Index
A B C D E F G H I J L M N O P Q R S T U V W
Symbols
- % wildcard, 9.1.3
A
- access control policy
-
- configuring with tools and components
-
- Oracle Label Security PL/SQL APIs, 1.2.6
- Oracle Policy Manager, 1.2.6
- reports
-
- Core Database Vault Audit Report, 9.2.2.5
- access control run-time PL/SQL procedures and functions, D.1
- Access to Sensitive Objects Report, 9.3.3.2
- accounts. See database accounts
- Accounts With DBA Roles Report, 9.3.5.2
- Accounts with SYSDBA/SYSOPER Privilege Report, 9.3.3.4
- ALTER DATABASE statement
-
- monitoring, 10.4
- ALTER ROLE statement
-
- monitoring, 10.1
- ALTER SESSION privilege
-
- reports, ALTER SYSTEM or ALTER SESSION Report, 9.3.5.5
- trace files, enabling, G.1
- ALTER SESSION statement
-
- guidelines on managing privileges, F.3.6
- ALTER SYSTEM or ALTER SESSION Report, 9.3.5.5
- ALTER SYSTEM privilege
-
- reports, ALTER SYSTEM or ALTER SESSION Report, 9.3.5.5
- ALTER SYSTEM statement
-
- controlling with command rules, 5.1
- guidelines on managing privileges, F.3.6
- ALTER TABLE statement
-
- monitoring, 10.4
- ALTER USER statement
-
- monitoring, 10.1
- ANY privileges, C.3.3
- ANY System Privileges for Database Accounts Report, 9.3.2.4
- API packages, E
- applications
-
- custom, APIs for, E
- ASM. See Automatic Storage Management
- audit policy change
-
- monitoring, 10.1
- AUDIT privilege, 9.3.5.10
- AUDIT Privileges Report, 9.3.5.10
- AUDIT_SYS_OPERATIONS initialization parameter, 1.7.2.1
- AUDIT_TRAIL initialization parameter
-
- effect on auditing policy, A.1
- effect on Core Database Audit Report, 9.3.8
- effect on monitoring database, 10.1
- example of setting, A.1
- auditing
-
- Core Database Audit Report, 9.3.8
- DVSYS.DBMS_MACUTL fields, E.3.1
- factors
-
- options, 4.2
- intruders
-
- using factors, 4.2
- using rule sets, 6.2
- realms
-
- DVSYS.DBMS_MACUTL fields, E.3.1
- options, 3.2
- reports, 9.2.2
- rule sets
-
- DVSYS.DBMS_MACUTL fields, E.3.1
- options, 6.2
- secure application roles
-
- audit records, 7.8
- troubleshooting, G.1
- views used to audit events, C.5
- See also auditing policies
- auditing policies
-
- about, A.1
- custom events
-
- about, A.2
- audit trail, A.2
- listing, A.2
- monitoring changes to, 10.1, A.1
- settings, A.1
- See also auditing, AUDIT_TRAIL initialization parameter
- authentication
-
- Authentication_Method default factor, 4.8
- command rules, 5.1
- method, finding with DVF.F$AUTHENTICATION_METHOD, D.2
- realm functions, E.1.1
- authorizations, realms, 3.5
- Automatic Storage Management (ASM)
-
- command-line utilities, affected by Oracle Database Vault, 1.7.1
- AVSYS account, C.4
B
- BECOME USER Report, 9.3.5.4
- BECOME USER system privilege
-
- about, 9.3.5.4
C
- catalog-based roles, 9.3.5.9
- child factors. See factors
- clients
-
- finding IP address with DVF.F$CLIENT_IP, D.2
- code groups
-
- DVSYS.DBMS_MACUTL fields, E.3.1
- ID, retrieving with DVSYS.DBMS_MACUTL functions, E.3.2
- retrieving value with DVSYS.DBMS_MACUTL functions, E.3.2
- Command Rule Audit Report, 9.2.2.2
- Command Rule Configuration Issues Report, 9.2.1.1
- command rules
-
- about, 5.1
- audit event, custom, A.2
- creating, 5.2
- default command rules, 5.6
- deleting, 5.3
- diagnosing behavior, G.1
- editing, 5.2
- example, 5.5
- functions
-
- DVSYS.DBMS_MACADM (configuration), E.1.4
- DVSYS.DBMS_MACUTL (utility), E.3
- guidelines, 5.7
- how command rules work, 5.4
- objects
-
- name, 5.2
- owner, 5.2
- performance effect, 5.8
- process flow, 5.4
- reports, 5.9
- rule sets
-
- how different from command rules, 5.1
- selecting, 5.2
- used with, 5.1
- troubleshooting
-
- general diagnostic advice, G.1
- with auditing report, 9.2.2.2
- views, C.5
- See also rule sets
- compliance
-
- Oracle Database Vault addressing, 1.3
- computer name
-
- finding with DVF.F$MACHINE, D.2
- Machine default factor, 4.8
- configuration
-
- changes, monitoring, 10.1
- See also DVSYS.DBMS_MACADM package
- CONNECT events, controlling with command rules, 5.1
- core database
-
- troubleshooting with Core Database Vault Audit Report, 9.2.2.5
- Core Database Audit Report, 9.3.8
- Core Database Vault Audit Report, 9.2.2.5
- CPU_PER_SESSION resource profile, 9.3.6.2
- CREATE ANY JOB privilege, F.3.3
- CREATE ANY JOB statement
-
- guidelines on managing privileges, F.3.3
- CREATE EXTERNAL JOB privilege, F.3.4
- CREATE JOB privilege, F.3.3
- CREATE JOB statement
-
- guidelines on managing privileges, F.3.3
- CREATE ROLE statement
-
- monitoring, 10.1
- CREATE TABLE statement
-
- monitoring, 10.4
- CREATE USER statement
-
- monitoring, 10.1
- custom applications, APIs for, E
D
- data definition language (DDL)
-
- statement
-
- controlling with command rules, 5.1
- data dictionary
-
- adding DV_ACCTMGR role to realm, 2.3.1
- Data Guard
-
- command-line utilities, Oracle Database Vault effects on, 1.7.1
- data manipulation language (DML)
-
- statement
-
- checking with DVSYS.DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED function, E.3.2
- controlling with command rules, 5.1
- data Oracle Database Vault recognizes. See factors
- Database Account Default Password Report, 9.3.7.1
- Database Account Status Report, 9.3.7.2
- database accounts
-
- AVSYS, C.4
- counting privileges of, 9.3.4.1
- creation scenarios, C.4.1, C.4.1
- DBSNMP, 3.12
- default Oracle Database Vault, C.4.1
- DVSYS, C.4
- LBACSYS, C.4
- monitoring, 10.1
- reports
-
- Accounts With DBA Roles Report, 9.3.5.2
- ALTER SYSTEM or ALTER SESSION Report, 9.3.5.5
- ANY System Privileges for Database Accounts Report, 9.3.2.4
- AUDIT Privileges Report, 9.3.5.10
