Index
A B C D E F G H I J L M N O P Q R S T U V W
Symbols
- % wildcard, 16.3
A
- access control policy
-
- configuring with tools and components
-
- Oracle Label Security PL/SQL APIs, 1.2.6
- Oracle Policy Manager, 1.2.6
- reports
-
- Core Database Vault Audit Report, 16.4.2.5
- access control run-time PL/SQL procedures and functions, 14.1
- Access to Sensitive Objects Report, 16.5.3.2
- accounts
-
- See database accounts
- Accounts With DBA Roles Report, 16.5.5.2
- Accounts with SYSDBA/SYSOPER Privilege Report, 16.5.3.4
- ad hoc tools
-
- preventing use of, 7.8
- administrators
-
- restricting different types, 7.9
- ALTER DATABASE statement
-
- monitoring, 15.2
- ALTER ROLE statement
-
- monitoring, 15.3
- ALTER SESSION privilege
-
- reports, ALTER SYSTEM or ALTER SESSION Report, 16.5.5.5
- trace files, enabling, E.1
- ALTER SESSION statement
-
- guidelines on managing privileges, D.3.6
- ALTER SYSTEM or ALTER SESSION Report, 16.5.5.5
- ALTER SYSTEM privilege
-
- reports, ALTER SYSTEM or ALTER SESSION Report, 16.5.5.5
- ALTER SYSTEM statement
-
- controlling with command rules, 6.1
- guidelines on managing privileges, D.3.6
- ALTER TABLE statement
-
- monitoring, 15.2
- ALTER USER statement
-
- monitoring, 15.3
- ANY privileges, 10.2.6
- ANY System Privileges for Database Accounts Report, 16.5.2.4
- APIs
-
- See DVSYS.DBMS_MACADM package, DVSYS.DBMS_MACSEC_ROLES package, DVSYS.DBMS_MACUTL package
- audit policy change
-
- monitoring, 15.3
- AUDIT privilege, 16.5.5.10
- AUDIT Privileges Report, 16.5.5.10
- AUDIT_SYS_OPERATIONS initialization parameter, 2.1
- AUDIT_TRAIL initialization parameter
-
- effect on Core Database Audit Report, 16.5.8
- AUDIT_TRAIL$ system table
-
- affected by AUDIT_TRAIL initialization parameter, A.1.2
- archiving, A.2
- format, A.1.2
- purging, A.2
- auditing
-
- archiving Database Vault audit trail, A.2
- Core Database Audit Report, 16.5.8
- DVSYS.DBMS_MACUTL fields, 13.2.1
- factors
-
- options, 7.3
- intruders
-
- using factors, 7.3
- using rule sets, 5.3
- Oracle Database audit settings, A.3
- purging Database Vault audit trail, A.2
- realms
-
- DVSYS.DBMS_MACUTL fields, 13.2.1
- options, 4.3
- reports, 16.4.2
- rule sets
-
- DVSYS.DBMS_MACUTL fields, 13.2.1
- options, 5.3
- secure application roles
-
- audit records, 8.8
- troubleshooting, E.1
- views used to audit events, 10.4.1
- auditing policies
-
- about, A
- custom events
-
- about, A.1.1
- audit trail, A.1.2
- listing, A.1.1
- monitoring changes to, 15.3
- authentication
-
- Authentication_Method default factor, 7.2
- command rules, 6.1
- method, finding with DVF.F$AUTHENTICATION_METHOD, 14.2
- realm procedures, 11.2
- authorizations, realms, 4.6
B
- BECOME USER Report, 16.5.5.4
- BECOME USER system privilege
-
- about, 16.5.5.4
C
- catalog-based roles, 16.5.5.9
- child factors
-
- See factors
- clients
-
- finding IP address with DVF.F$CLIENT_IP, 14.2
- code groups
-
- retrieving value with DVSYS.DBMS_MACUTL functions, 13.3
- Command Rule Audit Report, 16.4.2.2
- Command Rule Configuration Issues Report, 16.4.1.1
- command rules
-
- about, 6.1
- creating, 6.4
- data dictionary view, 6.10
- default command rules, 6.2
- deleting, 6.5
- diagnosing behavior, E.1
- editing, 6.4
- functions
-
- DVSYS.DBMS_MACUTL (utility), 13.1
- guidelines, 6.8
- how command rules work, 6.6
- objects
-
- name, 6.4
