SlideShare a Scribd company logo

An additional security layer in adw cloud v2

Download as DOCX, PDF
T
Thomas Teske

Secure your data Next to all you've seen: make your policies for data usage aware of the context (who, when, why, how, .. ) fully context-aware. Stop leaving wide gaps in access rules. Define them once, change them - but all in ONE place for now and the future of your data. Note: scripts of the original MS Word document are NOT accessible in PDF conversion at slideshare. Scripts are at #GITHUB https://github.com/thomasteske/An_additional_security_layer_for_RDBMS

Technology
1 of 18
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL Securingyour data in Oracle AutonomousData Warehouse CloudService Say “Hello”tovirtual private database inthe cloud by ThomasTeske, Oracle, June 18th 2018 Introduction: Securitymatterstoeveryone.All cloudvendorsstriveforthe securityprotectionlevelsforthe cloud infrastructure,the service instances,datatransfersandproperrole basedaccesscontrols.See the followingreportfora recent securitydocument bykuppingercole. Itisonline available at http://www.oracle.com/us/products/database/kuppingercole-autonomous-database-4368706.pdf Thisdocumentshall triggeryourthoughts,turnyourwantsintoactionable sprintsdelivering actionable code.Justcode it… Is your data secure within your applicationor analytics? Withinanapplicationoranalytics-service itisequallyimportanttobe contextaware.  Who has the permissionon whichoperationonwhichsubsetof data?  Under whichcircumstancesisinallowed?  If it is allowed:isitinsix monthsalsoOKforyour auditor?Thus:alwaysenforce accessrules and monitorthemandanalysisthe monitoredusage.Otherwise youdon’tknow,whatis goingon.Any modernsecurityoperationscenterworksonsuchprinciples.  On topof that youwant to constrainall applicationusersasfollows: no one shall see the PIIrelevantattributes – inour example:name,address,city,phone-numberare shownbuttheyremainempty.  Some usersmightnotevenbe allowedtosee the countrynorregional information inour example:nationandregion are shownbuttheyremainempty.  Responsibilitiesof usersmightrestrictthemtoworkonlywithasubsetof the data - inour example:we onlyallowsome usersworkingwithdataforAMERICA and MIDDLE- EAST. All data shownhere issyntheticdata.The Oracle AutonomousDataWarehouse cloudservice (ADWC) comeswitha greatresource:the SSB schemafor testing.Itispopulatedwithasimple data model aboutcustomers,businessdates,products,suppliersandorderlinessreferringto them. ADWC isdescribedat https://cloud.oracle.com/en_US/datawarehouse
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL Example for VPD: One recipe implementingVPDisshownin ourexample: 1. DATA Creatingacopy of a subsetof the sample schemaSSBintoschemaADMIN. ADMIN ownsthe data beingsharedwiththe otherusers. 2. USERS Creatingtendatabase usersALICE,BOB, CHARLIE,… to demonstrate accessfor different persons/profiles. Alternativeapproach:use ONLYdatabase usersforapplicationroles.Thatrequiresthe VPD policiestodetermine permissionsinaslightlydifferentway. 3. METADATA Creatingusermeta-datadescribingthe (application) users. 4. METADATA Creatingpermission meta-datadescribingpermissionsonthe data model. 5. METADATA Assigningpermissionstothe database users. 6. VPD FUNCTIONS& POLICIES Create for eachtable the necessaryfunctionstodetermine the predicatestobe appliedbyVPD.Define the VPDpoliciesontablesusingthesefunctions. 7. ROLE Define arole inthe database containingthe basicaccessrightsto tables. ROLE ASSIGNMENTAssignthe database role tothe database users. 8. PUBLIC SYNONYMSCreatingpublicsynonymsforthe tables –simplifyaccess. Note:VPDimplementationscanbe done differentlyi.e.using differentMETA DATA model.
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL WHAT we protect We coverinour simple model dataaboutCUSTOMERs, SUPPLIERs,TIME, PRODUCTS and ORDERs. No matter,howpeople accessthe data:it mustremainsecuredwithnoexceptionspossible.
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL HOW we protect it METADATA drivessecurity.We keeprecordof PEOPLE,ROLESand ENTITLEMENTS i.e.assigned ROLES to PEOPLE.
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL HOW it works in the database In Oracle database we have VPD.It takesthe METADATA first.FUNCTIONsare automaticallyinvoked to access the METADATA.The FUNCTIONsdetermine,how toautomaticallyaddaccessrestrictions to SQL commands.All thishappenswithoutachance of interceptionnorexception. Thisis,how itworksfor an individualtable.
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL Since we have more than one table:all the rulesapply,whenevercombinationsof tablesare used.It happensall inthe backgroundautomatically.Rulescanbe muchmore complex thanthe oneswe usedhere. A caution:alwaysensure,thatrulescanbe explainedinsimple terms.If youcan’tdo that, than itis reallydifficulttocheck,if theyare correct.
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL 1. DATA Creatingacopy of a subsetof the sample schemaSSB As userADMIN run the following. CUSTOMER -- create a demo table from SSB demo schema create table customer as select * from ssb.customer; SUPPLIER -- create a demo table from SSB demo schema create table supplier as select * from ssb.supplier; DWDATE -- create a demo table from SSB demo schema create table dwdate as select * from ssb.dwdate; PART -- create a demo table from SSB demo schema create table part as select * from ssb.part; LINEORDER -- create a demo table from SSB demo schema -- original table is 6 billion records! create table lineorder as select * from ssb.lineorder where c_custkey <= 1000;
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL 2. USERS Creatingtendatabase users As userADMIN run the following. -- create users using simple passwords -- consider enabling password policies later on! create user alice identified by Welcome1234#; … -- allow them having sessions to the database grant CREATE SESSION to alice; …
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL 3. METADATA Creatinguser As userADMIN run the following.CreateaMETA-DATA table first. create table SOC_USER ( U_USER VARCHAR2(30 BYTE) NOT NULL ENABLE, U_NAME VARCHAR2(30 BYTE) NOT NULL ENABLE, U_DEPT VARCHAR2(30 BYTE) NOT NULL ENABLE, CONSTRAINT "SOC_USER_PK" PRIMARY KEY ("U_USER") ENABLE ); Nowadd METADATA describingthe rolesandresponsibilitiesof these applicationusers. insert into SOC_USER values ( 'ADMIN', 'Matthew and team', 'application data steward' ); insert into SOC_USER values ( 'ALICE', 'Alice', 'sales management, worldwide' ); insert into SOC_USER …
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL 4. METADATA Creatingmeta-datadescribingpermissions As userADMIN run the following.CreateaMETA-DATA table first. create table SOC_PROFILE ( P_PROFILE VARCHAR2(30 BYTE) NOT NULL ENABLE, P_NAME VARCHAR2(60 BYTE) NOT NULL ENABLE, P_PREDTYPE VARCHAR2(12 BYTE) NOT NULL ENABLE, P_PRED_TABLE VARCHAR2(60 BYTE) NOT NULL ENABLE, P_PRED_COLUMN VARCHAR2(60 BYTE) , P_PRED_COLVAL VARCHAR2(60 BYTE) , CONSTRAINT "SOC_PROFILE_PK" PRIMARY KEY ("P_PROFILE") ENABLE ); Insertdata describingthe permissionsinbusinessterms. -- allow access to all columns in CUSTOMER table insert into SOC_PROFILE values ( 'CUST_ALL_COLUMNS', 'see all columns in table', 'HIDE_COLS', 'CUSTOMER', NULL, NULL ); -- allow access to all columns excluding the PII columns in CUSTOMER table insert into SOC_PROFILE values ( 'CUST_NO_PII_COLUMNS', 'see no PII columns in table', 'HIDE_COLS', 'CUSTOMER', NULL, NULL ); -- allow access to all columns excluding the GEO columns in CUSTOMER table insert into SOC_PROFILE values ( 'CUST_NO_GEO_COLUMNS', 'see no GEOGRAPHY columns in table', 'HIDE_COLS', 'CUSTOMER', NULL, NULL ); -- allow access to all rows in CUSTOMER table insert into SOC_PROFILE values ( 'CUST_ALL_RECORDS', 'see all records in table', 'HIDE_ROWS', 'CUSTOMER', NULL, NULL ); -- allow access to C_REGION having value EUROPE only in CUSTOMER table insert into SOC_PROFILE values ( 'CUST_ONLY_EUROPE_ROWS', 'see only EUROPE rows in table', 'HIDE_ROWS', 'CUSTOMER', 'C_REGION', 'EUROPE' ); -- allow access to C_REGION having value AMERICA only in CUSTOMER table insert into SOC_PROFILE values ( 'CUST_ONLY_AMERICA_ROWS', 'see only AMERICA rows in table', 'HIDE_ROWS', 'CUSTOMER', 'C_REGION', 'AMERICA' ); -- allow access to C_REGION having value ASIA only in CUSTOMER table
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL insert into SOC_PROFILE values ( 'CUST_ONLY_ASIA_ROWS', 'see only ASIA rows in table', 'HIDE_ROWS', 'CUSTOMER', 'C_REGION', 'ASIA' ); -- allow access to C_REGION having value MIDDLE EAST only in CUSTOMER table -- This REGION is not used at all in our COUNTRY table! insert into SOC_PROFILE values ( 'CUST_ONLY_MIEAST_ROWS', 'see only MIDDLE EAST rows in table', 'HIDE_ROWS', 'CUSTOMER', 'C_REGION', 'MIDDLE EAST' ); -- allow access to C_REGION having value AFRICA only in CUSTOMER table insert into SOC_PROFILE values ( 'CUST_ONLY_AFRICA_ROWS', 'see only AFRICA rows in table', 'HIDE_ROWS', 'CUSTOMER', 'C_REGION', 'AFRICA' ); -- allow access to all columns in LINEORDER table insert into SOC_PROFILE values ( 'ORDERS_ALL_COLUMNS', 'see all columns in table', 'HIDE_COLS', 'LINEORDER', NULL, NULL ); -- allo access to all columns excluding the COMMERCIAL columns in LINEORDER table insert into SOC_PROFILE values ( 'ORDERS_NO_COMM_COLUMNS', 'see no COMMERCIAL columns in table', 'HIDE_COLS', 'LINEORDER', NULL, NULL ); -- allow access to all LO_ORDERDATE values in LINEORDER table insert into SOC_PROFILE values ( 'ORDERS_ALL_DAYS', 'see any data in table', 'HIDE_ROWS', 'LINEORDER', NULL, NULL ); -- allow access to LO_ORDERDATE having value 30 days only in LINEORDER table insert into SOC_PROFILE values ( 'ORDERS_30_DAYS_ONLY', 'see only last 30 days in table', 'HIDE_ROWS', 'LINEORDER', 'LO_ORDERDATE', '30' ); -- allow access to LO_ORDERDATE having value 60 days only in LINEORDER table insert into SOC_PROFILE values ( 'ORDERS_60_DAYS_ONLY', 'see only last 60 days in table', 'HIDE_ROWS', 'LINEORDER', 'LO_ORDERDATE', '60' ); -- allow access to LO_ORDERDATE having value 365 days only in LINEORDER table insert into SOC_PROFILE values ( 'ORDERS_365_DAYS_ONLY', 'see only last 365 days in table', 'HIDE_ROWS', 'LINEORDER', 'LO_ORDERDATE', '365' );
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL -- allow access to LO_ORDERDATE having value 3650 days only in LINEORDER table insert into SOC_PROFILE values ( 'ORDERS_3650_DAYS_ONLY', 'see only last 3650 days in table', 'HIDE_ROWS', 'LINEORDER', 'LO_ORDERDATE', '3650' ); -- allow access to all rows in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_ALL_RECORDS', 'see all records in table', 'HIDE_ROWS', 'SUPPLIER', NULL, NULL ); -- allow access to S_REGION having value EUROPE only in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_ONLY_EUROPE_ROWS', 'see only EUROPE rows in table', 'HIDE_ROWS', 'SUPPLIER', 'S_REGION', 'EUROPE' ); -- allow access to S_REGION having value AMERICA only in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_ONLY_AMERICA_ROWS', 'see only AMERICA rows in table', 'HIDE_ROWS', 