浅谈YashanDB三权分立
什么是三权分立?
三权分立,即是对DBA的职责进行划分,定义不同管理职位具备并行使不同角色,互相限制和监督,从机制上尽可能地防止因误操作删除或修改不属于职责范围内的数据或对象,保障系统整体安全,
内置角色
YashanDB内置了不同管理权限的角色,方便用户进行不同职责的管理员定义,管理角色列表如下:
| 角色名称 | 权限描述 |
| DBA | 未开启三权分立:具有几乎所有权限(除SHUTDOWN)。 开启三权分立:不具有审计、安全管理相关权限,只对当前用户schema下的表、索引、自定义视图具有DML权限,但仍具有系统表与系统视图的查看权限,以及数据库的DDL权限。 |
| AUDIT_ADMIN | 具有创建、删除、使能、修改、去使能审计策略等与审计相关的权限。 |
| SECURITY_ADMIN | 具有管理用户、角色与权限等安全相关的权限。 |
| SYSDBA | 具有执行SHUTDOWN、备份、BUILD(包括yasrman、yasbak备份工具)的权限。 |
| SYSOPER | 只具有执行SHUTDOWN的权限。 |
| SYSBACKUP | 只具有执行备份、BUILD(包括yasrman、yasbak备份工具)权限。 |
如何使用?
数据库参数ENABLE_SEPARATE_DUTY控制三权分立开关,默认关闭,重启生效
--数据库参数修改方式
ALTER SYSTEM SET ENABLE_SEPARATE_DUTY=true SCOPE=SPFILE;
使用示例
1.确认数据库没有打开三权分立开关
SQL> show parameter ENABLE_SEPARATE_DUTY
NAME VALUE
---------------------------------------------------------------- ----------------------------------------------------------------
ENABLE_SEPARATE_DUTY FALSE
1 row fetched.
2.创建测试用户并分别赋予内置权限
SQL> CREATE USER user1 IDENTIFIED BY "user1";
Succeed.
SQL> CREATE USER user2 IDENTIFIED BY "user2";
Succeed.
SQL> CREATE USER user3 IDENTIFIED BY "user3";
Succeed.
--user1用户赋dba角色权限
SQL> GRANT dba TO user1;
Succeed.
--user2用户赋审计相关权限
SQL> GRANT AUDIT_ADMIN TO user2;
Succeed.
--user3用户赋安全相关权限
SQL> GRANT SECURITY_ADMIN TO user3;
Succeed.
SQL> GRANT RESOURCE TO user3;
Succeed.
3.查看视图
--查看视图
SQL> select * from DBA_ROLE_PRIVS;
GRANTEE GRANTED_ROLE ADMIN_OPTION
---------------------------------------------------------------- ---------------------------------------------------------------- ------------
USER1 DBA N
USER2 AUDIT_ADMIN N
USER3 SECURITY_ADMIN N
USER3 RESOURCE N
3 rows fetched.
4.测试user1用户具有权限相关、审计相关的权限操作
SQL> conn user1/user1
Connected to:
YashanDB Server Enterprise Edition Release 23.2.1.100 x86_64 - X86 64bit Linux
SQL> grant select any table to user2;
Succeed.
SQL> revoke select any table from user2;
Succeed.
SQL> create AUDIT POLICY p1 PRIVILEGES SELECT ANY TABLE, DELETE ANY TABLE;
Succeed.
SQL> drop audit policy p1;
Succeed.
5.测试user2用户仅具有审计相关权限,无安全相关权限
SQL> conn user2/user2
Connected to:
YashanDB Server Enterprise Edition Release 23.2.1.100 x86_64 - X86 64bit Linux
SQL> create AUDIT POLICY p1 PRIVILEGES SELECT ANY TABLE, DELETE ANY TABLE;
Succeed.
SQL> drop audit policy p1;
Succeed.
--user2无法授权权限
SQL> grant select any table to user3;
YAS-02213 insufficient privileges
6.测试user3用户仅安全相关权限,无审计相关权限
SQL> conn user3/user3
Connected to:
YashanDB Server Enterprise Edition Release 23.2.1.100 x86_64 - X86 64bit Linux
SQL> grant select any table to user2;
Succeed.
SQL> revoke select any table from user2;
Succeed.
SQL> create AUDIT POLICY p1 PRIVILEGES SELECT ANY TABLE, DELETE ANY TABLE;
YAS-02213 insufficient privileges
7.开启三权分立开关
SQL> conn / as sysdba
Connected to:
YashanDB Server Enterprise Edition Release 23.2.1.100 x86_64 - X86 64bit Linux
SQL> ALTER SYSTEM SET ENABLE_SEPARATE_DUTY=true SCOPE=SPFILE;
Succeed.
SQL> shutdown immediate;
Succeed.
8.测试user1用户无权限相关和审计相关的权限操作
SQL> conn user1/user1
Connected to:
YashanDB Server Enterprise Edition Release 23.2.1.100 x86_64 - X86 64bit Linux
SQL> grant select any table to user2;
YAS-02213 insufficient privileges
SQL> create AUDIT POLICY p1 PRIVILEGES SELECT ANY TABLE, DELETE ANY TABLE;
YAS-02213 insufficient privileges
9.测试user2、user3用户权限无变化
SQL> conn user2/user2
Connected to:
YashanDB Server Enterprise Edition Release 23.2.1.100 x86_64 - X86 64bit Linux
SQL> create AUDIT POLICY p2 PRIVILEGES SELECT ANY TABLE;
Succeed.
SQL> drop audit policy p2;
Succeed.
--user2无安全相关权限
SQL> grant select any table to user1;
YAS-02213 insufficient privileges
SQL> conn user3/user3
Connected to:
YashanDB Server Enterprise Edition Release 23.2.1.100 x86_64 - X86 64bit Linux
SQL> grant select any table to user1;
Succeed.
SQL> revoke select any table from user1;
Succeed.
--user3无审计相关权限
SQL> create AUDIT POLICY p3 PRIVILEGES DELETE ANY TABLE;
YAS-02213 insufficient privileges
--user3用户正常创建表,普通用户权限无变化
SQL> create table t (c1 int);
Succeed.
总结
-
三权分立限制了用户对数据库的访问和操作,可以精确控制用户对数据库的操作,提升了数据库的安全性。
-
开启三权分立影响的是各管理用户的系统特权,普通用户以及用户下的对象特权不会受到影响