- owner, 6.4
- performance effect, 6.9
- procedures
-
- DVSYS.DBMS_MACADM (configuration), 11.4
- process flow, 6.6
- reports, 6.10
- rule sets
-
- selecting, 6.4
- used with, 6.1
- troubleshooting
-
- general diagnostic advice, E.1
- with auditing report, 16.4.2.2
- tutoriale, 6.7
- views, 6.10, 10.4.2
- See also rule sets
- compliance
-
- Oracle Database Vault addressing, 1.3
- computer name
-
- finding with DVF.F$MACHINE, 14.2
- Machine default factor, 7.2
- configuration
-
- changes, monitoring, 15.3
- See also DVSYS.DBMS_MACADM package
- CONNECT events, controlling with command rules, 6.1
- core database
-
- troubleshooting with Core Database Vault Audit Report, 16.4.2.5
- Core Database Audit Report, 16.5.8
- Core Database Vault Audit Trail Report, 16.4.2.5
- CPU_PER_SESSION resource profile, 16.5.6.2
- CREATE ANY JOB privilege, D.3.3
- CREATE ANY JOB statement
-
- guidelines on managing privileges, D.3.3
- CREATE EXTERNAL JOB privilege, D.3.4
- CREATE JOB privilege, D.3.3
- CREATE JOB statement
-
- guidelines on managing privileges, D.3.3
- CREATE ROLE statement
-
- monitoring, 15.3
- CREATE TABLE statement
-
- monitoring, 15.2
- CREATE USER statement
-
- monitoring, 15.3
D
- data definition language (DDL)
-
- statement
-
- controlling with command rules, 6.1
- data dictionary
-
- adding DV_ACCTMGR role to realm, 3.2.1
- data manipulation language (DML)
-
- statement
-
- checking with DVSYS.DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED function, 13.3
- controlling with command rules, 6.1
- data Oracle Database Vault recognizes
-
- See factors
- Database Account Default Password Report, 16.5.7.1
- Database Account Status Report, 16.5.7.2
- database accounts
-
- counting privileges of, 16.5.4.1
- DBSNMP, 4.2
- DVSYS, 10.3
- LBACSYS, 10.3
- monitoring, 15.3
- reports
-
- Accounts With DBA Roles Report, 16.5.5.2
- ALTER SYSTEM or ALTER SESSION Report, 16.5.5.5
- ANY System Privileges for Database Accounts Report, 16.5.2.4
- AUDIT Privileges Report, 16.5.5.10
- BECOME USER Report, 16.5.5.4
- Database Account Default Password Report, 16.5.7.1
- Database Account Status Report, 16.5.7.2
- Database Accounts With Catalog Roles Report, 16.5.5.9
- Direct and Indirect System Privileges By Database Account Report, 16.5.2.2
- Direct Object Privileges Report, 16.5.1.3
- Direct System Privileges By Database Account Report, 16.5.2.1
- Hierarchical System Privileges by Database Account Report, 16.5.2.3
- Object Access By PUBLIC Report, 16.5.1.1
- Object Access Not By PUBLIC Report, 16.5.1.2
- OS Security Vulnerability Privileges, 16.5.5.11
- Password History Access Report, 16.5.5.6
- Privileges Distribution By Grantee Report, 16.5.4.1, 16.5.4.1, 16.5.4.1
- Privileges Distribution By Grantee, Owner Report, 16.5.4.2, 16.5.4.2
- Privileges Distribution By Grantee, Owner, Privilege Report, 16.5.4.3, 16.5.4.3
- Roles/Accounts That Have a Given Role Report, 16.5.5.8
- Security Policy Exemption Report, 16.5.5.3
- WITH ADMIN Privilege Grants Report, 16.5.5.1
- WITH GRANT Privileges Report, 16.5.5.7
- solution for lockouts, B.1
- suggested, 10.3
- SYSMAN, 4.2
- Database Accounts With Catalog Roles Report, 16.5.5.9
- database configuration
-
- monitoring changes, 15.2
- database definition language (DDL)
-
- statements
-
- controlling with command rules, 6.1
- database domains, Database_Domain default factor, 7.2