'SUPPLIER', 'S_REGION', 'AMERICA' ); -- allow access to S_REGION having value ASIA only in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_ONLY_ASIA_ROWS', 'see only ASIA rows in table', 'HIDE_ROWS', 'SUPPLIER', 'S_REGION', 'ASIA' ); -- allow access to S_REGION having value MIDDLE EAST only in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_ONLY_MIEAST_ROWS', 'see only MIDDLE EAST rows in table', 'HIDE_ROWS', 'SUPPLIER', 'S_REGION', 'MIDDLE EAST' ); -- allow access to S_REGION having value AFRICA only in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_ONLY_AFRICA_ROWS', 'see only AFRICA rows in table', 'HIDE_ROWS', 'SUPPLIER', 'S_REGION', 'AFRICA' ); -- allow access to all columns in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_ALL_COLUMNS', 'see all columns in table', 'HIDE_COLS', 'SUPPLIER', NULL, NULL ); -- allow access to all columns excluding the PII columns in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_NO_PII_COLUMNS', 'see no PII columns in table', 'HIDE_COLS', 'SUPPLIER', NULL, NULL );
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL -- allow access to all columns excluding the GEO columns in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_NO_GEO_COLUMNS', 'see no GEOGRAPHY columns in table', 'HIDE_COLS', 'SUPPLIER', NULL, NULL ); Nowwe have usersand permissionsdefined.We now needtoassignpermissionstousers. All the steps to this pointare covered by two scripts:
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL 5. METADATA Assigningpermissions As userADMIN run the following.CreateaMETA-DATA table first. create table SOC_USER_PROFILE ( UP_USER VARCHAR2(30 BYTE) NOT NULL ENABLE, UP_PROFILE VARCHAR2(30 BYTE) NOT NULL ENABLE, CONSTRAINT "SOC_USER_PROFILE_PK" PRIMARY KEY ("UP_USER","UP_PROFILE") ENABLE, CONSTRAINT "UP_FK_USER" FOREIGN KEY ("UP_USER") REFERENCES "SOC_USER" ("U_USER") ENABLE, CONSTRAINT "UP_FK_PROFILE" FOREIGN KEY ("UP_PROFILE") REFERENCES "SOC_PROFILE" ("P_PROFILE") ENABLE ); Insertingactual assignments( akaentitlements) -- user ADMIN - no constraints on customers nor order details insert into SOC_USER_PROFILE values ( 'ADMIN', 'CUST_ALL_COLUMNS' ); insert into SOC_USER_PROFILE values ( 'ADMIN', 'CUST_ALL_RECORDS' ); insert into SOC_USER_PROFILE values ( 'ADMIN', 'ORDERS_ALL_COLUMNS' ); insert into SOC_USER_PROFILE values ( 'ADMIN', 'ORDERS_ALL_DAYS' ); insert into SOC_USER_PROFILE values ( 'ADMIN', 'SUPP_ALL_RECORDS' ); insert into SOC_USER_PROFILE values ( 'ADMIN', 'SUPP_ALL_COLUMNS' ); -- user ALICE - no constraints on customers nor order details insert into SOC_USER_PROFILE values ( 'ALICE', 'CUST_ALL_COLUMNS' ); insert into SOC_USER_PROFILE values ( 'ALICE', 'CUST_ALL_RECORDS' ); insert into SOC_USER_PROFILE values ( 'ALICE', 'ORDERS_ALL_COLUMNS' ); insert into SOC_USER_PROFILE values ( 'ALICE', 'ORDERS_ALL_DAYS' ); insert into SOC_USER_PROFILE values ( 'ALICE', 'SUPP_ALL_RECORDS' );
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL insert into SOC_USER_PROFILE values ( 'ALICE', 'SUPP_NO_PII_COLUMNS' ); and so on.The complete listof assignmentsiscreated inscript: We create a simple viewtodetail the insertedMETADATA. create or replace view soc_entitlements as select u.*, p.* from soc_user u, soc_profile p, soc_user_profile up where u.u_user = up.up_user and p.p_profile = up.up_profile; -- list the entitlements to see the overview select * from soc_entitlements order by u_user, p_profile;
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL 6. VPD FUNCTIONS& POLICIES Create for eachtable As userADMIN we define foreachtable the functionsandpoliciestobe applied. GeneratedVPDpredicatesmayuse one scalarvalue tocompare withor a listof scalars. Table inschema Scripts to define functionandpolicy DWDATE none CUSTOMER LINEORDER SUPPLIER DWDATE
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL 7. ROLE Define arole inthe database containingthe basicaccessrightsto tables& ROLE ASSIGNMENTAssignthe database role tothe database users. As userADMIN we define arole to accessthe objectsownedbythe usertothe application users. -- create a role to SELECT tables and views owned by ADMIN create role select_on_admin; grant select on dwdate to select_on_admin; grant select on part to select_on_admin; grant select on customer to select_on_admin; grant select on supplier to select_on_admin; grant select on lineorder to select_on_admin; Then we grant the role to the application users: -- grant role to users grant select_on_admin to alice; grant select_on_admin to bob; grant select_on_admin to charlie; grant select_on_admin to doug; grant select_on_admin to linda; grant select_on_admin to monica; grant select_on_admin to robert; grant select_on_admin to susan; grant select_on_admin to harry; grant select_on_admin to frank; These stepsare coveredinthe followingscript:
ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL 8. PUBLIC SYNONYMSCreatingpublicsynonymsforthe tables –simplifyaccess. As userADMIN run the following: create public synonym dwdate for admin.dwdate; create public synonym customer for admin.customer; create public synonym prod for admin.prod; create public synonym supplier for admin.supplier; create public synonym lineorder for admin.lineorder; Nowwe have createdthree METADATA tablesthat governwiththe helpof VPDfunctionsand policiesthe accesstotablesownedbyADMIN. That is all folks. Nowyoucan start designingyourown.Please note:all code iskeptmostsimple and maystrict codingguideline.Butyousee,how itisdone and can adapt as per your codingethics,standardsandsecurityrequirements.

