Database System Security Officer
The DBSSO is a system administrator who performs all the routine tasks related to maintaining the security of a database server.
These tasks include the following actions:
- Maintaining the audit masks
- Responding to security problems
- Educating users
The DBSSO performs these tasks with the onaudit utility. For information, see The onaudit utility.
The DBSSO role is supported by a designated account and software. To use the audit tools, the users who fill the DBSSO role must log onto the designated account and meet access-control requirements. After the DBSSO users meet the access-control requirements and use the administrative software, their actions can be audited.
Tip: A DBSSO on UNIX™ is
any user who belongs to the group that owns $ONEDB_HOME/dbssodir.
On Windows™,
the Administrator uses registry settings, through the Role Separation dialog
box that opens during installation, to specify DBSSO users.
Important: The onaudit utility can
create a potential threat to the security of the database server.
An unscrupulous user can abuse a DBSSO account, for example, by turning
off auditing for a specific user. To reduce this risk, all actions
taken through onaudit must be audited.