- BECOME USER Report, 9.3.5.4
- Database Account Default Password Report, 9.3.7.1
- Database Account Status Report, 9.3.7.2
- Database Accounts With Catalog Roles Report, 9.3.5.9
- Direct and Indirect System Privileges By Database Account Report, 9.3.2.2
- Direct Object Privileges Report, 9.3.1.3
- Direct System Privileges By Database Account Report, 9.3.2.1
- Hierarchical System Privileges by Database Account Report, 9.3.2.3
- Object Access By PUBLIC Report, 9.3.1.1
- Object Access Not By PUBLIC Report, 9.3.1.2
- OS Security Vulnerability Privileges, 9.3.5.11
- Password History Access Report, 9.3.5.6
- Privileges Distribution By Grantee Report, 9.3.4.1, 9.3.4.1, 9.3.4.1
- Privileges Distribution By Grantee, Owner Report, 9.3.4.2, 9.3.4.2
- Privileges Distribution By Grantee, Owner, Privilege Report, 9.3.4.3, 9.3.4.3
- Roles/Accounts That Have a Given Role Report, 9.3.5.8
- Security Policy Exemption Report, 9.3.5.3
- WITH ADMIN Privilege Grants Report, 9.3.5.1
- WITH GRANT Privileges Report, 9.3.5.7
- solution for lockouts, B.1
- suggested, C.4
- SYSMAN, 3.12
- Database Accounts With Catalog Roles Report, 9.3.5.9
- database configuration
-
- monitoring changes, 10.4
- database definition language (DDL)
-
- statements
-
- controlling with command rules, 5.1
- database domains, Database_Domain default factor, 4.8
- database objects
-
- Oracle Database Vault, C
- reports
-
- Object Dependencies Report, 9.3.1.4
- See also objects
- database options, installing, B.1
- database roles
-
- about, C.3
- counting privileges of, 9.3.4.1
- default Oracle Database Vault, C.3
- DV_ACCTMGR
-
- about, C.3.3
- adding to Data Dictionary realm, 2.3.1
- DV_ADMIN, C.3.2
- DV_OWNER, C.3.1
- DV_PUBLIC, C.3.4
- DV_REALM_OWNER, C.3.6
- DV_REALM_RESOURCE, C.3.7
- DV_SECANALYST, C.3.5
- enabled, determining with DVSYS.ROLE_IS_ENABLED, D.1.5
- monitoring, 10.1
- Oracle Database Vault, default, C.3
- reports
-
- Accounts With DBA Roles Report, 9.3.5.2
- ALTER SYSTEM or ALTER SESSION Report, 9.3.5.5
- AUDIT Privileges Report, 9.3.5.10
- BECOME USER Report, 9.3.5.4
- Database Accounts With Catalog Roles Report, 9.3.5.9
- OS Security Vulnerability Privileges, 9.3.5.11
- Privileges Distribution By Grantee Report, 9.3.4.1
- Roles/Accounts That Have a Given Role Report, 9.3.5.8
- Security Policy Exemption Report, 9.3.5.3
- WITH ADMIN Privilege Grants Report, 9.3.5.1
- separation of duty enforcement, 1.7.5
- database schemas
-
- grouped. See realms
- database sessions, 4.2
-
- controlling with Allow Sessions default rule set, 6.8
- factor evaluation, 4.6.1
- session user name, Proxy_User default factor, 4.8
- Database Vault. See Oracle Database Vault
- databases
-
- dbconsole
-
- checking process, 2.2
- starting process, 2.2
- defined with factors, 4.1
- domain, Domain default factor, 4.8
- event monitoring, G.1
- host names, Database_Hostname default factor, 4.8
- instance, retrieving information with functions, E.1.2
- instances
-
- Database_Instance default factor, 4.8
- names, finding with DVF.F$DATABASE_INSTANCE, D.2
- number, finding with DVSYS.DV_INSTANCE_NUM, D.3
- IP addresses
-
- Database_IP default factor, 4.8
- retrieving with DVF.F$DATABASE_IP, D.2
- listener, starting, B.3
- log file location, 2.2
- monitoring events, G.1
- names
-
- Database_Name default factor, 4.8
- retrieving with DVF.F$DATABASE_NAME, D.2
- retrieving with DVSYS.DV_DATABASE_NAME, D.3
- parameters
-
- Security Related Database Parameters Report, 9.3.6.1
- roles that do not exist, 9.2.1.7
- schema creation, finding with DVF.F$IDENTIFICATION_TYPE, D.2
- schema creation, Identification_Type default factor, 4.8
- startup, DVSYS.DBMS_MACUTL fields, E.3.1
- structural changes, monitoring, 10.4
- user name, Session_User default factor, 4.8
- DBA_DV_CODE view, C.5
- DBA_DV_COMMAND_RULE view, C.5
- DBA_DV_FACTOR view, C.5
- DBA_DV_FACTOR_LINK view, C.5
- DBA_DV_FACTOR_TYPE view, C.5
- DBA_DV_IDENTITY view, C.5
- DBA_DV_IDENTITY_MAP view, C.5
- DBA_DV_MAC_POLICY view, C.5
- DBA_DV_MAC_POLICY_FACTOR view, C.5
- DBA_DV_POLICY_LABEL view, C.5
- DBA_DV_PUB_PRIVS view, C.5
- DBA_DV_REALM view, C.5
- DBA_DV_REALM_AUTH view, C.5
- DBA_DV_REALM_OBJECT view, C.5
- DBA_DV_ROLE view, C.5
- DBA_DV_RULE view, C.5
- DBA_DV_RULE_SET view, C.5
- DBA_DV_RULE_SET_RULE view, C.5
- DBA_DV_USER_PRIVS view, C.5
- DBA_DV_USER_PRIVS_ALL view, C.5
- dbconsole process
-
- checking status, 2.2
- starting, 2.2
- DBMS_FILE_TRANSFER package, guidelines on managing, F.3.1
- DELETE_CATALOG_ROLE role, 9.3.5.9
- denial-of-service (DoS) attacks
-
- reports
-
- System Resource Limits Report, 9.3.6.3
- Tablespace Quotas Report, 9.3.9.6
- Direct and Indirect System Privileges By Database Account Report, 9.3.2.2
- Direct Object Privileges Report, 9.3.1.3
- direct system privileges, 9.3.2.3
- Direct System Privileges By Database Account Report, 9.3.2.1
- disabling system features with Disabled default rule set, 6.8
- domains
-
- defined with factors, 4.1
- finding database domain with DVF.F$DATABASE_DOMAIN, D.2
- finding with DVF.F$DOMAIN, D.2
- DROP ROLE statement
-
- monitoring, 10.1
- DROP TABLE statement
-
- monitoring, 10.4
- DROP USER statement
-
- monitoring, 10.1
- DV_ACCTMGR role
-
- about, C.3.3
- adding to Data Dictionary realm, 2.3.1
- DV_ADMIN role, C.3.2
- DV_OWNER role, C.3.1
- DV_PUBLIC role, C.3.4
- DV_REALM_OWNER role, C.3.6
- DV_REALM_RESOURCE role, C.3.7
- DV_SECANALYST role, C.3.5
- DVA. See Oracle Database Vault Administrator
- DVCA. See Oracle Database Vault Configuration Assistant
- DVF account
-
- auditing policy, A.1
- database accounts
-