Recommended

Artwork by Thomas Teske 2018
Artwork by Thomas Teske 2018Artwork by Thomas Teske 2018
Artwork by Thomas Teske 2018Thomas Teske
 
Graph-Based Machine Learning for Automated Health Care Services
Graph-Based Machine Learning for Automated Health Care ServicesGraph-Based Machine Learning for Automated Health Care Services
Graph-Based Machine Learning for Automated Health Care ServicesThomas Teske
 
Fraud Detection in Financial Services using Graph Analysis and Machine Learning
Fraud Detection in Financial Services using Graph Analysis and Machine LearningFraud Detection in Financial Services using Graph Analysis and Machine Learning
Fraud Detection in Financial Services using Graph Analysis and Machine LearningThomas Teske
 
SOUG Day - autonomous what is next
SOUG Day - autonomous what is nextSOUG Day - autonomous what is next
SOUG Day - autonomous what is nextThomas Teske
 
My artwork created in 2017
My artwork created in 2017My artwork created in 2017
My artwork created in 2017Thomas Teske
 
My artwork created in 2016
My artwork created in 2016My artwork created in 2016
My artwork created in 2016Thomas Teske
 
My artwork created in 2015
My artwork created in 2015My artwork created in 2015
My artwork created in 2015Thomas Teske
 
My artwork created in 2014
My artwork created in 2014My artwork created in 2014
My artwork created in 2014Thomas Teske
 

Recommended

Artwork by Thomas Teske 2018
Artwork by Thomas Teske 2018Artwork by Thomas Teske 2018
Artwork by Thomas Teske 2018Thomas Teske
 
