Preparing the Role-Object Matrix
To control the levels of access different users will have in your system, you have to identify the specific privileges for each object. Database roles will be used as part of the security system, and you must associate these privileges with specific roles.
Note
It does not actually matter whether you determine the roles first or the table privileges first. However, we recommend you determine the roles first since that tends to make it easier to determine the privileges required for each objects.
Review the Security Plan
The security plan (introduced in Chapter 7) for your application will include the definitions of the types of access for the system. We recommend you write a security plan even if the system being designed is not complex. By creating a security plan, you document the security approach that was intended. Should all of the people involved in the project leave, there will still be a record of the thinking behind the application implementation. The security plan serves two purposes:
It documents the system security approach and concepts.
It defines the specific access requirements.
From the security plan and from interviews with the customers, you can determine what the user grouping will be, and you will be able to establish some role names to represent those groups. Once you have that, you can continue with the role-object access matrix.
Role-Object Access Matrix
Access definitions from the security plan are used to determine role names. ...
Get Oracle Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
