Database System Security Officer

The DBSSO is a system administrator who performs all the routine tasks related to maintaining the security of a database server.

These tasks include the following actions:

  • Maintaining the audit masks
  • Responding to security problems
  • Educating users

The DBSSO performs these tasks with the onaudit utility. For information, see The onaudit utility.

The DBSSO role is supported by a designated account and software. To use the audit tools, the users who fill the DBSSO role must log onto the designated account and meet access-control requirements. After the DBSSO users meet the access-control requirements and use the administrative software, their actions can be audited.

Tip: A DBSSO on UNIX™ is any user who belongs to the group that owns $ONEDB_HOME/dbssodir. On Windows™, the Administrator uses registry settings, through the Role Separation dialog box that opens during installation, to specify DBSSO users.
Important: The onaudit utility can create a potential threat to the security of the database server. An unscrupulous user can abuse a DBSSO account, for example, by turning off auditing for a specific user. To reduce this risk, all actions taken through onaudit must be audited.