Pluggable database lockdown profile
First Claim
1. A method comprising:
- sharing hardware resources between a plurality of pluggable databases, each of which is contained in a container database managed by a container DBMS, wherein the plurality of pluggable databases have respective transportable collections of database dictionaries;
storing one or more profiles in a root database of the container database, wherein the root database is not one of the plurality of pluggable databases;
wherein each profile of the one or more profiles specifies a corresponding set of restrictions;
wherein the set of restrictions that correspond to each profile includes access restrictions that apply to any pluggable databases that are mapped to the profile;
wherein a particular profile of the one or more profiles includes a particular restriction that is one of;
a first restriction that prohibits users of any pluggable database that is mapped to the particular profile from performing a particular interaction that would result in interaction between the container DBMS and an operating system;
a second restriction that prohibits users of any pluggable database that is mapped to the particular profile from performing a particular interaction with a network;
ora third restriction that prohibits users of any pluggable database that is mapped to the particular profile from performing a particular interaction that may affect a shared schema in the container database;
storing profile-to-pluggable-database mapping information in the root database;
wherein the profile-to-pluggable-database mapping information maps a particular pluggable database of the plurality of pluggable databases to the particular profile of the one or more of profiles;
wherein the set of restrictions specified in the particular profile indicates a plurality of operations that users of the particular pluggable database are restricted from performing;
detecting, by the container DBMS, a request to perform a particular operation whose execution is restricted by the particular restriction in the particular profile;
in response to detecting the request, the container DBMS performing the steps of;
determining that the request is for a particular user of the particular pluggable database;
using the profile-to-pluggable-database mapping to determine that the particular profile is mapped to the particular pluggable database;
determining, based on the set of restrictions specified in the particular profile, whether the particular operation is one of the plurality of operations that users of the particular pluggable database are restricted from performing; and
based, at least in part, on determining that the particular operation is an operation that users of the particular pluggable database are restricted from performing, preventing execution of the particular operation.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques are described herein for allowing a container DBMS to impose restrictions, on a per-pluggable-database basis, on operations based on the pluggable database to which the users that request the operations belong. In one embodiment, lockdown profiles can be created and mapped to pluggable databases. Lockdown profiles specify PDB-wide restrictions on operations. The restrictions may apply to all operations of a given type, may apply to specific features, may require use of specific parameter values, etc. All users that belong to a pluggable database are restricted by the restrictions specified in the lockdown profile to which their pluggable database is mapped, unless the lockdown profile has a user-specific exemption for them. Bitmaps and/or hash tables may be used to more quickly determine, at query runtime, whether a query violates any profile-specified restrictions. Execution of queries that violate any profile-specified restrictions is prevented.
28 Citations
31 Claims
-
1. A method comprising:
-
sharing hardware resources between a plurality of pluggable databases, each of which is contained in a container database managed by a container DBMS, wherein the plurality of pluggable databases have respective transportable collections of database dictionaries; storing one or more profiles in a root database of the container database, wherein the root database is not one of the plurality of pluggable databases; wherein each profile of the one or more profiles specifies a corresponding set of restrictions; wherein the set of restrictions that correspond to each profile includes access restrictions that apply to any pluggable databases that are mapped to the profile; wherein a particular profile of the one or more profiles includes a particular restriction that is one of; a first restriction that prohibits users of any pluggable database that is mapped to the particular profile from performing a particular interaction that would result in interaction between the container DBMS and an operating system; a second restriction that prohibits users of any pluggable database that is mapped to the particular profile from performing a particular interaction with a network;
ora third restriction that prohibits users of any pluggable database that is mapped to the particular profile from performing a particular interaction that may affect a shared schema in the container database; storing profile-to-pluggable-database mapping information in the root database; wherein the profile-to-pluggable-database mapping information maps a particular pluggable database of the plurality of pluggable databases to the particular profile of the one or more of profiles; wherein the set of restrictions specified in the particular profile indicates a plurality of operations that users of the particular pluggable database are restricted from performing; detecting, by the container DBMS, a request to perform a particular operation whose execution is restricted by the particular restriction in the particular profile; in response to detecting the request, the container DBMS performing the steps of; determining that the request is for a particular user of the particular pluggable database; using the profile-to-pluggable-database mapping to determine that the particular profile is mapped to the particular pluggable database; determining, based on the set of restrictions specified in the particular profile, whether the particular operation is one of the plurality of operations that users of the particular pluggable database are restricted from performing; and based, at least in part, on determining that the particular operation is an operation that users of the particular pluggable database are restricted from performing, preventing execution of the particular operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 31)
-
-
20. One of more non-transitory computer-readable media storing instructions which, when executed by one or more processors, cause:
-
sharing hardware resources between a plurality of pluggable databases, each of which is contained in a container database managed by a container DBMS, wherein the plurality of pluggable databases have respective transportable collections of database dictionaries; storing one or more profiles in a root database of the container database, wherein the root database is not one of the plurality of pluggable databases; wherein each profile of the one or more profiles specifies a corresponding set of restrictions; storing profile-to-pluggable-database mapping information in the root database; wherein the set of restrictions that correspond to each profile includes access restrictions that apply to any pluggable databases that are mapped to the profile; wherein the profile-to-pluggable-database mapping information maps a particular pluggable database of the plurality of pluggable databases to a particular profile of the one or more of profiles; wherein the set of restrictions specified in the particular profile indicates a plurality of operations that users of the particular pluggable database are restricted from performing; wherein a particular profile of the one or more profiles includes a particular restriction that is one of; a first restriction that prohibits users of any pluggable database that is mapped to the particular profile from performing a particular interaction that would result in interaction between the container DBMS and an operating system; a second restriction that prohibits users of any pluggable database that is mapped to the particular profile from performing a particular interaction with a network;
ora third restriction that prohibits users of any pluggable database that is mapped to the particular profile from performing a particular interaction that involves a common object in the container database; detecting, by the container DBMS, a request to perform a particular operation whose execution is restricted by the particular restriction in the particular profile; in response to detecting the request, the container DBMS performing the steps of; determining that the request is for a particular user of the particular pluggable database; using the profile-to-pluggable-database mapping to determine that the particular profile is mapped to the particular pluggable database; determining, based on the set of restrictions specified in the particular profile, whether the particular operation is an operation that users of the particular pluggable database are restricted from performing; and based, at least in part, on determining that the particular operation is one of the plurality of operations that users of the particular pluggable database are restricted from performing, preventing execution of the particular operation. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification