Oracle Database 12c provides multi-layered security spanning preventive, detective, and administrative controls. Amongst others, Oracle Database 12c provides a new declarative and granular authorization model with the introduction of the Real Application Security feature. Oracle Database 12c Real Application Security (RAS) provides a declarative model that enables security policies that encompass not only the business objects being protected but also the principals (users and roles) that have permissions to operate on those business objects. RAS is more secure, scalable, and cost effective than traditional Oracle virtual private database technology, as it applies security policies at the database layer. So those policies are applied to the data and is not relying on the security built in into an application (like VPD).
Oracle Database Real Application Security is a database authorization model that:
Traditional security was designed for client/server systems. These systems had a significantly smaller number of users than newer applications designed for the Internet. When application developers found traditional security inadequate, they often moved it from the database layer to the application layer. To accomplish this, developers frequently built their own tables and defined their own application users.
Because security was encoded in the application layer, rather than in the database, application users and application roles were typically known only to the application. In other words, database users were not application-level users, hence the user identity was not known during the access control decision in the database.
Furthermore, database operations were limited to DDLs and DMLs that do not represent application-level tasks or operations, hence the operation context was also not known during the access control decision in the database. These practices exposed the database to vulnerability.
Real Application Security is designed to:
Using the traditional security model, it was often difficult to manage three-tier applications, especially when performing these security tasks:
Real Application Security enables these security tasks, which improve database security and performance:
Real Application Security is managed through a collection of PL/SQL and Java APIs. This architecture that enables you to configure its components—application users, application roles, sessions, and other security-related components. With Real Application Security, you configure application counterparts to the traditional user, role, and session, through the use of entities, which are stored in tables.
See bellow the various components used in Oracle Database Real Application Security. This includes application users, application roles, access control lists, security classes, and application sessions.
Web applications establishing application sessions to the database can now benefit from Real Application Security (RAS). A database authorization solution for end-to-end application security. For more information please review the following:
Find out more about Securing Oracle Database 12c, through the bellow Complimentary Technical Primer ebook
Use Code: db12c