- database objects
-
- Oracle Database Vault, 10
- reports
-
- Object Dependencies Report, 16.5.1.4
- See also objects
- database options, installing, B.1
- database roles
-
- about, 10.2.1
- counting privileges of, 16.5.4.1
- default Oracle Database Vault, 10.2.1
- DV_ACCTMGR
-
- about, 10.2.6
- adding to Data Dictionary realm, 3.2.1
- DV_ADMIN, 10.2.5
- DV_OWNER, 10.2.2
- DV_PUBLIC, 10.2.7
- DV_REALM_OWNER, 10.2.3
- DV_REALM_RESOURCE, 10.2.4
- DV_SECANALYST, 10.2.8
- enabled, determining with DVSYS.ROLE_IS_ENABLED, 14.1.5
- monitoring, 15.3
- Oracle Database Vault, default, 10.2.1
- reports
-
- Accounts With DBA Roles Report, 16.5.5.2
- ALTER SYSTEM or ALTER SESSION Report, 16.5.5.5
- AUDIT Privileges Report, 16.5.5.10
- BECOME USER Report, 16.5.5.4
- Database Accounts With Catalog Roles Report, 16.5.5.9
- OS Security Vulnerability Privileges, 16.5.5.11
- Privileges Distribution By Grantee Report, 16.5.4.1
- Roles/Accounts That Have a Given Role Report, 16.5.5.8
- Security Policy Exemption Report, 16.5.5.3
- WITH ADMIN Privilege Grants Report, 16.5.5.1
- separation of duty enforcement, 2.3
- database schemas
-
- grouped
-
- See realms
- database sessions, 7.3
-
- controlling with Allow Sessions default rule set, 5.2
- factor evaluation, 7.7.1
- session user name, Proxy_User default factor, 7.2
- Database Vault
-
- See Oracle Database Vault
- databases
-
- dbconsole
-
- checking process, 3.1
- starting process, 3.1
- defined with factors, 7.1
- domain, Domain default factor, 7.2
- event monitoring, E.1
- host names, Database_Hostname default factor, 7.2
- instance, retrieving information with functions, 11.5
- instances
-
- Database_Instance default factor, 7.2
- names, finding with DVF.F$DATABASE_INSTANCE, 14.2
- number, finding with DVSYS.DV_INSTANCE_NUM, 14.3
- IP addresses
-
- Database_IP default factor, 7.2
- retrieving with DVF.F$DATABASE_IP, 14.2
- listener, starting, B.4
- log file location, 3.1
- monitoring events, E.1
- names
-
- Database_Name default factor, 7.2
- retrieving with DVF.F$DATABASE_NAME, 14.2
- retrieving with DVSYS.DV_DATABASE_NAME, 14.3
- parameters
-
- Security Related Database Parameters Report, 16.5.6.1
- roles that do not exist, 16.4.1.7
- schema creation, finding with DVF.F$IDENTIFICATION_TYPE, 14.2
- schema creation, Identification_Type default factor, 7.2
- structural changes, monitoring, 15.2
- user name, Session_User default factor, 7.2
- DBA_DV_CODE view, 10.4.1
- DBA_DV_COMMAND_RULE view, 6.10, 10.4.2
- DBA_DV_FACTOR view, 10.4.3
- DBA_DV_FACTOR_LINK view, 10.4.4
- DBA_DV_FACTOR_TYPE view, 10.4.5
- DBA_DV_IDENTITY view, 10.4.6
- DBA_DV_IDENTITY_MAP view, 10.4.7
- DBA_DV_MAC_POLICY view, 10.4.8
- DBA_DV_MAC_POLICY_FACTOR view, 10.4.9
- DBA_DV_POLICY_LABEL view, 10.4.10
- DBA_DV_PUB_PRIVS view, 10.4.11
- DBA_DV_REALM view, 10.4.12
- DBA_DV_REALM_AUTH view, 10.4.13
- DBA_DV_REALM_OBJECT view, 10.4.14
- DBA_DV_ROLE view, 10.4.15
- DBA_DV_RULE view, 10.4.16
- DBA_DV_RULE_SET view, 10.4.17
- DBA_DV_RULE_SET_RULE view, 10.4.18
- DBA_DV_USER_PRIVS view, 10.4.19
- DBA_DV_USER_PRIVS_ALL view, 10.4.20
- dbconsole process
-
- checking status, 3.1
- starting, 3.1
- DBMS_FILE_TRANSFER package, guidelines on managing, D.3.1
- DELETE_CATALOG_ROLE role, 16.5.5.9
- Denial of Service (DoS) attacks
-
- reports
-
- System Resource Limits Report, 16.5.6.3
