In this recipe, you will use multiple components (realms, command rules, and rule sets) to secure data in database from administrators.
Connect to the pluggable database
PDB1
as the userc##dbv_acctmgr
:SQL> connect c##dbv_acctmgr@pdb1 SQL> create user orders_dba identified by oracle1; SQL> create user orders_user identified by oracle2;
Connect to the pluggable database
PDB1
as aSYS
user and execute the following statements:SQL> connect sys@pdb1 as sysdba SQL> grant dba to orders_dba; SQL> grant create session to orders_user; SQL> grant select on oe.orders to orders_user; SQL> grant update on oe.orders to orders_user; SQL> create role ord_usr_role; SQL> grant ord_usr_role to orders_user;
Create a realm that protects all objects in
OE
schema and authorize userorders_dba
as owner (for detailed explanation on creating realms, see recipe Preventing users from exercising system...