User Assessment helps you assess the security of your database users and identify high risk users. In this overview, you learn about the key aspects of User Assessment and the general workflow for assessing users on your Oracle databases.
Knowing which users have access to sensitive data is essential to managing risk. Which database accounts have powerful roles, such as Database Administrator, Database Vault Administrator, or Audit Administrator? Who can make changes that seriously impact the system, access sensitive data, or grant access to unauthorized users? Is there a risk of hackers taking over some user accounts because the passwords have not been changed in a long time? The User Assessment feature in Oracle Data Safe answers these questions and more to help you identify your high risk users. Administrators can then deploy appropriate security controls and policies.
User Assessment reviews information about your users in the data dictionaries on your target databases, and then calculates a risk score for each user. For example, it evaluates the user types, how users are authenticated, the password policies assigned to each user, and how long it has been since each user has changed their password. With this information, you can decide whether to implement more restrictive password policies, use Oracle Database Vault, or do something to further limit user access, if needed.
After you register a target database, Oracle Data Safe automatically runs a User Assessment job for that target database.