- DVF, C.4
- DVF schema, D.2
-
- about, C.2.2
- auditing policy, A.1
- DVSYS account, C.4
-
- auditing policy, A.1
- DVSYS schema
-
- about, C.2.1
- auditing policy, A.1
- command rules, 5.2
- DV_OWNER role, C.3.1
- factor validation methods, 4.2
- DVSYS.DBMS_MACADM package
-
- about, E.1
- command rule functions, listed, E.1.4
- factor functions, listed, E.1.2
- Oracle Label Security policy functions, listed, E.1.6
- realm functions, listed, E.1.1
- rule set functions, listed, E.1.3
- secure application role functions, listed, E.1.5
- DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM function, E.1.1.1, E.1.1.2, E.1.1.3, E.1.1.4
- DVSYS.DBMS_MACADM.ADD_FACTOR_LINK function, E.1.2.1
- DVSYS.DBMS_MACADM.ADD_OBJECT_TO_REALM function, E.1.1.5
- DVSYS.DBMS_MACADM.ADD_POLICY_FACTOR function, E.1.2.2
- DVSYS.DBMS_MACADM.ADD_RULE_TO_RULE_SET function, E.1.3.1, E.1.3.2, E.1.3.3
- DVSYS.DBMS_MACADM.CHANGE_IDENTITY_FACTOR function, E.1.2.3
- DVSYS.DBMS_MACADM.CHANGE_IDENTITY_VALUE function, E.1.2.4
- DVSYS.DBMS_MACADM.CREATE_COMMAND_RULE function, E.1.4.1
- DVSYS.DBMS_MACADM.CREATE_DOMAIN_IDENTITY function, E.1.2.5
- DVSYS.DBMS_MACADM.CREATE_FACTOR function, E.1.2.6
- DVSYS.DBMS_MACADM.CREATE_FACTOR_TYPE function, E.1.2.7
- DVSYS.DBMS_MACADM.CREATE_IDENTITY function, E.1.2.8
- DVSYS.DBMS_MACADM.CREATE_IDENTITY_MAP function, E.1.2.9
- DVSYS.DBMS_MACADM.CREATE_MAC_POLICY function, E.1.6.1
- DVSYS.DBMS_MACADM.CREATE_POLICY_LABEL function, E.1.6.2
- DVSYS.DBMS_MACADM.CREATE_REALM function, E.1.1.6
- DVSYS.DBMS_MACADM.CREATE_ROLE function, E.1.5.1
- DVSYS.DBMS_MACADM.CREATE_RULE function, E.1.3.4
- DVSYS.DBMS_MACADM.CREATE_RULE_SET function, E.1.3.5
- DVSYS.DBMS_MACADM.DELETE_AUTH_FROM_REALM function, E.1.1.7
- DVSYS.DBMS_MACADM.DELETE_COMMAND_RULE function, E.1.4.2
- DVSYS.DBMS_MACADM.DELETE_FACTOR function, E.1.2.10
- DVSYS.DBMS_MACADM.DELETE_FACTOR_LINK function, E.1.2.11
- DVSYS.DBMS_MACADM.DELETE_FACTOR_TYPE function, E.1.2.12
- DVSYS.DBMS_MACADM.DELETE_IDENTITY function, E.1.2.13
- DVSYS.DBMS_MACADM.DELETE_IDENTITY_MAP function, E.1.2.14
- DVSYS.DBMS_MACADM.DELETE_MAC_POLICY_CASCADE function, E.1.6.3
- DVSYS.DBMS_MACADM.DELETE_OBJECT_FROM_REALM function, E.1.1.8
- DVSYS.DBMS_MACADM.DELETE_POLICY_FACTOR function, E.1.6.4
- DVSYS.DBMS_MACADM.DELETE_POLICY_LABEL function, E.1.6.5
- DVSYS.DBMS_MACADM.DELETE_REALM function, E.1.1.9
- DVSYS.DBMS_MACADM.DELETE_REALM_CASCADE function, E.1.1.10
- DVSYS.DBMS_MACADM.DELETE_ROLE function, E.1.5.2
- DVSYS.DBMS_MACADM.DELETE_RULE function, E.1.3.6
- DVSYS.DBMS_MACADM.DELETE_RULE_FROM_RULE_SET function, E.1.3.7
- DVSYS.DBMS_MACADM.DELETE_RULE_SET function, E.1.3.8
- DVSYS.DBMS_MACADM.DROP_DOMAIN_IDENTITY function, E.1.2.15
- DVSYS.DBMS_MACADM.GET_INSTANCE_INFO function, E.1.2.16
- DVSYS.DBMS_MACADM.GET_SESSION_INFO function, E.1.2.17
- DVSYS.DBMS_MACADM.RENAME_FACTOR function, E.1.2.18
- DVSYS.DBMS_MACADM.RENAME_FACTOR_TYPE function, E.1.2.19
- DVSYS.DBMS_MACADM.RENAME_REALM function, E.1.1.11
- DVSYS.DBMS_MACADM.RENAME_ROLE function, E.1.5.3
- DVSYS.DBMS_MACADM.RENAME_RULE function, E.1.3.9
- DVSYS.DBMS_MACADM.RENAME_RULE_SET function, E.1.3.10
- DVSYS.DBMS_MACADM.SET_PRESERVE_CASE function
-
- command rules, E.1.4.3
- factors, E.1.2.20
- Oracle Label Security policies, E.1.6.6
- realms, E.1.1.12
- rule sets, E.1.3.11
- secure application roles, E.1.5.4
- DVSYS.DBMS_MACADM.SYNC_RULES function, E.1.3.12
- DVSYS.DBMS_MACADM.UPDATE_COMMAND_RULE function, E.1.4.4
- DVSYS.DBMS_MACADM.UPDATE_FACTOR function, E.1.2.21
- DVSYS.DBMS_MACADM.UPDATE_FACTOR_TYPE function, E.1.2.22
- DVSYS.DBMS_MACADM.UPDATE_IDENTITY function, E.1.2.23
- DVSYS.DBMS_MACADM.UPDATE_MAC_POLICY function, E.1.6.7
- DVSYS.DBMS_MACADM.UPDATE_REALM function, E.1.1.13
- DVSYS.DBMS_MACADM.UPDATE_REALM_AUTH function, E.1.1.14
- DVSYS.DBMS_MACADM.UPDATE_ROLE function, E.1.5.5
- DVSYS.DBMS_MACADM.UPDATE_RULE function, E.1.3.13
- DVSYS.DBMS_MACADM.UPDATE_RULE_SET function, E.1.3.14
- DVSYS.DBMS_MACSEC_ROLES package
-
- about, E.2
- functions, listed, E.2
- DVSYS.DBMS_MACSEC_ROLES.CAN_SET_ROLE function, E.2.1
- DVSYS.DBMS_MACSEC_ROLES.SET_ROLE function, E.2.2
- DVSYS.DBMS_MACUTL package
-
- about, E.3
- fields (constants), listed, E.3.1
- functions, listed, E.3.2
- DVSYS.DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED function, E.3.2.1
- DVSYS.DBMS_MACUTL.GET_CODE_ID function, E.3.2.2
- DVSYS.DBMS_MACUTL.GET_CODE_VALUE function, E.3.2.3
- DVSYS.DBMS_MACUTL.GET_DAY function, E.3.2.8
- DVSYS.DBMS_MACUTL.GET_FACTOR_CONTEXT function, E.3.2.4
- DVSYS.DBMS_MACUTL.GET_HOUR function, E.3.2.7
- DVSYS.DBMS_MACUTL.GET_MESSAGE_LABEL function, E.3.2.18, E.3.2.19
- DVSYS.DBMS_MACUTL.GET_MINUTE function, E.3.2.6
- DVSYS.DBMS_MACUTL.GET_MONTH function, E.3.2.9
- DVSYS.DBMS_MACUTL.GET_SECOND function, E.3.2.5
- DVSYS.DBMS_MACUTL.GET_SQL_TEXT function, E.3.2.11
- DVSYS.DBMS_MACUTL.GET_YEAR function, E.3.2.10
- DVSYS.DBMS_MACUTL.IN_CALL_STACK function, E.3.2.12
- DVSYS.DBMS_MACUTL.IS_ALPHA function, E.3.2.13
- DVSYS.DBMS_MACUTL.IS_DIGIT function, E.3.2.14
- DVSYS.DBMS_MACUTL.IS_DVSYS_OWNER function, E.3.2.15
- DVSYS.DBMS_MACUTL.IS_OLS_INSTALLED function, E.3.2.16
- DVSYS.DBMS_MACUTL.IS_OLS_INSTALLED_VARCHAR function, E.3.2.17
- DVSYS.DBMS_MACUTL.RAISE_UNAUTHORIZED_OPERATION function, E.3.2.20
- DVSYS.DBMS_MACUTL.TO_ORACLE_IDENTIFIER function, E.3.2.21
- DVSYS.DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function, E.3.2.22
- DVSYS.DBMS_MACUTL.USER_HAS_ROLE function, E.3.2.23
- DVSYS.DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function, E.3.2.24
