Administering User Security in Oracle Database 12c R2

May 25, 2018 at 4:24 pm | Posted in Oracle, study tips, Technical Tips | Leave a comment
Tags: ,

Let’s talk about administering user security. If you’ve been studying for your Oracle Database 12c R2 Administration Certified Associate exam, you’ll know there are several security sub-components to be aware of. You have to understand how to create users, grant privileges, create and grant roles, revoke, and create and assign profiles. You also have to know how to authenticate users and assign quotas to specific users as well.

These topics, and specifically the topic of managing complex passwords, remind me of a scene in one of my favorite movies, Ironman 3. Tony Stark (aka Ironman) is self-implanting an electronic device in his arm to prepare for what he describes as the “big brother” to the current Ironman suit, called the Mark 42. He describes this event as the “Autonomous freehand self-propulsion test,” which allows him to just move his arms and call out the different components of his Ironman suit with biometrics.

Just like the old Ironman suit was replaced by the Mark 42, the 11g VERIFY_FUNCTION and VERIFY_FUNCTION_11G password verify functions are deprecated in the 12c release. Those weaker password restrictions have been replaced with stronger authentication verification in 12c. Oracle 12c R2 provides a SQL file named CATPVF.SQL  under the standard $ORACLE_HOME/rdbms/admin location. This SQL files holds three specific password verification functions. The purpose of these functions is to make sure that all the users within the database are modifying and creating passwords that are considered complex and meet critical requirements set by the Department of Defense Database Security Technical Implementation Guide, Department of Defense Database Security Technical Implementation Guide requirements and the Security Technical Implementation Guides (STIG) requirements.

The functions are:

  • No fewer than 8 characters
  • Must include one alphabetic character and one number
  • Excludes both the username and the reverse of the username
  • Excludes the name of database
  • Excludes oracle and oracle123
  • Must differ from the previous password by a minimum of 8 characters
  • Holds one special character
  • Must have two special characters, two numeric characters, and two upper-case characters
    • Special Character List (‘# ~ ! @ $ % ^ & * ( ) _ – + \ = { } [ ]\ / < > , . ; ? ‘ : | (space))
  • Must be different from the last password by four characters
  • Must be 15 characters
  • Must include one upper-case and one lower-case character
  • Must have one digit
  • Requires one special character
  • Must differ from your last password by eight characters

Can you imagine using authentication that involves embedding a device under your skin? Maybe that’s just science fiction and maybe that’s going to be the norm at some point. Now, just maybe, Tony Stark’s “Autonomous freehand self propulsion test” is using a three-tier backend Oracle 12c R2 database architecture that is already using these advanced complexity functions. Only time will tell, but just know that security is a living, breathing entity that continues to advance into the future.


John Brooks


Oracle One-Test Catch-Up Certification Opportunities for OCA and OCP in 12c

October 14, 2014 at 9:01 am | Posted in Certification Paths, Oracle | Leave a comment
Tags: , , , ,

Are you one of those individuals who has allowed your Oracle Database Administrator or Oracle Developer Certification to expire because you’ve been too busy to keep up with the required exams – not to mention any potential classroom training? Is your most recent Oracle certification back at release 9i (or even Oracle7), and are you looking for a way to pole-vault to a newer release, such as 11g or 12c?

There’s good news for you folks. Oracle has provided some new certification paths to help you upgrade to 11g or 12c via a single exam (plus any required training).  Here are the specifics on the new upgrade paths.

Oracle Certified Professionals (OCP): 7, 8, 8i, 9i, 10g, 11g to OCP 12c

If you are an existing Oracle Database Administrator Certified Professional (OCP) from Oracle7 or above, you now have a one-exam option to upgrade to the new  Oracle Database 12c Administrator Certified Professional certification with no required training. Exam 1Z0-060, Upgrade to Oracle Database 12c, is available from Oracle.

upgrade all to12c 060

Note that while coursework is not mandatory, Oracle does recommend you take the optional training course, Oracle Database 12c: New Features for Administrators.

Oracle DBA Certified Associates (OCA): 9i, 10g, 11g to OCP 12c

If you are an existing Oracle Database Administrator Certified Associate (OCA)  from Oracle9i or above, you now have a one-exam option to upgrade to the new  Oracle Database 12c Administrator Certified Professional certification. Exam 1Z0-067, Upgrade Oracle9i/10g/11g OCA to Oracle Database 12c OCP, is available from Oracle.

Upgrade to 12c OCP with exam 1Z0-067.

Oracle has traditionally required that you take classroom instruction when upgrading from an OCA to an OCP, and it is required that you complete one course before sitting the exam. You can view the list of qualifying courses here.

Oracle Certified Associates (OCA) 12c to OCP 12c

If you’ve already earned your Oracle Database Administrator Certified Associate (OCA) in Database 12c, you can take one required course (listed on the Professional Level Certification tab) plus exam 1Z0-063, Oracle Database 12c: Advanced Administration.

upgrade 12c OCA to OCP

Oracle Certified Associates (OCA): Upgrade 9i or 10g to 11g OCP

If you currently have your 9i or 10g OCA for Database Administration, and you’re not ready to go all the way to Database 12c, then successfully completing exam 1z0-034, Upgrade Oracle 9i/10g OCA to Oracle Database 11g OCP plus one required Oracle class will upgrade your current OCA certification to the 11g Oracle Database 11g Administrator Certified Professional certification.  You’ll want to review the exam topics for 1z0-034 on the Oracle certification website (choose the tab Exam Topics next to the Exam Preparation tab).

upgrade to 11g 034

Again, Oracle requires classroom instruction when upgrading from an OCA to an OCP. You can view the list of qualifying courses here.

Oracle Certified Professionals (upgrade to 11g or 10g)

Oracle also retained the earlier one-exam upgrades for the older generations of Oracle.

Is the one-exam approach right for you?

A single-exam upgrade to jump from Oracle7 or Oracle9i to Oracle Database 12 can be an amazing bargain for the right certification candidate. Some potential drawbacks to this approach, however, would be that the candidate must take a more difficult exam with a much larger question base than the tests in the conventional two-exam upgrade path. Where a conventional two-exam certification might have an 80-count or 90-count question pool, there can be up to three times as many in the all-in-one test. You must be sure to allocate enough study time to cover the volume of material that you’ll be tested on.

Another consideration is whether the candidate with an older generation of Oracle OCA needs certification in 11g. Earning a 12c certification does not automatically add the corresponding 11g credentials to your transcript. You must be separately certified in 11g to add that credential, which may be the one a potential or current employer is looking for.

Transcender has you covered with Oracle test prep products. We have already released Cert-1Z0-034, Cert-1Z0-060, and Cert-1Z0-067. And, for those who wish to move forward with new Database 12c certifications, we have 1Z0-063 in production, with a projected publication date late in the fourth quarter.

Best of luck!

Bob Bungenstock, aka OrclTestGuy

Entries and comments feeds.

%d bloggers like this: