to Applications As explained in "Further Securing Role Privileges by Using Secure Application Roles" on page 4-19, a secure application role is a role that is only enabled through its associated PL/SQL package. This package defines the policy needed to control access to an application. This section includes the following topics: ■
Step 1: Create the Secure Application Role
■
Step 2: Create a PL/SQL Package to Define the Access Policy for the Application See Also: Oracle Database 2 Day + Security Guide for an example of
how to create a secure application role
Step 1: Create the Secure Application Role You create a secure application role by using the SQL statement CREATE ROLE with the IDENTIFIED USING clause. You must have the CREATE ROLE system privilege to execute this statement. Normally, you create this role and its associated package in the schema of the security administrator. For example, to create a secure application role called hr_admin that is associated with the sec_mgr.hr_admin package, follow these steps: 1.
Create the security application role as follows: CREATE ROLE hr_admin IDENTIFIED USING sec_mgr.hr_admin;
This statement indicates the following: ■ ■
2.
The role hr_admin to be created is a secure application role. The role can only be enabled by modules defined inside the PL/SQL package system.hr_admin. At this stage, this package does not need to exist; "Step 2: Create a PL/SQL Package to Define the Access Policy for the Application" on page 5-5 describes how to create the package.
Grant the security application role the privileges you would normally associate with this role. For example, to grant the hr_admin role SELECT, INSERT, UPDATE, and DELETE privileges on the HR.EMPLOYEES table, you enter the following statement: GRANT SELECT, INSERT, UPDATE, DELETE ON hr.employees TO hr_admin;
You do not need to grant the role directly to the user. The PL/SQL package will do that for you, assuming the user passes its security policies. If your site requires that you directly grant users the role, then you must disable the role for that user. This is because the role needs to be initially disabled before the security policies in
5-4
Oracle Database Security Guide