- DVSYS.DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function, E.3.2.25
E
- enabling system features with Enabled default rule set, 6.8
- encrypted information, 9.3.9.5
- enterprise identities, Enterprise_Identity default factor, 4.8
- Enterprise Manager. See Oracle Enterprise Manager
- errors
-
- DVSYS.DBMS_MACUTL.RAISE_UNAUTHORIZED_OPERATION function, E.3.2
- factor error options, 4.2
- rule set error options, 6.2
- troubleshooting, G
- event handler
-
- rule sets, 6.2
- example of using Oracle Database Vault, 2.3
- examples
-
- command rules, 5.5
- database account creation scenarios, C.4.1
- factors, 4.7
- realms, 3.10
- rule sets, 6.7
- secure application roles, 7.6
- EXECUTE ANY PROCEDURE privilege, securing for external C callouts, F.3.8.1
- EXECUTE ANY PROCEDURE privilege, securing for Java stored procedures, F.3.7.1
- Execute Privileges to Strong SYS Packages Report, 9.3.3.1
- EXECUTE_CATALOG_ROLE role, 9.3.5.9
- EXEMPT ACCESS POLICY system privilege, 9.3.5.3
- external C callouts
-
- EXECUTE ANY PROCEDURE privilege, F.3.8.1
- security considerations, F.3.8
F
- Factor Audit Report, 9.2.2.3
- Factor Configuration Issues Report, 9.2.1.2
- Factor Without Identities Report, 9.2.1.3
- factors
-
- about, 4.1
- assignment, 4.2
-
- disabled rule set, 9.2.1.2
- incomplete rule set, 9.2.1.2
- validate, 4.2
- assignment operation, 9.2.2.3
- audit events, custom, A.2
- audit options, 4.2
- child factors
-
- about, 4.2
- Factor Configuration Issues Report, 9.2.1.2
- mapping, 4.4.2, 4.4.2
- creating, 4.2
- default factors, 4.8
- deleting, 4.5
- domain, finding with DVF.F$DOMAIN, D.2
- editing, 4.3
- error options, 4.2
- evaluate, 4.2
- evaluation operation, 9.2.2.3
- example, 4.7
- factor type
-
- about, 4.2
- selecting, 4.2
- factor-identity pair mapping, 4.4.2
- functionality, 4.6
- functions
-
- DVSYS.DBMS_MACADM (configuration), E.1.2
- DVSYS.DBMS_MACUTL (utility), E.3
- DVSYS.DBMS_MACUTL fields (constants), E.3.1
- guidelines, 4.9
- identifying using child factors, 4.4.2
- identities
-
- about, 4.2
- adding to factor, 4.4
- assigning, 4.2
- configuring, 4.4.1
- creating, 4.4.1
- database session, 4.2
- deleting, 4.4.1
- determining with DVSYS.GET_FACTOR, 4.2
- editing, 4.4.1
- enterprise-wide users, D.2
- how factor identities work, 4.2
- labels, 4.2, 4.4.1
- mapping, 4.2, 4.4.2
- Oracle Label Security labels, 4.2
- reports, 4.11
- resolving, 4.2
- retrieval methods, 4.2
- setting dynamically, D.1.1
- trust levels, 4.2, 4.4.1
- with Oracle Label Security, 4.2
- initialization, command rules, 5.1
- invalid audit options, 9.2.1.2
- label, 9.2.1.2
- naming, 4.2
- parent factors, 4.2
- performance effect, 4.10
- process flow, 4.6
- reports, 4.11
- retrieving, 4.6.2
- retrieving with DVSYS.GET_FACTOR, D.1.2
- rule sets
-
- selecting, 4.2
- used with, 4.1
- setting, 4.6.3
- setting with DVSYS.SET_FACTOR, D.1.1
- troubleshooting
-
- auditing report, 9.2.2.3
- configuration problems, G.3
- tips, G.2
- type (category of factor), 4.2
- validating, 4.2
- values (identities), 4.1
- views
-
- DBA_DV_CODE, C.5
- DBA_DV_FACTOR_LINK, C.5
- DBA_DV_FACTOR_TYPE, C.5
- DBA_DV_IDENTITY, C.5
- DBA_DV_IDENTITY_MAP, C.5
- DBA_DV_MAC_POLICY_FACTOR, C.5
- ways to assign, 4.2
- See also rule sets
- functions
-
- command rules
-
- DVSYS.DBMS_MACADM (configuration), E.1.4
- DVSYS.DBMS_MACUTL (utility), E.3
- DVSYS schema enabling, D.1
- factors
-
- DVSYS.DBMS_MACADM (configuration), E.1.2
- DVSYS.DBMS_MACUTL (utility), E.3
- Oracle Label Security policy
-
- DVSYS.DBMS_MACADM (configuration), E.1.6
- realms
-
- DVSYS.DBMS_MACADM (configuration), E.1.1
- DVSYS.DBMS_MACUTL (utility), E.3
- rule sets
-
- DVSYS.DBMS_MACADM (configuration), E.1.3
- DVSYS.DBMS_MACUTL (utility), E.3
- PL/SQL functions for inspecting SQL, D.3
- secure application roles
-
- DVSYS.DBMS_MACADM (configuration), E.1.5
- DVSYS.DBMS_MACSEC_ROLES (configuration), E.2
- DVSYS.DBMS_MACUTL (utility), E.3
G
- general security reports, 9.3
- GRANT statement
-
- monitoring, 10.1
- guidelines
-
- ALTER SESSION privilege, F.3.6
- ALTER SYSTEM privilege, F.3.6
- command rules, 5.7
- CREATE ANY JOB privilege, F.3.3
- CREATE EXTERNAL JOB privilege, F.3.4
- CREATE JOB privilege, F.3.3
- DBMS_FILE_TRANSFER package, F.3.1
- factors, 4.9
- general security, F
- Java stored procedures, F.3.7
- LogMiner packages, F.3.5
- Oracle software owner, F.2.2
- performance effect, 4.10
- realms, 3.13
- recycle bin, F.3.2
- root user access, F.2.1
- rule sets, 6.9
- secure application roles, 7.3
- SELECT_CATALOG_ROLE role, F.3.2
- SYSDBA access, F.2.3
- SYSOPER access, F.2.4
- trusted accounts and roles, F.1
- UTL_FILE package, F.3.1
H
- hackers. See intruders
- Hierarchical System Privileges by Database Account Report, 9.3.2.3
- host names
-
- finding with DVF.F$DATABASE_HOSTNAME, D.2
I
- identifiers, converting to legal Oracle with DVSYS.DBMS_MACUTL.TO_ORACLE_IDENTIFIER function, E.3.2
- identities. See factors, identities
- Identity Configuration Issues Report, 9.2.1.4
- IDLE_TIME resource profile, 9.3.6.2
- incomplete rule set, 9.2.1.2
-
- realm authorization, 9.2.1.5
- role enablement, 9.2.1.7
- initialization parameters
-
- Check Trigger Init Parameters default rule set, 6.8
- modified after installation, 1.7.2
- modified by Oracle Database Vault, 1.7.2.1
- reports, 9.3.6
- insider threats. See intruders
- intruders
-
- Denial of Service attacks
-
- finding tablespace quotas, 9.3.9.6
- denial-of-service attacks
-
- finding system resource limits, 9.3.6.3
- eliminating audit trail, 9.3.5.10
- monitoring security violations, 10.3
- Oracle Database Vault addressing insider threats, 1.4
