Chapter 6. Profiles, Passwords, and Synonyms
Oracle provides many features that will help you secure your databases. Among these are the ability to create customized user profiles, the use of passwords and other forms of user account controls, and the use of object controls (i.e., views, roles, synonyms, and grants). This chapter describes profiles, passwords, and synonyms. You will find information on views, roles, and grants in earlier chapters.
There are two different forms of profiles available in an Oracle database: product profiles and system resource profiles. Product profiles , though the PRODUCT_PROFILE and USER_PROFILE tables, let you block access to individual Oracle products such as SQL, SQL*Plus, and PL/SQL; you can block by individual command, or you can block the entire product from access by a single user, a specific group of users, or everyone. System resource profiles , as the name implies, let you control the use of resources on your system. For example, through a system resource profile, you can limit the number of separate sessions a user can have at one time or the amount of CPU time which can be used on a per-session basis.
In Oracle8, passwords and password features have been enhanced substantially. The new password features include the ability to age and expire passwords, track password history, and lock accounts. Although these abilities have been around for years in many operating systems, they are new to Oracle databases and a very welcome addition to the stable of Oracle security measures. This chapter describes the new password features. It describes how to set password parameter values by creating or modifying a profile. It also discusses ways to avoid displaying a user's password in a command line when you need to perform work as a privileged user (for example, when testing an application).
This chapter also describes synonyms . We all use synonyms every day, but we may not even notice we're doing so. Nicknames, addresses, and telephone numbers are all synonyms that represent something else; given a telephone number or address, we may respond, "That is the number or address of XXX a specific person, business, or place." Even an Internet address, the Uniform Resource Locator (URL), represents a physical machine's address. Synonyms are used in an Oracle database to represent other objects in the same way a telephone number, address, or URL identifies a person or physical location. The primary function of a synonym in the database is to provide location transparency a nice buzzword to describe the fact that you don't know where the referenced object is located. For instance, by using synonyms, developers can write code that does not reference a specific schema. When the code moves into production, the objects can be placed in another schema and, as long as the synonyms point to the correct objects in the schema, the application will work as it did in development.