Graph-Based Machine Learning for Automated Health Care Services
Graph-Based Machine Learning for Automated Health Care ServicesGraph-Based Machine Learning for Automated Health Care Services
Graph-Based Machine Learning for Automated Health Care ServicesThomas Teske
 
Fraud Detection in Financial Services using Graph Analysis and Machine Learning
Fraud Detection in Financial Services using Graph Analysis and Machine LearningFraud Detection in Financial Services using Graph Analysis and Machine Learning
Fraud Detection in Financial Services using Graph Analysis and Machine LearningThomas Teske
 
SOUG Day - autonomous what is next
SOUG Day - autonomous what is nextSOUG Day - autonomous what is next
SOUG Day - autonomous what is nextThomas Teske
 
My artwork created in 2017
My artwork created in 2017My artwork created in 2017
My artwork created in 2017Thomas Teske
 
My artwork created in 2016
My artwork created in 2016My artwork created in 2016
My artwork created in 2016Thomas Teske
 
My artwork created in 2015
My artwork created in 2015My artwork created in 2015
My artwork created in 2015Thomas Teske
 
My artwork created in 2014
My artwork created in 2014My artwork created in 2014
My artwork created in 2014Thomas Teske
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsUXDXConf
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FIDO Alliance
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfChristopherTHyatt
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKUXDXConf
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureFemke de Vroome
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

More Related Content

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsUXDXConf
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераMark Opanasiuk
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfFIDO Alliance
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FIDO Alliance
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeCzechDreamin
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutesconfluent
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024Stephanie Beckett
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfChristopherTHyatt
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfFIDO Alliance
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...FIDO Alliance
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKUXDXConf
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureFemke de Vroome
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
Intro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджераIntro in Product Management - Коротко про професію продакт менеджера
Intro in Product Management - Коротко про професію продакт менеджера
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 

Featured

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

An additional security layer in adw cloud v2

  • 1. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL Securingyour data in Oracle AutonomousData Warehouse CloudService Say “Hello”tovirtual private database inthe cloud by ThomasTeske, Oracle, June 18th 2018 Introduction: Securitymatterstoeveryone.All cloudvendorsstriveforthe securityprotectionlevelsforthe cloud infrastructure,the service instances,datatransfersandproperrole basedaccesscontrols.See the followingreportfora recent securitydocument bykuppingercole. Itisonline available at http://www.oracle.com/us/products/database/kuppingercole-autonomous-database-4368706.pdf Thisdocumentshall triggeryourthoughts,turnyourwantsintoactionable sprintsdelivering actionable code.Justcode it… Is your data secure within your applicationor analytics? Withinanapplicationoranalytics-service itisequallyimportanttobe contextaware.  Who has the permissionon whichoperationonwhichsubsetof data?  Under whichcircumstancesisinallowed?  If it is allowed:isitinsix monthsalsoOKforyour auditor?Thus:alwaysenforce accessrules and monitorthemandanalysisthe monitoredusage.Otherwise youdon’tknow,whatis goingon.Any modernsecurityoperationscenterworksonsuchprinciples.  On topof that youwant to constrainall applicationusersasfollows: no one shall see the PIIrelevantattributes – inour example:name,address,city,phone-numberare shownbuttheyremainempty.  Some usersmightnotevenbe allowedtosee the countrynorregional information inour example:nationandregion are shownbuttheyremainempty.  Responsibilitiesof usersmightrestrictthemtoworkonlywithasubsetof the data - inour example:we onlyallowsome usersworkingwithdataforAMERICA and MIDDLE- EAST. All data shownhere issyntheticdata.The Oracle AutonomousDataWarehouse cloudservice (ADWC) comeswitha greatresource:the SSB schemafor testing.Itispopulatedwithasimple data model aboutcustomers,businessdates,products,suppliersandorderlinessreferringto them. ADWC isdescribedat https://cloud.oracle.com/en_US/datawarehouse
  • 2. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL Example for VPD: One recipe implementingVPDisshownin ourexample: 1. DATA Creatingacopy of a subsetof the sample schemaSSBintoschemaADMIN. ADMIN ownsthe data beingsharedwiththe otherusers. 2. USERS Creatingtendatabase usersALICE,BOB, CHARLIE,… to demonstrate accessfor different persons/profiles. Alternativeapproach:use ONLYdatabase usersforapplicationroles.Thatrequiresthe VPD policiestodetermine permissionsinaslightlydifferentway. 3. METADATA Creatingusermeta-datadescribingthe (application) users. 4. METADATA Creatingpermission meta-datadescribingpermissionsonthe data model. 5. METADATA Assigningpermissionstothe database users. 6. VPD FUNCTIONS& POLICIES Create for eachtable the necessaryfunctionstodetermine the predicatestobe appliedbyVPD.Define the VPDpoliciesontablesusingthesefunctions. 7. ROLE Define arole inthe database containingthe basicaccessrightsto tables. ROLE ASSIGNMENTAssignthe database role tothe database users. 8. PUBLIC SYNONYMSCreatingpublicsynonymsforthe tables –simplifyaccess. Note:VPDimplementationscanbe done differentlyi.e.using differentMETA DATA model.
  • 3. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL WHAT we protect We coverinour simple model dataaboutCUSTOMERs, SUPPLIERs,TIME, PRODUCTS and ORDERs. No matter,howpeople accessthe data:it mustremainsecuredwithnoexceptionspossible.
  • 4. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL HOW we protect it METADATA drivessecurity.We keeprecordof PEOPLE,ROLESand ENTITLEMENTS i.e.assigned ROLES to PEOPLE.
  • 5. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL HOW it works in the database In Oracle database we have VPD.It takesthe METADATA first.FUNCTIONsare automaticallyinvoked to access the METADATA.The FUNCTIONsdetermine,how toautomaticallyaddaccessrestrictions to SQL commands.All thishappenswithoutachance of interceptionnorexception. Thisis,how itworksfor an individualtable.
  • 6. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL Since we have more than one table:all the rulesapply,whenevercombinationsof tablesare used.It happensall inthe backgroundautomatically.Rulescanbe muchmore complex thanthe oneswe usedhere. A caution:alwaysensure,thatrulescanbe explainedinsimple terms.If youcan’tdo that, than itis reallydifficulttocheck,if theyare correct.
  • 7. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL 1. DATA Creatingacopy of a subsetof the sample schemaSSB As userADMIN run the following. CUSTOMER -- create a demo table from SSB demo schema create table customer as select * from ssb.customer; SUPPLIER -- create a demo table from SSB demo schema create table supplier as select * from ssb.supplier; DWDATE -- create a demo table from SSB demo schema create table dwdate as select * from ssb.dwdate; PART -- create a demo table from SSB demo schema create table part as select * from ssb.part; LINEORDER -- create a demo table from SSB demo schema -- original table is 6 billion records! create table lineorder as select * from ssb.lineorder where c_custkey <= 1000;
  • 8. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL 2. USERS Creatingtendatabase users As userADMIN run the following. -- create users using simple passwords -- consider enabling password policies later on! create user alice identified by Welcome1234#; … -- allow them having sessions to the database grant CREATE SESSION to alice; …