- Tablespace Quotas Report, 16.5.9.6
- Direct and Indirect System Privileges By Database Account Report, 16.5.2.2
- Direct Object Privileges Report, 16.5.1.3
- direct system privileges, 16.5.2.3
- Direct System Privileges By Database Account Report, 16.5.2.1
- disabling system features with Disabled default rule set, 5.2
- domains
-
- defined with factors, 7.1
- finding database domain with DVF.F$DATABASE_DOMAIN, 14.2
- finding with DVF.F$DOMAIN, 14.2
- DROP ROLE statement
-
- monitoring, 15.3
- DROP TABLE statement
-
- monitoring, 15.2
- DROP USER statement
-
- monitoring, 15.3
- DV_ACCTMGR role
-
- about, 10.2.6
- adding to Data Dictionary realm, 3.2.1
- DV_ADMIN role, 10.2.5
- DV_OWNER role, 10.2.2
- DV_PUBLIC role, 10.2.7
- DV_REALM_OWNER role, 10.2.3
- DV_REALM_RESOURCE role, 10.2.4
- DV_SECANALYST role, 10.2.8
- DVA
-
- See Oracle Database Vault Administrator
- DVCA
-
- See Oracle Database Vault Configuration Assistant
- DVF account
-
- auditing policy, A.3
- database accounts
-
- DVF, 10.3
- DVF schema, 14.2
-
- about, 10.1.2
- auditing policy, A.3
- DVSYS account, 10.3
-
- auditing policy, A.3
- DVSYS schema
-
- about, 10.1.1
- auditing policy, A.3
- command rules, 6.4
- DV_OWNER role, 10.2.2
- factor validation methods, 7.3
- DVSYS.DBMS_MACADM package
-
- about, 11.1
- command rule procedures, listed, 11.4
- factor procedures, listed, 11.5
- Oracle Label Security policy procedures, listed, 11.7
- realm procedures, listed, 11.2
- rule set procedures, listed, 11.3
- secure application role procedures, listed, 11.6
- DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM procedure, 11.2.1, 11.2.2, 11.2.3, 11.2.4
- DVSYS.DBMS_MACADM.ADD_FACTOR_LINK procedure, 11.5.1
- DVSYS.DBMS_MACADM.ADD_OBJECT_TO_REALM procedure, 11.2.5
- DVSYS.DBMS_MACADM.ADD_POLICY_FACTOR procedure, 11.5.2
- DVSYS.DBMS_MACADM.ADD_RULE_TO_RULE_SET procedure, 11.3.1, 11.3.2, 11.3.3
- DVSYS.DBMS_MACADM.CHANGE_IDENTITY_FACTOR procedure, 11.5.3
- DVSYS.DBMS_MACADM.CHANGE_IDENTITY_VALUE procedure, 11.5.4
- DVSYS.DBMS_MACADM.CREATE_COMMAND_RULE procedure, 11.4.1
- DVSYS.DBMS_MACADM.CREATE_DOMAIN_IDENTITY procedure, 11.5.5
- DVSYS.DBMS_MACADM.CREATE_FACTOR procedure, 11.5.6
- DVSYS.DBMS_MACADM.CREATE_FACTOR_TYPE procedure, 11.5.7
- DVSYS.DBMS_MACADM.CREATE_IDENTITY procedure, 11.5.8
- DVSYS.DBMS_MACADM.CREATE_IDENTITY_MAP procedure, 11.5.9
- DVSYS.DBMS_MACADM.CREATE_MAC_POLICY procedure, 11.7.1
- DVSYS.DBMS_MACADM.CREATE_POLICY_LABEL procedure, 11.7.2
- DVSYS.DBMS_MACADM.CREATE_REALM procedure, 11.2.6
- DVSYS.DBMS_MACADM.CREATE_ROLE procedure, 11.6.1
- DVSYS.DBMS_MACADM.CREATE_RULE procedure, 11.3.4
- DVSYS.DBMS_MACADM.CREATE_RULE_SET procedure, 11.3.5
- DVSYS.DBMS_MACADM.DELETE_AUTH_FROM_REALM procedure, 11.2.7
- DVSYS.DBMS_MACADM.DELETE_COMMAND_RULE procedure, 11.4.2
- DVSYS.DBMS_MACADM.DELETE_FACTOR procedure, 11.5.10
- DVSYS.DBMS_MACADM.DELETE_FACTOR_LINK procedure, 11.5.11
- DVSYS.DBMS_MACADM.DELETE_FACTOR_TYPE procedure, 11.5.12
- DVSYS.DBMS_MACADM.DELETE_IDENTITY procedure, 11.5.13
- DVSYS.DBMS_MACADM.DELETE_IDENTITY_MAP procedure, 11.5.14
- DVSYS.DBMS_MACADM.DELETE_MAC_POLICY_CASCADE procedure, 11.7.3
- DVSYS.DBMS_MACADM.DELETE_OBJECT_FROM_REALM procedure, 11.2.8
- DVSYS.DBMS_MACADM.DELETE_POLICY_FACTOR procedure, 11.7.4
- DVSYS.DBMS_MACADM.DELETE_POLICY_LABEL procedure, 11.7.5
- DVSYS.DBMS_MACADM.DELETE_REALM procedure, 11.2.9