- reports
-
- AUDIT Privileges Report, 9.3.5.10
- Objects Dependent on Dynamic SQL Report, 9.3.9.3
- Privileges Distribution By Grantee, Owner Report, 9.3.4.2
- Unwrapped PL/SQL Package Bodies Report, 9.3.9.4
- SQL injection attacks, 9.3.9.3
- tracking
-
- with factor auditing, 4.2
- with rule set auditing, 6.2
- IP addresses
-
- Client_IP default factor, 4.8
- defined with factors, 4.1
J
- Java Policy Grants Report, 9.3.9.1
- Java stored procedures
-
- EXECUTE ANY PROCEDURE privilege, F.3.7.1
- guidelines on managing, F.3.7
- realm protections, 3.8
L
- Label Security Integration Audit Report, 9.2.2.4
- labels
-
- about, 4.4.1
- See also Oracle Label Security
- languages
-
- finding with DVF.F$LANG, D.2
- finding with DVF.F$LANGUAGE, D.2
- name
-
- Lang default factor, 4.8
- Language default factor, 4.8
- LBACSYS account
-
- about, C.4
- auditing policy, A.1
- factor integration with OLS policy requirement, 8.3.3
- See also Oracle Label Security
- LBACSYS schema
-
- auditing policy, A.1
- listener, starting, B.3
- locked out accounts, solution for, B.1
- log files
-
- database process, 2.2
- logging on
-
- Oracle Database Vault
-
- Oracle Database Vault Owner account, 2.2
- reports, Core Database Audit Report, 9.3.8
- valid account and password required, 1.7.4
- LogMiner packages
-
- guidelines, F.3.5
- lsnrctl process, starting, B.3
M
- maintenance on Oracle Database Vault, B.1
- managing user accounts and profiles on own account, Can Maintain Own Accounts default rule set, 6.8
- managing user accounts and profiles, Can Maintain Accounts/Profiles default rule set, 6.8
- mapping identities, 4.4.2
- mixed-case identifiers
-
- preserving with functions
-
- command rules, E.1.4
- factors, E.1.2
- Oracle Label Security policies, E.1.6
- rule sets, E.1.3
- secure application roles, E.1.5
- monitoring
-
- activities, 10.1
N
- network protocol
-
- finding with DVF.F$NETWORK_PROTOCOL, D.2
- network protocol, Network_Protocol default factor, 4.8
- NOAUDIT statement
-
- monitoring, 10.1
- Non-Owner Object Trigger Report, 9.3.9.7
- nonsystem database accounts, 9.3.1.3
O
- O7_DICTIONARY_ACCESSIBILITY initialization parameter
-
- with realms, 3.8
- Object Access By PUBLIC Report, 9.3.1.1
- Object Access Not By PUBLIC Report, 9.3.1.2
- Object Dependencies Report, 9.3.1.4
- object owners
-
- nonexistent, 9.2.1.1
- reports
-
- Command Rule Configuration Issues Report, 9.2.1.1
- object privilege reports, 9.3.1
- objects
-
- auditing policies, A.1
- command rule objects
-
- name, 5.2
- owner, 5.2
- processing, 5.4
- restrictions, 5.2
- dynamic SQL use, 9.3.9.3
- monitoring, 10.1
- object names
-
- finding with DVSYS.DV_DICT_OBJ_NAME, D.3
- object owners
-
- finding with DVSYS.DV_DICT_OBJ_OWNER, D.3
- object privileges
-
- checking with DVSYS.DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function, E.3.2
- realms
-
- functions for registering, E.1.1
- object name, 3.4
- object owner, 3.4
- object type, 3.4
- reports
-
- Access to Sensitive Objects Report, 9.3.3.2
- Accounts with SYSDBA/SYSOPER Privilege Report, 9.3.3.4
- Direct Object Privileges Report, 9.3.1.3
- Execute Privileges to Strong SYS Packages Report, 9.3.3.1
- Non-Owner Object Trigger Report, 9.3.9.7
- Object Access By PUBLIC Report, 9.3.1.1
- Object Access Not By PUBLIC Report, 9.3.1.2
- Object Dependencies Report, 9.3.1.4
- Objects Dependent on Dynamic SQL Report, 9.3.9.3
- OS Directory Objects Report, 9.3.9.2
- privilege, 9.3.1
- Public Execute Privilege To SYS PL/SQL Procedures Report, 9.3.3.3
- sensitive, 9.3.3
- System Privileges By Privilege Report, 9.3.2.5
- types
-
- finding with DVSYS.DV_DICT_OBJ_TYPE, D.3
- views, DBA_DV_REALM_OBJECT, C.5
- See also database objects
- Objects Dependent on Dynamic SQL Report, 9.3.9.3
- OEM. See Oracle Enterprise Manager (OEM)
- OLS. See Oracle Label Security
- operating systems
-
- reports
-
- OS Directory Objects Report, 9.3.9.2
- OS Security Vulnerability Privileges Report, 9.3.5.11
- vulnerabilities, 9.3.5.11
- ora_name_list_t, concatenating with DVSYS.DBMS_MACUTL.GET_SQL_TEXT function, E.3.2
- Oracle Audit Vault
-
- AVSYS database account, C.4
- Oracle Data Guard
-
- command-line utilities, Oracle Database Vault effects on, 1.7.1
- Oracle Data Pump
-
- utilities, affected by Oracle Database Vault, 1.7.1
- Oracle Database Vault
-
- about, 1.1
- components, 1.2, 1.2.1
- disabling, B
- effect on other products, 1.7.1
- enabling, B
- error tracking, G
- frequently asked questions, 1.1
- integrating with other Oracle products, 8
- maintenance, B.1
- troubleshooting, G
- Oracle Database Vault Administrator
-
- logging on, 2.2
- session time setting, 2.1
- starting, 2.2
- time-out value, 2.1
- Oracle Database Vault Configuration Assistant (DVCA)
-
- about, 1.2.4
- running, B.4.1
- Oracle Database Vault Owner account
-
- example of logging on with, 2.2
- Oracle database.See databases
- Oracle Enterprise Manager
-
- DBSNMP account, 3.12
- default realm used for, 3.12
- performance tools, 3.14
- SYSMAN account, 3.12
- Oracle Enterprise User Security, integrating with Oracle Database Vault, 8.1
- Oracle Internet Directory Distinguished Name, Proxy_Enterprise_Identity default factor, 4.8
- Oracle Label Security
-
- audit events, custom, A.2
- checking if installed using DVSYS.DBMS_MACUTL functions, E.3.2
- database option, 1.2.6
- functions
-
- DVSYS.DBMS_MACADM (configuration), E.1.6
- DVSYS.DBMS_MACUTL (utility), E.3.1
- how Database Vault integrates with, 8.3.1
- initialization, command rules, 5.1
- integration with Oracle Database Vault
-
- example, 8.3.4
- Label Security Integration Audit Report, 9.2.2.4, 9.2.2.4
- procedure, 8.3.3
- requirements, 8.3.2
- labels
-
- about, 4.4.1
- determining with GET_FACTOR_LABEL, D.1.6
- invalid label identities, 9.2.1.4
- policies
-
- accounts that bypass, 9.3.5.3
- monitoring policy changes, 10.1
- nonexistent, 9.2.1.2
- Oracle Policy Manager, 1.2.6
- views
-
- DBA_DV_MAC_POLICY, C.5
- DBA_DV_MAC_POLICY_FACTOR, C.5
- DBA_DV_POLICY_LABEL, C.5
- See also LABACSYS account
- Oracle Policy Manager
-
- used with Oracle Label Security, 1.2.6
- Oracle Real Application Clusters (RAC)
-
- compatibility with Oracle Database Vault, 1.1
- enabling and disabling Oracle Database Vault, B.1
- multiple factor identities, 4.2
- svrctl utility, affected by Oracle Database Vault, 1.7.1
- Oracle Recovery Manager (RMAN)
-
- backup scripts, 8.4.2.1
- command line utility, affected by Oracle Database Vault, 1.7.1
- enabling SYSDBA for, 8.4
- password exposure, preventing, 8.4.2.2
- securing file permissions for, 8.4.2.1
- Oracle software owner, guidelines on managing, F.2.2
- Oracle Technology Network (OTN), Preface
- Oracle Virtual Private Database (VPD)
-
- accounts that bypass, 9.3.5.3
- GRANT EXECUTE privileges with Grant VPD Administration default rule set, 6.8
- orapwd password file utility, 1.7.4
- OS Directory Objects Report, 9.3.9.2
- OS Security Vulnerability Privileges Report, 9.3.5.11
- OS_AUTHENT_PREFIX initialization parameter, 1.7.2.1
- OS_ROLES initialization parameter, 1.7.2.1
P
- packages. See functions
- parameters
-
- modified after installation, 1.7.2
- reports
-
- Security Related Database Parameters Report, 9.3.6.1
- parent factors. See factors
- Password History Access Report, 9.3.5.6
- passwords
-
- forgotten, solution for, B.1
- reports, 9.3.7
-
- Database Account Default Password Report, 9.3.7.1
- Password History Access Report, 9.3.5.6
- Username/Password Tables Report, 9.3.9.5
- performance effect
-
- command rules, 5.8
- realms, 3.14
- reports
-
- Resource Profiles Report, 9.3.6.2
- System Resource Limits Report, 9.3.6.3
- rule sets, 6.10
- secure application roles, 7.7
- performance tools
-
- Database Control, realms, 3.14
- Oracle Enterprise Manager
-
- command rules, 5.8
- factors, 4.10
- realms, 3.14
- rule sets, 6.10
- secure application roles, 7.7
- Oracle Enterprise Manager Database Control
-
- command rules, 5.8
- factors, 4.10
- rule sets, 6.10
- secure application roles, 7.7
- STATSPACK
-
- command rules, 5.8
- factors, 4.10
- realms, 3.14
- rule sets, 6.10
- secure application roles, 7.7
- TKPROF
-
- command rules, 5.8
- factors, 4.10
- realms, 3.14
- rule sets, 6.10
- secure application roles, 7.7
- PL/SQL
-
- functions, D.1
- packages
-
- summarized, D.4
- unwrapped bodies, 9.3.9.4
- Unwrapped PL/SQL Package Bodies Report, 9.3.9.4
- procedures, D.1
- PL/SQL factor functions, D.2
- policy changes, monitoring, 10.1, 10.2
- port number
-
- finding, 2.2
- Oracle Database Vault, 2.2
- privileges
-
- ANY privileges, C.3.3
- auditing policies, A.1
- checking with DVSYS.DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function, E.3.2
- least privilege principle
-
- violations to, 9.3.9.1
- monitoring
-
- GRANT statement, 10.1
- REVOKE statement, 10.1
- Oracle Database Vault restricting, 1.7.3
- reports
-
- Accounts With DBA Roles Report, 9.3.5.2
- ALTER SYSTEM or ALTER SESSION Report, 9.3.5.5
- ANY System Privileges for Database Accounts Report, 9.3.2.4
- AUDIT Privileges Report, 9.3.5.10
- Database Accounts With Catalog Roles Report, 9.3.5.9
- Direct and Indirect System Privileges By Database Account Report, 9.3.2.2
- Direct System Privileges By Database Account Report, 9.3.2.1
- Hierarchical System Privileges By Database Account Report, 9.3.2.3
- listed, 9.3.4
- OS Directory Objects Report, 9.3.9.2
- Privileges Distribution By Grantee Report, 9.3.4.1
- Privileges Distribution By Grantee, Owner Report, 9.3.4.2
- Privileges Distribution By Grantee, Owner, Privilege Report, 9.3.4.3
- WITH ADMIN Privilege Grants Report, 9.3.5.1
- WITH GRANT Privileges Report, 9.3.5.7
- roles
-
- checking with DVSYS.DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function, E.3.2
- system
-
- checking with DVSYS.DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function, E.3.2
- views
-
- DBA_DV_PUB_PRIVS, C.5
- DBA_DV_USER_PRIVS, C.5
- DBA_DV_USER_PRIVS_ALL, C.5
- Privileges Distribution By Grantee Report, 9.3.4.1
- Privileges Distribution By Grantee, Owner Report, 9.3.4.2
- Privileges Distribution By Grantee, Owner, Privilege Report, 9.3.4.3
- privileges using external password, 9.3.3.4
- problems, diagnosing, G.1
- profiles, 9.3.6
- proxy users
-
- finding with DVF.F$PROXYUSER, D.2
- Public Execute Privilege To SYS PL/SQL Procedures Report, 9.3.3.3
Q
- quotas
-
- tablespace, 9.3.9.6
R
- RAC. See Oracle Real Application Clusters (RAC)
- Realm Audit Report, 9.2.2.1
- Realm Authorization Configuration Issues Report, 9.2.1.5
- realms
-
- about, 3.1
- audit events, custom, A.2
- authentication-related functions, E.1.1
- authorization
-
- how realm authorizations work, 3.9
- process flow, 3.9
- troubleshooting, G.2
- updating with DVSYS.DBMS_MACADM.UPDATE_REALM_AUTH, E.1.1
- authorizations
-
- grantee, 3.5
- rule set, 3.5
- creating, 3.2
- default realms, 3.12
- deleting, 3.7
- disabling, 3.6
- DV_REALM_OWNER role, C.3.6
- DV_REALM_RESOURCE role, C.3.7
- editing, 3.3
- effect on other Oracle Database Vault components, 3.11
- enabling, 3.6
- example, 3.10
- functions
-
- DVSYS.DBMS_MACADM (configuration), E.1.1, E.1.1
- DVSYS.DBMS_MACUTL (utility), E.3
- DVSYS.DBMS_MACUTL fields (constants), E.3.1
