Principle of Least Privilege in Oracle Databases

The principle of least privilege (POLP) is an important concept in computer security, is to restrict users’ privileges to the minimum level they need to do their jobs.

According to the Principle of Least Privilege, permission must be granted as much as a user needs. In this way, whatever the user has to do, he will only have the authority to do so.

By applying this principle in databases, you can maximize security.

To apply the minimum principle of least privilege in Oracle databases:

  • Protect the data dictionary. When parameter 07_DICTIONARY_ACCESSIBILITY is FALSE, people who has ANY TABLE privileges are restricted from accessing data dictionary-based tables. The default value of the parameter is FALSE and should not be changed.
  • Revoke unnecessary privileges from the PUBLIC schema. The PUBLIC schema has execute privilege in packages such as UTL_SMTP, UTL_TCP, UTL_HTTP, and UTL_FILE. You should revoke if these privileges not required.
  • Use the Access Control List (ACL) to control Network access. As of version 11g, it is necessary to create a Network Access Control List and authorize the user to access the network. I recommend you read the article “What is Network Access Control List and How To Use It“.
  • Restrict access to operating system directories.
  • Restrict administrator privileges on users. Do not grant DBA permission to a normal user.
  • Restrict remote database authentication. REMOTE_OS_AUTHENT specifies whether remote clients will be authenticated with the value of the OS_AUTHENT_PREFIX parameter. The default value is FALSE and should be like this. If set to TRUE, users created as “CREATE USER… IDENTIFIED EXTERNALLY” will be able to log in to the system.
  • Define and follow audit policies for users’ critical operations. Follow SYS operations in your databases. To do so, the value of the AUDIT_SYS_OPERATIONS parameter must be TRUE. If the “unified auditing” feature announced in version 12.2 is used for monitoring, you can access monitoring records in the SYS.UNIFIED_AUDIT_TRAIL view.