- DVSYS.DBMS_MACADM.DELETE_REALM_CASCADE procedure, 11.2.10
- DVSYS.DBMS_MACADM.DELETE_ROLE procedure, 11.6.2
- DVSYS.DBMS_MACADM.DELETE_RULE procedure, 11.3.6
- DVSYS.DBMS_MACADM.DELETE_RULE_FROM_RULE_SET procedure, 11.3.7
- DVSYS.DBMS_MACADM.DELETE_RULE_SET procedure, 11.3.8
- DVSYS.DBMS_MACADM.DROP_DOMAIN_IDENTITY procedure, 11.5.15
- DVSYS.DBMS_MACADM.GET_INSTANCE_INFO function, 11.5.16
- DVSYS.DBMS_MACADM.GET_SESSION_INFO function, 11.5.17
- DVSYS.DBMS_MACADM.RENAME_FACTOR procedure, 11.5.18
- DVSYS.DBMS_MACADM.RENAME_FACTOR_TYPE procedure, 11.5.19
- DVSYS.DBMS_MACADM.RENAME_REALM procedure, 11.2.11
- DVSYS.DBMS_MACADM.RENAME_ROLE procedure, 11.6.3
- DVSYS.DBMS_MACADM.RENAME_RULE procedure, 11.3.9
- DVSYS.DBMS_MACADM.RENAME_RULE_SET procedure, 11.3.10
- DVSYS.DBMS_MACADM.SYNC_RULES procedure, 11.3.11
- DVSYS.DBMS_MACADM.UPDATE_COMMAND_RULE procedure, 11.4.3
- DVSYS.DBMS_MACADM.UPDATE_FACTOR procedure, 11.5.20
- DVSYS.DBMS_MACADM.UPDATE_FACTOR_TYPE procedure, 11.5.21
- DVSYS.DBMS_MACADM.UPDATE_IDENTITY procedure, 11.5.22
- DVSYS.DBMS_MACADM.UPDATE_MAC_POLICY procedure, 11.7.6
- DVSYS.DBMS_MACADM.UPDATE_REALM procedure, 11.2.12
- DVSYS.DBMS_MACADM.UPDATE_REALM_AUTH procedure, 11.2.13
- DVSYS.DBMS_MACADM.UPDATE_ROLE procedure, 11.6.4
- DVSYS.DBMS_MACADM.UPDATE_RULE procedure, 11.3.12
- DVSYS.DBMS_MACADM.UPDATE_RULE_SET procedure, 11.3.13
- DVSYS.DBMS_MACSEC_ROLES package
-
- about, 12.1
- functions, listed, 12.1
- DVSYS.DBMS_MACSEC_ROLES.CAN_SET_ROLE function, 12.2
- DVSYS.DBMS_MACSEC_ROLES.SET_ROLE procedure, 12.3
- DVSYS.DBMS_MACUTL package
-
- about, 13.1
- constants (fields)
-
- examples, 13.2.2
- listed, 13.2.1
- procedures and functions, listed, 13.3
- DVSYS.DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED procedure, 13.3.1
- DVSYS.DBMS_MACUTL.GET_CODE_VALUE function, 13.3.2
- DVSYS.DBMS_MACUTL.GET_DAY function, 13.3.6
- DVSYS.DBMS_MACUTL.GET_HOUR function, 13.3.5
- DVSYS.DBMS_MACUTL.GET_MINUTE function, 13.3.4
- DVSYS.DBMS_MACUTL.GET_MONTH function, 13.3.7
- DVSYS.DBMS_MACUTL.GET_SECOND function, 13.3.3
- DVSYS.DBMS_MACUTL.GET_SQL_TEXT function, 13.3.9
- DVSYS.DBMS_MACUTL.GET_YEAR function, 13.3.8
- DVSYS.DBMS_MACUTL.IS_ALPHA function, 13.3.10
- DVSYS.DBMS_MACUTL.IS_DIGIT function, 13.3.11
- DVSYS.DBMS_MACUTL.IS_DVSYS_OWNER function, 13.3.12
- DVSYS.DBMS_MACUTL.IS_OLS_INSTALLED function, 13.3.13
- DVSYS.DBMS_MACUTL.IS_OLS_INSTALLED_VARCHAR function, 13.3.14
- DVSYS.DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function, 13.3.15
- DVSYS.DBMS_MACUTL.USER_HAS_ROLE function, 13.3.16
- DVSYS.DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function, 13.3.17
- DVSYS.DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function, 13.3.18
E
- e-mail alert in rule set, 5.8
- enabling system features with Enabled default rule set, 5.2
- encrypted information, 16.5.9.5
- enterprise identities, Enterprise_Identity default factor, 7.2
- Enterprise Manager
-
- See Oracle Enterprise Manager
- errors
-
- factor error options, 7.3
- rule set error options, 5.3
- event handler
-
- rule sets, 5.3
- examples
-
- DVSYS.DBMS_MACUTL constants, 13.2.2
- realms, 4.11
- See also tutorials
- EXECUTE ANY PROCEDURE privilege, securing for external C callouts, D.3.8.1
- EXECUTE ANY PROCEDURE privilege, securing for Java stored procedures, D.3.7.1
- Execute Privileges to Strong SYS Packages Report, 16.5.3.1
- EXECUTE_CATALOG_ROLE role, 16.5.5.9
- EXEMPT ACCESS POLICY system privilege, 16.5.5.3
- external C callouts
-
- EXECUTE ANY PROCEDURE privilege, D.3.8.1
- security considerations, D.3.8
- external network services, fine-grained access to
-
- example using e-mail alert, 5.8
F
- Factor Audit Report, 16.4.2.3
- Factor Configuration Issues Report, 16.4.1.2
- Factor Without Identities Report, 16.4.1.3
- factors
-
- about, 7.1
- assignment, 7.3
-
- disabled rule set, 16.4.1.2
- incomplete rule set, 16.4.1.2
- validate, 7.3
- assignment operation, 16.4.2.3
- audit events, custom, A.1.1
- audit options, 7.3
- child factors
-
- about, 7.3
- Factor Configuration Issues Report, 16.4.1.2
- mapping, 7.5.3, 7.5.3
- creating, 7.3
- data dictionary views, 7.12
- default factors, 7.2
- deleting, 7.6
- domain, finding with DVF.F$DOMAIN, 14.2
- DVSYS.DBMS_MACUTL constants, example of, 13.2.2
- editing, 7.4
- error options, 7.3
- evaluate, 7.3
- evaluation operation, 16.4.2.3
- factor type
-
- about, 7.3
- selecting, 7.3
- factor-identity pair mapping, 7.5.3
- functionality, 7.7
- functions
-
- DVSYS.DBMS_MACUTL (utility), 13.1
- DVSYS.DBMS_MACUTL constants (fields), 13.2.1
- guidelines, 7.10
- identifying using child factors, 7.5.3
- identities
-
- about, 7.3, 7.5.1
- adding to factor, 7.5
- assigning, 7.3
- configuring, 7.5.2
- creating, 7.5.2
- data dictionary views, 7.12
- database session, 7.3
- deleting, 7.5.2
- determining with DVSYS.GET_FACTOR, 7.3
- editing, 7.5.2
- enterprise-wide users, 14.2
- how factor identities work, 7.3
- labels, 7.3, 7.5.2
- mapping, about, 7.5.3
- mapping, identified, 7.3
- mapping, procedure, 7.5.3
- mapping, tutorial, 7.9
- Oracle Label Security labels, 7.3
- reports, 7.12
- resolving, 7.3
- retrieval methods, 7.3
- setting dynamically, 14.1.1
- trust levels, 7.3, 7.5.2
- with Oracle Label Security, 7.3
- initialization, command rules, 6.1
- invalid audit options, 16.4.1.2
- label, 16.4.1.2
- naming, 7.3
- Oracle Virtual Private Database, attaching factors to, 9.3
- parent factors, 7.3
- performance effect, 7.11
- procedures
-
- DVSYS.DBMS_MACADM (configuration), 11.5
- process flow, 7.7
- reports, 7.12
- retrieving, 7.7.2
- retrieving with DVSYS.GET_FACTOR, 14.1.2
- rule sets
-
- selecting, 7.3
- used with, 7.1
- setting, 7.7.3
- setting with DVSYS.SET_FACTOR, 14.1.1
- troubleshooting
-
- auditing report, 16.4.2.3
- configuration problems, E.3
- tips, E.2
- type (category of factor), 7.3
- validating, 7.3
- values (identities), 7.1
- views
-
- DBA_DV_CODE, 10.4.1
- DBA_DV_FACTOR_LINK, 10.4.4
- DBA_DV_FACTOR_TYPE, 10.4.5
- DBA_DV_IDENTITY, 10.4.6
- DBA_DV_IDENTITY_MAP, 10.4.7
- DBA_DV_MAC_POLICY_FACTOR, 10.4.9
- ways to assign, 7.3
- See also rule sets
- functions
-
- command rules
-
- DVSYS.DBMS_MACUTL (utility), 13.1
- DVSYS schema enabling, 14.1
- factors
-
- DVSYS.DBMS_MACUTL (utility), 13.1
- Oracle Label Security policy
-
- DVSYS.DBMS_MACADM (configuration), 11.7
- realms
-
- DVSYS.DBMS_MACUTL (utility), 13.1
- rule sets
-
- DVSYS.DBMS_MACADM (configuration), 11.3
- DVSYS.DBMS_MACUTL (utility), 13.1
- PL/SQL functions for inspecting SQL, 14.3
- secure application roles
-
- DVSYS.DBMS_MACADM (configuration), 11.6
- DVSYS.DBMS_MACSEC_ROLES (configuration), 12.1
- DVSYS.DBMS_MACUTL (utility), 13.1
G
- general security reports, 16.5
