×

Pluggable database lockdown profile

  • US 10,733,316 B2
  • Filed: 08/23/2016
  • Issued: 08/04/2020
  • Est. Priority Date: 10/23/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • sharing hardware resources between a plurality of pluggable databases, each of which is contained in a container database managed by a container DBMS, wherein the plurality of pluggable databases have respective transportable collections of database dictionaries;

    storing one or more profiles in a root database of the container database, wherein the root database is not one of the plurality of pluggable databases;

    wherein each profile of the one or more profiles specifies a corresponding set of restrictions;

    wherein the set of restrictions that correspond to each profile includes access restrictions that apply to any pluggable databases that are mapped to the profile;

    wherein a particular profile of the one or more profiles includes a particular restriction that is one of;

    a first restriction that prohibits users of any pluggable database that is mapped to the particular profile from performing a particular interaction that would result in interaction between the container DBMS and an operating system;

    a second restriction that prohibits users of any pluggable database that is mapped to the particular profile from performing a particular interaction with a network;

    ora third restriction that prohibits users of any pluggable database that is mapped to the particular profile from performing a particular interaction that may affect a shared schema in the container database;

    storing profile-to-pluggable-database mapping information in the root database;

    wherein the profile-to-pluggable-database mapping information maps a particular pluggable database of the plurality of pluggable databases to the particular profile of the one or more of profiles;

    wherein the set of restrictions specified in the particular profile indicates a plurality of operations that users of the particular pluggable database are restricted from performing;

    detecting, by the container DBMS, a request to perform a particular operation whose execution is restricted by the particular restriction in the particular profile;

    in response to detecting the request, the container DBMS performing the steps of;

    determining that the request is for a particular user of the particular pluggable database;

    using the profile-to-pluggable-database mapping to determine that the particular profile is mapped to the particular pluggable database;

    determining, based on the set of restrictions specified in the particular profile, whether the particular operation is one of the plurality of operations that users of the particular pluggable database are restricted from performing; and

    based, at least in part, on determining that the particular operation is an operation that users of the particular pluggable database are restricted from performing, preventing execution of the particular operation.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×