To avoid potential security threats, customers operating DIVArchive must be concerned about authentication and authorization of the system.
These security threats can be minimized by proper configuration and by following the postinstallation checklist in Appendix A.
The critical security features that provide protections against security threats are:
Authentication - Ensures that only authorized individuals are granted access to the system and data.
Authorization - Access control to system privileges and data. This feature builds on authentication to ensure that individuals get only appropriate access.
The DIVArchive Control GUI provides three fixed user profiles (Administrator, Operator and User). The Administrator and Operator accounts require a password to obtain access. You must assign an Administrator and (or) Operator password in the Configuration Utility before using these profiles.
Both the Administrator and Operator account passwords must be changed every 180 days (or before). Passwords must be made available for Oracle Support if needed.
Access control in DIVArchive is divided into three profiles. The Administrator and Operator accounts require a password to obtain access. You must assign an Administrator and (or) Operator account password in the Configuration Utility before using these profiles.
User - After the connection to the DIVArchive Manager is established, the Control GUI will only allow the user to monitor DIVArchive operations, and retrieve data from the database. This is known as the User Profile. Not all functions that issue commands to DIVArchive are accessible while in the User profile mode, enabling situations where monitoring is required but no commands are permitted to be sent to DIVArchive.
Administrator - To issue requests to DIVArchive, such as archive or restore requests, or to eject a tape from a library, you must change to the Administrator Profile. The Administrator Profile is password protected. The password for this profile must be assigned in the Configuration Utility before using the profile. For more information, refer to the Oracle DIVArchive 7.4 Customer Documentation Library at:
https://docs.oracle.com/en/storage/#csm
Operator - In addition to User Profile permissions, the operator profile provides access to the Object Transfer Utility and requires a password configured in the Configuration Utility before using the profile.