- GRANT statement
-
- monitoring, 15.3
- guidelines
-
- ALTER SESSION privilege, D.3.6
- ALTER SYSTEM privilege, D.3.6
- command rules, 6.8
- CREATE ANY JOB privilege, D.3.3
- CREATE EXTERNAL JOB privilege, D.3.4
- CREATE JOB privilege, D.3.3
- DBMS_FILE_TRANSFER package, D.3.1
- factors, 7.10
- general security, D
- Java stored procedures, D.3.7
- LogMiner packages, D.3.5
- Oracle software owner, D.2.2
- performance effect, 7.11
- realms, 4.13
- recycle bin, D.3.2
- root user access, D.2.1
- rule sets, 5.9
- secure application roles, 8.3
- SELECT_CATALOG_ROLE role, D.3.2
- SYSDBA access, D.2.3
- SYSOPER access, D.2.4
- trusted accounts and roles, D.1
- UTL_FILE package, D.3.1
H
- hackers
-
- See security attacks
- Hierarchical System Privileges by Database Account Report, 16.5.2.3
- host names
-
- finding with DVF.F$DATABASE_HOSTNAME, 14.2
I
- identities
-
- See factors, identities
- Identity Configuration Issues Report, 16.4.1.4
- IDLE_TIME resource profile, 16.5.6.2
- incomplete rule set, 16.4.1.2
-
- role enablement, 16.4.1.7
- initialization parameters
-
- Allow System Parameters default rule set, 5.2
- modified after installation, 2.1
- modified by Oracle Database Vault, 2.1
- reports, 16.5.6
- insider threats
-
- See intruders
- installation
-
- Oracle Database Vault, registering, C.1
- installations
-
- security considerations, D.3
- intruders
-
- See security attacks
- IP addresses
-
- Client_IP default factor, 7.2
- defined with factors, 7.1
J
- Java Policy Grants Report, 16.5.9.1
- Java stored procedures
-
- EXECUTE ANY PROCEDURE privilege, D.3.7.1
- guidelines on managing, D.3.7
- realm protections, 4.9
L
- Label Security Integration Audit Report, 16.4.2.4
- labels
-
- about, 7.5.2
- See also Oracle Label Security
- languages
-
- finding with DVF.F$LANG, 14.2
- finding with DVF.F$LANGUAGE, 14.2
- name
-
- Lang default factor, 7.2
- Language default factor, 7.2
- languages, adding to Database Vault, C.5
- LBACSYS account
-
- about, 10.3
- auditing policy, A.3
- factor integration with OLS policy requirement, 9.4.3
- See also Oracle Label Security
- LBACSYS schema
-
- auditing policy, A.3
- listener, starting, B.4
- locked out accounts, solution for, B.1
- log files
-
- Database Vault log files, A.1.2
- location for Oracle Database logs, 3.1
- logging on
-
- Oracle Database Vault
-
- Oracle Database Vault Owner account, 3.1
- reports, Core Database Audit Report, 16.5.8
- LogMiner packages
-
- guidelines, D.3.5
- lsnrctl process, starting, B.4
M
- maintenance on Oracle Database Vault, B.1
- managing user accounts and profiles on own account, Can Maintain Own Accounts default rule set, 5.2
- managing user accounts and profiles, Can Maintain Accounts/Profiles default rule set, 5.2
- mapping identities, 7.5.3
- monitoring
-
- activities, 15
N
- nested rules, 5.7.2
- network protocol
-
- finding with DVF.F$NETWORK_PROTOCOL, 14.2
- network protocol, Network_Protocol default factor, 7.2
- NOAUDIT statement
-
- monitoring, 15.3
- Non-Owner Object Trigger Report, 16.5.9.7
- nonsystem database accounts, 16.5.1.3
O
- Object Access By PUBLIC Report, 16.5.1.1
- Object Access Not By PUBLIC Report, 16.5.1.2
- Object Dependencies Report, 16.5.1.4
- object owners
-
- nonexistent, 16.4.1.1
- reports
-
- Command Rule Configuration Issues Report, 16.4.1.1
- object privilege reports, 16.5.1
