一、数据脱敏测试
1、登录数据库创建用户
drop user test01 cascade;
drop user test02 cascade;
create user test01 identified by Dameng123123;
create user test02 identified by Dameng123123;
2、建立脱敏表
CREATE TABLE "TEST01"."TABLE_01"
(
"COLUMN_1" CHAR(10) NOT NULL ENCRYPT WITH DES_ECB MANUAL HASH WITH MD5 SALT ,
"COLUMN_2" CHAR(10) NOT NULL ENCRYPT WITH DES_ECB MANUAL HASH WITH MD5 SALT ) STORAGE(ON "MAIN", CLUSTERBTR) ;
insert into test01.table_01 values ('a','a'),('b','b'),('c','c'),('d','d');
commit;
3、登录TEST02用户查看数据
disql test02/Dameng123123
二、安全审计测试
1、登录数据库开启审计
disql SYSAUDITOR/SYSAUDITOR
SP_SET_ENABLE_AUDIT (1);
修改dm.ini文件设置AUD_PATH审计路径
AUD_PATH=/dmdata/DAMENG/audit
2、对用户创建、用户权限变更、用户删除等操作信息审计
SP_AUDIT_STMT('GRANT', 'SYSDBA', 'ALL');
SP_AUDIT_STMT('REVOKE', 'SYSDBA', 'ALL');
对DDL、DML、DCL、参数修改等操作信息进行审计
SP_AUDIT_STMT('DELETE TABLE', 'SYSDBA', 'ALL');
SP_AUDIT_STMT('UPDATE TABLE', 'SYSDBA', 'ALL');
SP_AUDIT_STMT('INSERT TABLE', 'SYSDBA', 'ALL');
SP_AUDIT_STMT('SELECT TABLE', 'SYSDBA', 'ALL');
3、审计验证,SYSDBA登录数据库
disql SYSDBA/SYSDBA
创建测试表,并插入数据提交
create table test01 (c1 int);
insert into test01 (1);
commit;
SYSAUDITOR登录查看审计信息
disql SYSAUDITOR/SYSAUDITOR
SELECT * FROM SYSAUDITOR.V$AUDITRECORDS WHERE USERNAME='SYSDBA';
三、用户权限分离测试
1、管理员用户登陆
conn SYSDBA/SYSDBA
创建用户
create user tb1 identified by "A123456789"
2、conn tb1/A123456789
--查询
select count(*) from V$dm_ini;
create table test01 (c1 int,c2 varchar);
3、管理员用户登陆
conn SYSDBA/SYSDBA
赋予查询查询
grant select on SYS.V$dm_ini to tb1;
grant CREATE TABLE to "TB1";
grant INSERT TABLE to "TB1";
grant UPDATE TABLE to "TB1";
grant DELETE TABLE to "TB1";
连接用户
conn tb1/A123456789
查询
select count(*) from V$dm_ini;
create table test01 (c1 int,c2 varchar);
insert into test01 values (1,'a');
update test01 set c1=100 where c2='a';
select * from test01;
delete from test01 where c1=100;
4、管理员用户登陆
conn SYSDBA/SYSDBA
回收权限
REVOKE select on SYS.V$dm_ini from tb1;
revoke CREATE TABLE from "TB1";
revoke INSERT TABLE from "TB1";
revoke UPDATE TABLE from "TB1";
revoke DELETE TABLE from "TB1";
连接用户
conn tb1/A123456789
查询
select count(*) from V$dm_ini;
create table test01 (c1 int,c2 varchar);
达梦社区地址:https://eco.dameng.com