- guidelines, 3.13
- how realms work, 3.8
- Java stored procedures, 3.8
- mixed-case, setting with DVSYS.DBMS_MACADM.SET_PRESERVE_CASE, E.1.1
- object-related functions, E.1.1
- performance effect, 3.14
- process flow, 3.8
- realm authorizations
-
- about, 3.5
- realm secured objects
-
- deleting, 3.4
- editing, 3.4
- object name, 3.4
- object owner, 3.4
- object type, 3.4
- realm system authorizations
-
- creating, 3.5
- deleting, 3.5
- editing, 3.5
- realm-secured objects, 3.4
- reports, 3.15
- roles
-
- DV_REALM_OWNER, C.3.6
- DV_REALM_RESOURCE, C.3.7
- secured object, 9.2.1.5
- territory a realm protects, 3.4
- troubleshooting, G.2, G.3
- updating with DVSYS.DBMS_MACADM.UPDATE_REALM, E.1.1
- views
-
- DBA_DV_CODE, C.5
- DBA_DV_REALM, C.5
- DBA_DV_REALM_AUTH, C.5
- DBA_DV_REALM_OBJECT, C.5, C.5
- See also rule sets
- RECOVERY_CATALOG_OWNER role, 9.3.5.9
- recycle bin, guidelines on managing, F.3.2
- REMOTE_LOGIN_PASSWORDFILE initialization parameter, 1.7.2.1
- REMOTE_OS_AUTHENT initialization parameter, 1.7.2.1
- REMOTE_OS_ROLES initialization parameter, 1.7.2.1
- reporting menu
-
- report results page, 9.1.3
-
- parameter, 9.1.3
- reports
-
- about, 9.1.1
- Access to Sensitive Objects Report, 9.3.3.2
- Accounts With DBA Roles Report, 9.3.5.2
- Accounts with SYSDBA/SYSOPER Privilege Report, 9.3.3.4
- ALTER SYSTEM or ALTER SESSION Report, 9.3.5.5
- ANY System Privileges for Database Accounts Report, 9.3.2.4
- AUDIT Privileges Report, 9.3.5.10
- auditing, 9.2.2
- BECOME USER Report, 9.3.5.4
- categories of, 9.1.1
- Command Rule Audit Report, 9.2.2.2
- Command Rule Configuration Issues Report, 9.2.1.1
- Core Database Audit Report, 9.3.8
- Core Database Vault Audit Report, 9.2.2.5
- Database Account Default Password Report, 9.3.7.1
- Database Account Status Report, 9.3.7.2
- Database Accounts With Catalog Roles Report, 9.3.5.9
- Direct and Indirect System Privileges By Database Account Report, 9.3.2.2
- Direct Object Privileges Report, 9.3.1.3
- Direct System Privileges By Database Account Report, 9.3.2.1
- Execute Privileges to Strong SYS Packages Report, 9.3.3.1
- Factor Audit Report, 9.2.2.3
- Factor Configuration Issues Report, 9.2.1.2
- Factor Without Identities, 9.2.1.3
- general security, 9.3
- Hierarchical System Privileges by Database Account Report, 9.3.2.3
- Identity Configuration Issues Report, 9.2.1.4
- Java Policy Grants Report, 9.3.9.1
- Label Security Integration Audit Report, 9.2.2.4
- Non-Owner Object Trigger Report, 9.3.9.7
- Object Access By PUBLIC Report, 9.3.1.1
- Object Access Not By PUBLIC Report, 9.3.1.2
- Object Dependencies Report, 9.3.1.4
- Objects Dependent on Dynamic SQL Report, 9.3.9.3
- OS Directory Objects Report, 9.3.9.2
- OS Security Vulnerability Privileges, 9.3.5.11
- Password History Access Report, 9.3.5.6
- permissions for running, 9.1.2
- privilege management, 9.3.4
- Privileges Distribution By Grantee Report, 9.3.4.1
- Privileges Distribution By Grantee, Owner Report, 9.3.4.2
- Privileges Distribution By Grantee, Owner, Privilege Report, 9.3.4.3
- Public Execute Privilege To SYS PL/SQL Procedures Report, 9.3.3.3
- Realm Audit Report, 9.2.2.1
- Realm Authorization Configuration Issues Report, 9.2.1.5
- Resource Profiles Report, 9.3.6.2
- Roles/Accounts That Have a Given Role Report, 9.3.5.8
- Rule Set Configuration Issues Report, 9.2.1.6
- running, 9.1.3
- Secure Application Configuration Issues Report, 9.2.1.7
- Secure Application Role Audit Report, 9.2.2.6
- Security Policy Exemption Report, 9.3.5.3
- Security Related Database Parameters, 9.3.6.1
- security vulnerability, 9.3.9
- System Privileges By Privilege Report, 9.3.2.5
- System Resource Limits Report, 9.3.6.3
- Tablespace Quotas Report, 9.3.9.6
- Unwrapped PL/SQL Package Bodies Report, 9.3.9.4
- Username /Password Tables Report, 9.3.9.5
- WITH ADMIN Privileges Grants Report, 9.3.5.1
- WITH GRANT Privileges Report, 9.3.5.7
- required parameters page
-
- % wildcard, 9.1.3
- Resource Profiles Report, 9.3.6.2
- resources
-
- reports
-
- Resource Profiles Report, 9.3.6.2
- System Resource Limits Report, 9.3.6.3
- REVOKE statement
-
- monitoring, 10.1
- RMAN. See Oracle Recovery Manager (RMAN)
- roles
-
- catalog-based, 9.3.5.9
- Database Vault default roles, C.3
- privileges, checking with DVSYS.DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function, E.3.2
- role enablement in incomplete rule set, 9.2.1.7
- role-based system privileges, 9.3.2.3
- See also secure application roles
- Roles/Accounts That Have a Given Role Report, 9.3.5.8
- root access, guidelines on managing, F.2.1
- Rule Set Configuration Issues Report, 9.2.1.6
- rule sets
-
- about, 6.1
- adding existing rules, 6.4.2
- audit options, 6.2
- command rules
-
- disabled, 9.2.1.1
- how different from rule sets, 5.1
- selecting for, 5.2
- used with, 5.1
- CONNECT role configured incorrectly, solution for, B.1
- creating, 6.2
-
- rules in, 6.4.1
- default rule sets, 6.8
- deleting
-
- rule set, 6.5
- rules from, 6.4.1, 6.4.1
- disabled for
-
- factor assignment, 9.2.1.2
- realm authorization, 9.2.1.5
- editing
-
- rule sets, 6.3
- rules in, 6.4.1
- error options, 6.2
- evaluation of rules, 6.4
- evaluation options, 6.2
- event handlers, 6.2
- events firing, finding with DVSYS.DV_SYSEVENT, D.3
- examples, 6.7
- factors, selecting for, 4.2
- factors, used with, 4.1
- fail code, 6.2
- fail message, 6.2
- functions
-
- DVSYS.DBMS_MACADM (configuration), E.1.3, E.1.3
- DVSYS.DBMS_MACUTL (utility), E.3
- DVSYS.DBMS_MACUTL fields (constants), E.3.1
- PL/SQL functions for rule sets, D.3
- guidelines, 6.9