  • 9. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL 3. METADATA Creatinguser As userADMIN run the following.CreateaMETA-DATA table first. create table SOC_USER ( U_USER VARCHAR2(30 BYTE) NOT NULL ENABLE, U_NAME VARCHAR2(30 BYTE) NOT NULL ENABLE, U_DEPT VARCHAR2(30 BYTE) NOT NULL ENABLE, CONSTRAINT "SOC_USER_PK" PRIMARY KEY ("U_USER") ENABLE ); Nowadd METADATA describingthe rolesandresponsibilitiesof these applicationusers. insert into SOC_USER values ( 'ADMIN', 'Matthew and team', 'application data steward' ); insert into SOC_USER values ( 'ALICE', 'Alice', 'sales management, worldwide' ); insert into SOC_USER …
  • 10. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL 4. METADATA Creatingmeta-datadescribingpermissions As userADMIN run the following.CreateaMETA-DATA table first. create table SOC_PROFILE ( P_PROFILE VARCHAR2(30 BYTE) NOT NULL ENABLE, P_NAME VARCHAR2(60 BYTE) NOT NULL ENABLE, P_PREDTYPE VARCHAR2(12 BYTE) NOT NULL ENABLE, P_PRED_TABLE VARCHAR2(60 BYTE) NOT NULL ENABLE, P_PRED_COLUMN VARCHAR2(60 BYTE) , P_PRED_COLVAL VARCHAR2(60 BYTE) , CONSTRAINT "SOC_PROFILE_PK" PRIMARY KEY ("P_PROFILE") ENABLE ); Insertdata describingthe permissionsinbusinessterms. -- allow access to all columns in CUSTOMER table insert into SOC_PROFILE values ( 'CUST_ALL_COLUMNS', 'see all columns in table', 'HIDE_COLS', 'CUSTOMER', NULL, NULL ); -- allow access to all columns excluding the PII columns in CUSTOMER table insert into SOC_PROFILE values ( 'CUST_NO_PII_COLUMNS', 'see no PII columns in table', 'HIDE_COLS', 'CUSTOMER', NULL, NULL ); -- allow access to all columns excluding the GEO columns in CUSTOMER table insert into SOC_PROFILE values ( 'CUST_NO_GEO_COLUMNS', 'see no GEOGRAPHY columns in table', 'HIDE_COLS', 'CUSTOMER', NULL, NULL ); -- allow access to all rows in CUSTOMER table insert into SOC_PROFILE values ( 'CUST_ALL_RECORDS', 'see all records in table', 'HIDE_ROWS', 'CUSTOMER', NULL, NULL ); -- allow access to C_REGION having value EUROPE only in CUSTOMER table insert into SOC_PROFILE values ( 'CUST_ONLY_EUROPE_ROWS', 'see only EUROPE rows in table', 'HIDE_ROWS', 'CUSTOMER', 'C_REGION', 'EUROPE' ); -- allow access to C_REGION having value AMERICA only in CUSTOMER table insert into SOC_PROFILE values ( 'CUST_ONLY_AMERICA_ROWS', 'see only AMERICA rows in table', 'HIDE_ROWS', 'CUSTOMER', 'C_REGION', 'AMERICA' ); -- allow access to C_REGION having value ASIA only in CUSTOMER table
  • 11. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL insert into SOC_PROFILE values ( 'CUST_ONLY_ASIA_ROWS', 'see only ASIA rows in table', 'HIDE_ROWS', 'CUSTOMER', 'C_REGION', 'ASIA' ); -- allow access to C_REGION having value MIDDLE EAST only in CUSTOMER table -- This REGION is not used at all in our COUNTRY table! insert into SOC_PROFILE values ( 'CUST_ONLY_MIEAST_ROWS', 'see only MIDDLE EAST rows in table', 'HIDE_ROWS', 'CUSTOMER', 'C_REGION', 'MIDDLE EAST' ); -- allow access to C_REGION having value AFRICA only in CUSTOMER table insert into SOC_PROFILE values ( 'CUST_ONLY_AFRICA_ROWS', 'see only AFRICA rows in table', 'HIDE_ROWS', 'CUSTOMER', 'C_REGION', 'AFRICA' ); -- allow access to all columns in LINEORDER table insert into SOC_PROFILE values ( 'ORDERS_ALL_COLUMNS', 'see all columns in table', 'HIDE_COLS', 'LINEORDER', NULL, NULL ); -- allo access to all columns excluding the COMMERCIAL columns in LINEORDER table insert into SOC_PROFILE values ( 'ORDERS_NO_COMM_COLUMNS', 'see no COMMERCIAL columns in table', 'HIDE_COLS', 'LINEORDER', NULL, NULL ); -- allow access to all LO_ORDERDATE values in LINEORDER table insert into SOC_PROFILE values ( 'ORDERS_ALL_DAYS', 'see any data in table', 'HIDE_ROWS', 'LINEORDER', NULL, NULL ); -- allow access to LO_ORDERDATE having value 30 days only in LINEORDER table insert into SOC_PROFILE values ( 'ORDERS_30_DAYS_ONLY', 'see only last 30 days in table', 'HIDE_ROWS', 'LINEORDER', 'LO_ORDERDATE', '30' ); -- allow access to LO_ORDERDATE having value 60 days only in LINEORDER table insert into SOC_PROFILE values ( 'ORDERS_60_DAYS_ONLY', 'see only last 60 days in table', 'HIDE_ROWS', 'LINEORDER', 'LO_ORDERDATE', '60' ); -- allow access to LO_ORDERDATE having value 365 days only in LINEORDER table insert into SOC_PROFILE values ( 'ORDERS_365_DAYS_ONLY', 'see only last 365 days in table', 'HIDE_ROWS', 'LINEORDER', 'LO_ORDERDATE', '365' );
  • 12. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL -- allow access to LO_ORDERDATE having value 3650 days only in LINEORDER table insert into SOC_PROFILE values ( 'ORDERS_3650_DAYS_ONLY', 'see only last 3650 days in table', 'HIDE_ROWS', 'LINEORDER', 'LO_ORDERDATE', '3650' ); -- allow access to all rows in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_ALL_RECORDS', 'see all records in table', 'HIDE_ROWS', 'SUPPLIER', NULL, NULL ); -- allow access to S_REGION having value EUROPE only in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_ONLY_EUROPE_ROWS', 'see only EUROPE rows in table', 'HIDE_ROWS', 'SUPPLIER', 'S_REGION', 'EUROPE' ); -- allow access to S_REGION having value AMERICA only in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_ONLY_AMERICA_ROWS', 'see only AMERICA rows in table', 'HIDE_ROWS', 'SUPPLIER', 'S_REGION', 'AMERICA' ); -- allow access to S_REGION having value ASIA only in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_ONLY_ASIA_ROWS', 'see only ASIA rows in table', 'HIDE_ROWS', 'SUPPLIER', 