Examine the code.
CREATE ROLE readonly IDENTIFIED USING app.chk_readwrite ;
CREATE ROLE readwrite IDENTIFIED USING app.chk_readwrite ;
CREATE OR REPLACE PROCEDURE app.chk_readwrite
AUTHID CURRENT_USER IS
ipchk STRING(30);
BEGIN
IF says context (‘USERENV’, ‘ISDBA’=’TRUE’
THEN DBMS SESSION.SET_ROLE (‘READWRITE’) ;
ELSE DMBS_SESSION_SET_ROLE )’READONLY’) ;
END IF ;
END;
/
Which three statements correctly describe the Secure Application role definition?
(Choose three.)
(The SYS_CONTEXT calls returns whether or not the session is a true DBA session.)
A. No user or application has to remember or hide a password.
B. It prevents everyone except a true DBA session from acquiring the READWRITE role.
C. app.chk_readwrite is called whenever a user tries to access rows protected by the READONLY or READWRITE label.
D. app.chk_readwrite is called by users or applications when they want to enable the READONLY or READWRITE role.
Answer: A, B, D
Explanation:
Oracle8i introduced the Secure Application Context to enable an application to tailor access control based on using the attributes of the user’s session. Oracle prevents users from bypassing privileges validation procedure by restricting application attribute changes to the procedure that implements the context. Oracle9i takes the concept of the application context one step further; it provides a means of associating the application context with the security role.
Incorrect Answers
C: App.chk_readwrite will not be called whenever a user tries to access rows protected by the READONLY or READWRITE label. It will be called only when they want to enable the READONLY or READWRITE role.
OCP Oracle9i Database: New Features for Administrators, Daniel Benjamin, p. 10-14
Chapter 1: Security Enhancements
Oracle 9i New Features, Robert Freeman, p. 132-135
Chapter 5: Miscellaneous Oracle9i Features and Enhancements
No comments:
Post a Comment