- how rule sets work, 6.6
- incomplete, 9.2.1.1
- naming, 6.2
- performance effect, 6.10
- process flow, 6.6
- reports, 6.11
- template creation, 6.2
- troubleshooting, G.2, G.3
- views
-
- DBA_DV_RULE, C.5
- DBA_DV_RULE_SET, C.5
- DBA_DV_RULE_SET_RULE, C.5
- See also command rules, factors, realms, rules, secure application roles
- rules
-
- about, 6.4
- creating, 6.4.1
- deleting from rule set, 6.4.1
- editing, 6.4.1
- existing rules, adding to rule set, 6.4.2
- removing from rule set, 6.4.1
- troubleshooting, G.2
- views
-
- DBA_DV_RULE, C.5
- DBA_DV_RULE_SET_RULE, C.5
- See also rule sets
S
- schemas
-
- DVF, C.2.2
- DVSYS, C.2.1
- Secure Application Configuration Issues Report, 9.2.1.7
- Secure Application Role Audit Report, 9.2.2.6
- secure application roles
-
- about, 7.1
- creating, 7.2
- deleting, 7.4
- DVSYS.DBMS_MACSEC_ROLES.SET_ROLE function, 7.2
- example, 7.6
- functionality, 7.5
- functions
-
- DVSYS.DBMS_MACADM (configuration), E.1.5, E.1.5
- DVSYS.DBMS_MACSEC_ROLES (configuration), E.2
- DVSYS.DBMS_MACSEC_ROLES package, E.2
- DVSYS.DBMS_MACUTL (utility), E.3, E.3.2
- DVSYS.DBMS_MACUTL fields (constants), E.3.1
- guidelines on managing, 7.3
- performance effect, 7.7
- reports, 7.8
-
- Rule Set Configuration Issues Report, 9.2.1.6
- troubleshooting, G.3
- troubleshooting with auditing report, 9.2.2.6
- views
-
- DBA_DV_ROLE, C.5
- See also roles, rule sets
- secure role applications
-
- audit event, custom, A.2
- security policies
-
- monitoring changes, 10.2
- security policies, Oracle Database Vault addressing, 1.5
- Security Policy Exemption Report, 9.3.5.3
- Security Related Database Parameters Report, 9.3.6.1
- security violations
-
- monitoring attempts, 10.3
- security vulnerabilities
-
- how Database Vault addresses, 1.6
- operating systems, 9.3.5.11
- reports, 9.3.9
-
- Security Related Database Parameters Report, 9.3.6.1
- root operating system directory, 9.3.9.2
- SELECT statement
-
- controlling with command rules, 5.1
- SELECT_CATALOG_ROLE role, 9.3.5.9
- sensitive objects reports, 9.3.3
- separation of duty concept
-
- command rules, 5.6
- database accounts, C.4
- database accounts, suggested, C.4
- database roles, 1.7.5
- Database Vault Account Manager role, C.4
- Oracle Database Vault enforcing, 1.1
- realms, 1.6
- restricting privileges, 1.7.3
- roles, C.3
- sessions
-
- audit events, custom, A.2
- DVSYS.DBMS_MACUTL fields, E.3.1
- finding session user with DVF.F$SESSION_USER, D.2
- retrieving information with functions, E.1.2
- SQL injection attacks, detecting with Object Dependent on Dynamic SQL Report, 9.3.9.3
- SQL text, finding with DVSYS.DV_SQL_TEXT, D.3
- SQL92_SECURITY initialization parameter, 1.7.2.1
- subfactors. See child factors under factors topic
- SYS schema
-
- command rules, 5.2
- SYSDBA access
-
- effect on other products by Oracle Database Vault, 1.7.1
- guidelines on managing, F.2.3
- password file authentication, 1.7.4
- SYSOPER access
-
- guidelines on managing, F.2.4
- password file authentication, 1.7.4
- system features
-
- disabling with Disabled rule set, 6.8
- enabling with Enabled rule set, 6.8
- system privileges
-
- checking with DVSYS.DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function, E.3.2
- reports
-
- System Privileges By Privileges Report, 9.3.2.5
- System Privileges By Privilege Report, 9.3.2.5
- System Resource Limits Report, 9.3.6.3
- system root access, guideline on managing, F.2.1
T
- tablespace quotas, 9.3.9.6
- Tablespace Quotas Report, 9.3.9.6
- templates, for rule sets, 6.2
- third party products, affected by Oracle Database Vault, B.1
- time data
-
- DVSYS.DBMS_MACUTL functions, E.3.2
- trace files
-
- about, G.1
- enabling, G.1
- Transparent Data Encryption, used with Oracle Database Vault, 8.2
- triggers
-
- different from object owner account, 9.3.9.7
- reports, Non-Owner Object Trigger Report, 9.3.9.7
- troubleshooting
-
- access security sessions, 9.2.2.5
- auditing reports, using, 9.2.2
- command rules, G.1
- events, G.1
- factors, G.2
- general diagnostic tips, G.2
- locked out accounts, B.1
- passwords, forgotten, B.1
- realms, G.2
- rule sets, G.2
- rules, G.2
- secure application roles, 9.2.2.6
- trust levels
-
- about, 4.4.1
- determining for identities with DVSYS.GET_TRUST_LEVEL_FOR_IDENTITY, D.1.4
- determining with DVSYS.GET_TRUST_LEVEL, D.1.3
- factor identity, 4.4.1
- factors, 4.4.1
- for factor and identity requested, D.1.4
- identities, 4.2
- of current session identity, D.1.3
- trusted users
-
- accounts and roles that should be limited, F.2
- default for Oracle Database Vault, F.1
- tutorial, 2.3
U
- Unwrapped PL/SQL Package Bodies Report, 9.3.9.4
- user names
-
- reports, Username/Password Tables Report, 9.3.9.5
- USER_HISTORY$ table, 9.3.5.6
- Username/Password Tables Report, 9.3.9.5
- users
-
- auditing policies, A.1
- enterprise identities, finding with DVF.F$PROXY_ENTERPRISE_IDENTITY, D.2
- enterprise-wide identities, finding with DVF.F$ENTERPRISE_IDENTITY, D.2
- finding proxy user with DVF.F$PROXYUSER, D.2
- finding session user with DVF.F$SESSION_USER, D.2
- login user name, finding with DVSYS.DV_LOGIN_USER, D.3
- utility functions. See DVSYS.DBMS_MACUTL package
- UTL_FILE object, 9.3.1.4
- UTL_FILE package, guidelines on managing, F.3.1
V
- views
-
- Oracle Database Vault-specific views, C.5
- See also names beginning with DBA_DV
- VPD. See Oracle Virtual Private Database (VPD)
W
- wildcard, %, 9.1.3
- WITH ADMIN Privileges Grants Report, 9.3.5.1
- WITH ADMIN status, 9.3.2.1, 9.3.2.2
- WITH GRANT clause, 9.3.5.7
- WITH GRANT Privileges Report, 9.3.5.7