'S_REGION', 'ASIA' ); -- allow access to S_REGION having value MIDDLE EAST only in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_ONLY_MIEAST_ROWS', 'see only MIDDLE EAST rows in table', 'HIDE_ROWS', 'SUPPLIER', 'S_REGION', 'MIDDLE EAST' ); -- allow access to S_REGION having value AFRICA only in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_ONLY_AFRICA_ROWS', 'see only AFRICA rows in table', 'HIDE_ROWS', 'SUPPLIER', 'S_REGION', 'AFRICA' ); -- allow access to all columns in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_ALL_COLUMNS', 'see all columns in table', 'HIDE_COLS', 'SUPPLIER', NULL, NULL ); -- allow access to all columns excluding the PII columns in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_NO_PII_COLUMNS', 'see no PII columns in table', 'HIDE_COLS', 'SUPPLIER', NULL, NULL );
  • 13. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL -- allow access to all columns excluding the GEO columns in SUPPLIER table insert into SOC_PROFILE values ( 'SUPP_NO_GEO_COLUMNS', 'see no GEOGRAPHY columns in table', 'HIDE_COLS', 'SUPPLIER', NULL, NULL ); Nowwe have usersand permissionsdefined.We now needtoassignpermissionstousers. All the steps to this pointare covered by two scripts:
  • 14. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL 5. METADATA Assigningpermissions As userADMIN run the following.CreateaMETA-DATA table first. create table SOC_USER_PROFILE ( UP_USER VARCHAR2(30 BYTE) NOT NULL ENABLE, UP_PROFILE VARCHAR2(30 BYTE) NOT NULL ENABLE, CONSTRAINT "SOC_USER_PROFILE_PK" PRIMARY KEY ("UP_USER","UP_PROFILE") ENABLE, CONSTRAINT "UP_FK_USER" FOREIGN KEY ("UP_USER") REFERENCES "SOC_USER" ("U_USER") ENABLE, CONSTRAINT "UP_FK_PROFILE" FOREIGN KEY ("UP_PROFILE") REFERENCES "SOC_PROFILE" ("P_PROFILE") ENABLE ); Insertingactual assignments( akaentitlements) -- user ADMIN - no constraints on customers nor order details insert into SOC_USER_PROFILE values ( 'ADMIN', 'CUST_ALL_COLUMNS' ); insert into SOC_USER_PROFILE values ( 'ADMIN', 'CUST_ALL_RECORDS' ); insert into SOC_USER_PROFILE values ( 'ADMIN', 'ORDERS_ALL_COLUMNS' ); insert into SOC_USER_PROFILE values ( 'ADMIN', 'ORDERS_ALL_DAYS' ); insert into SOC_USER_PROFILE values ( 'ADMIN', 'SUPP_ALL_RECORDS' ); insert into SOC_USER_PROFILE values ( 'ADMIN', 'SUPP_ALL_COLUMNS' ); -- user ALICE - no constraints on customers nor order details insert into SOC_USER_PROFILE values ( 'ALICE', 'CUST_ALL_COLUMNS' ); insert into SOC_USER_PROFILE values ( 'ALICE', 'CUST_ALL_RECORDS' ); insert into SOC_USER_PROFILE values ( 'ALICE', 'ORDERS_ALL_COLUMNS' ); insert into SOC_USER_PROFILE values ( 'ALICE', 'ORDERS_ALL_DAYS' ); insert into SOC_USER_PROFILE values ( 'ALICE', 'SUPP_ALL_RECORDS' );
  • 15. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL insert into SOC_USER_PROFILE values ( 'ALICE', 'SUPP_NO_PII_COLUMNS' ); and so on.The complete listof assignmentsiscreated inscript: We create a simple viewtodetail the insertedMETADATA. create or replace view soc_entitlements as select u.*, p.* from soc_user u, soc_profile p, soc_user_profile up where u.u_user = up.up_user and p.p_profile = up.up_profile; -- list the entitlements to see the overview select * from soc_entitlements order by u_user, p_profile;
  • 16. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL 6. VPD FUNCTIONS& POLICIES Create for eachtable As userADMIN we define foreachtable the functionsandpoliciestobe applied. GeneratedVPDpredicatesmayuse one scalarvalue tocompare withor a listof scalars. Table inschema Scripts to define functionandpolicy DWDATE none CUSTOMER LINEORDER SUPPLIER DWDATE
  • 17. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL 7. ROLE Define arole inthe database containingthe basicaccessrightsto tables& ROLE ASSIGNMENTAssignthe database role tothe database users. As userADMIN we define arole to accessthe objectsownedbythe usertothe application users. -- create a role to SELECT tables and views owned by ADMIN create role select_on_admin; grant select on dwdate to select_on_admin; grant select on part to select_on_admin; grant select on customer to select_on_admin; grant select on supplier to select_on_admin; grant select on lineorder to select_on_admin; Then we grant the role to the application users: -- grant role to users grant select_on_admin to alice; grant select_on_admin to bob; grant select_on_admin to charlie; grant select_on_admin to doug; grant select_on_admin to linda; grant select_on_admin to monica; grant select_on_admin to robert; grant select_on_admin to susan; grant select_on_admin to harry; grant select_on_admin to frank; These stepsare coveredinthe followingscript:
  • 18. ThomasTeske,Oracle – 2018-06-18 – audience:public–keywords :database,security,autonomous thomas.teske@oracle.com @ThomasTeskeORCL 8. PUBLIC SYNONYMSCreatingpublicsynonymsforthe tables –simplifyaccess. As userADMIN run the following: create public synonym dwdate for admin.dwdate; create public synonym customer for admin.customer; create public synonym prod for admin.prod; create public synonym supplier for admin.supplier; create public synonym lineorder for admin.lineorder; Nowwe have createdthree METADATA tablesthat governwiththe helpof VPDfunctionsand policiesthe accesstotablesownedbyADMIN. That is all folks. Nowyoucan start designingyourown.Please note:all code iskeptmostsimple and maystrict codingguideline.Butyousee,how itisdone and can adapt as per your codingethics,standardsandsecurityrequirements.