Monitor Database Security Configuration

As part of the security tasks for a Managed Database, you can monitor users, roles, profiles, and audit settings.

Monitoring users, roles, profiles, and audit settings is a critical aspect of database security management. In the Security section, you can review these details to validate access controls, confirm enforcement of password and resource policies, and ensure that auditing is enabled as required.

Before you go to the Security section to monitor database security configuration, you must ensure that you have the following privileges:

Grant READ ON <following database objects> TO <monitoring user>

• DBA_USERS
• DBA_ROLE_PRIVS
• DBA_TAB_PRIVS
• DBA_SYS_PRIVS
• DBA_RSRC_CONSUMER_GROUP_PRIVS
• PROXY_USERS
• DBA_CONTAINER_DATA
• DBA_PROFILES
• DBA_USERS_WITH_DEFPWD
• V$PWFILE_USERS

Here's an example:

Grant READ ON DBA_USERS TO DBSNMP

To go to the Security section, go to the Managed database details page and click Security on the left pane under Resources.

The Security section has the following tabs:

• Summary: Provides a consolidated, high-level view of the security configuration for the Managed Database. The charts and detailed information provide an at-a-glance assessment of the database’s security posture.

  The Summary tab has the following sections:

  • Users by status: Displays a graphical distribution of database users based on account status.
  • Roles by authentication type: Displays a graphical categorization of roles based on authentication type.
  • Profiles by status: Displays a graphical representation of the number of profiles that are currently in use versus unused profiles.
  • Users: Displays user-related metrics such as the number of active default accounts, inactive user accounts, and accounts that expired or were locked within the last 24 hours. You can click the value for each metric to view the corresponding panel with additional details.
  • Roles: Displays role-related metrics, including the number of users granted various roles. You can click the value for each metric to view the corresponding panel with additional details.
  • Profiles: Displays profile-related metrics, including the number of users assigned various profiles. You can click the value for each metric to view the corresponding panel with additional details.
• Users: Provides visibility into user accounts and their security-related attributes. It enables you to monitor account status, password-related settings, login activity, and to identify accounts that require review or action.

  The Users tab has the following charts:

  • Users by status: Displays a graphical summary of database users by account status.
  • User stats: Displays the number of users based on the selected criterion, such as expired users, over time periods such as 1 day, 1–7 days, 7–30 days, and longer. You can use the drop-down list to change the criterion. For example, instead of the default Expired users option, you can select the Expiring users or Last password changed options to view the corresponding number for each time period.
  • Unlimited parameter users: Displays the number of users associated with profiles that have unlimited values for password-related parameters or resource-related parameters. You can use the drop-down list to switch between Password (default) and Resource parameters.

  In addition to the charts on the Users tab, a table lists the users created in the Managed Database, along with information such as user account status, days remaining before account expiration, and last login date. You can filter the data using the available filter criteria or by clicking the charts.

  You can click the name of a user to go to the User details page and view information pertaining to the user. On the User details page, click the options on the left pane under Resources to view the roles, system privileges, object privileges, consumer group privileges, proxy users and the clients on whose behalf they can act, and default container data access associated with the user.

• Roles: Provides visibility into database roles and their security-related characteristics. It helps you review role authentication types, role scope, and role usage, and identify roles that may require further review.

  The Roles tab has the following charts:

  • Roles by authentication type: Displays a graphical distribution of roles based on their authentication type.
  • Roles by type: Displays the number of roles categorized by scope: Common and Local.
  • User granted roles: Displays top roles by the number of users granted each role.

  In addition to the charts on the Roles tab, a table lists the roles created in the Managed Database, along with information such as its authentication type and scope. You can filter the data using the available filter criteria or by clicking the charts.

  You can click the name of a role to go to the Role details page and view information pertaining to the role. On the Role details page, click the options on the left pane under Resources to view the roles, system privileges, object privileges, and consumer groups associated with the role.

• Profiles: Provides visibility into database profiles and their configuration. It helps you review profile usage, identify unused profiles, and detect profiles with unlimited password or resource parameters that may pose security or resource management risks.

  The Profiles tab has the following charts:

  • Profiles by status: Displays a graphical summary of profiles that are currently in use and profiles that are unused.
  • Profile usage: Displays the top profiles by usage.
  • Unlimited profile parameters: Displays the number of profiles that have unlimited values for various password-related or resource-related parameters. You can use the drop-down list to switch between Password (default) and Resource parameters.

  In addition to the charts on the Profiles tab, a table lists the profiles created in the Managed Database, along with information such as whether the profile is common and whether it's inherited.

  You can click the name of a profile to go to the Profile details page and view information pertaining to the profile. On the Profile details page, click the options on the left pane under Resources to view password and resource-related profile parameters and their values.

• Audit settings: Provides visibility into the database auditing configuration. It enables you to review audit modes, audit policies, and audit trail activity to ensure that auditing is enabled and configured in accordance with security and compliance requirements.

  The Audit settings tab has the following general information and charts:

  • General: Displays a summary of the audit configuration, including the audit mode, the number of audit policies, and tablespace usage.
  • Audit trail by component: Displays a graphical summary of audit records generated by audit components over a selected time period. You can use the drop-down list to change the time period.
  • Audit trail by policy: Displays a graphical breakdown of audit records by audit policy over the selected time period. You can use the drop-down list to change the time period.

  In addition to the general information and charts on the Audit settings tab, a table lists the audit policies created in the Managed Database, along with information such as whether the policy is enabled and the users or roles to which the policy applies.

  You can click the name of an audit policy to go to the Audit policy details page and view information pertaining to the policy. On the Audit policy details page, click the options on the left pane under Resources to view the privileges audited by the policy, the actions covered or audited by the policy, and the entities for which the policy is enabled.