- objects
-
- command rule objects
-
- name, 6.4
- owner, 6.4
- processing, 6.6
- dynamic SQL use, 16.5.9.3
- monitoring, 15.3
- object names
-
- finding with DVSYS.DV_DICT_OBJ_NAME, 14.3
- object owners
-
- finding with DVSYS.DV_DICT_OBJ_OWNER, 14.3
- object privileges
-
- checking with DVSYS.DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function, 13.3
- realms
-
- object name, 4.5
- object owner, 4.5
- object type, 4.5
- procedures for registering, 11.2
- reports
-
- Access to Sensitive Objects Report, 16.5.3.2
- Accounts with SYSDBA/SYSOPER Privilege Report, 16.5.3.4
- Direct Object Privileges Report, 16.5.1.3
- Execute Privileges to Strong SYS Packages Report, 16.5.3.1
- Non-Owner Object Trigger Report, 16.5.9.7
- Object Access By PUBLIC Report, 16.5.1.1
- Object Access Not By PUBLIC Report, 16.5.1.2
- Object Dependencies Report, 16.5.1.4
- Objects Dependent on Dynamic SQL Report, 16.5.9.3
- OS Directory Objects Report, 16.5.9.2
- privilege, 16.5.1
- Public Execute Privilege To SYS PL/SQL Procedures Report, 16.5.3.3
- sensitive, 16.5.3
- System Privileges By Privilege Report, 16.5.2.5
- types
-
- finding with DVSYS.DV_DICT_OBJ_TYPE, 14.3
- views, DBA_DV_REALM_OBJECT, 10.4.14
- See also database objects
- Objects Dependent on Dynamic SQL Report, 16.5.9.3
- OEM
-
- See Oracle Enterprise Manager (OEM)
- OLS
-
- See Oracle Label Security
- operating systems
-
- reports
-
- OS Directory Objects Report, 16.5.9.2
- OS Security Vulnerability Privileges Report, 16.5.5.11
- vulnerabilities, 16.5.5.11
- ora_name_list_t, concatenating with DVSYS.DBMS_MACUTL.GET_SQL_TEXT function, 13.3
- Oracle database
-
- See databases
- Oracle Database Vault
-
- about, 1.1
- components, 1.2, 1.2.1
- disabling
-
- checking if disabled, B.2
- procedures for, B
- reasons for, B.1
- enabling
-
- checking if enabled, B.2
- procedures for, B
- frequently asked questions, 1.1
- integrating with other Oracle products, 9
- maintenance, B.1
- Oracle Database installation, affect on, 2
- registering, C.1
- Oracle Database Vault Administrator
-
- starting, 3.1
- Oracle Database Vault Administrator (DVA)
-
- deploying manually, C.2
- logging on, 3.1
- time-out value, C.3
- Oracle Database Vault Configuration Assistant (DVCA)
-
- about, 1.2.3
- configuring Database Vault on RAC nodes, C.4
- languages, adding to Database Vault, C.5
- Oracle Database Vault Owner account
-
- example of logging on with, 3.1
- Oracle Enterprise Manager
-
- DBSNMP account, 4.2
- default realm used for, 4.2
- performance tools, 4.14
- SYSMAN account, 4.2
- Oracle Enterprise User Security, integrating with Oracle Database Vault, 9.1
- Oracle Internet Directory Distinguished Name, Proxy_Enterprise_Identity default factor, 7.2
- Oracle Label Security (OLS)
-
- audit events, custom, A.1.1
- checking if installed using DVSYS.DBMS_MACUTL functions, 13.3
- data dictionary views, 9.4.5
- database option, 1.2.6
- functions
-
- DVSYS.DBMS_MACUTL (utility), 13.2.1
- how Database Vault integrates with, 9.4.1
- initialization, command rules, 6.1
- integration with Oracle Database Vault
-
- example, 9.4.4
- Label Security Integration Audit Report, 16.4.2.4, 16.4.2.4
- procedure, 9.4.3
- requirements, 9.4.2
- labels
-
- about, 7.5.2
- determining with GET_FACTOR_LABEL, 14.1.6
- invalid label identities, 16.4.1.4
- policies
-
- accounts that bypass, 16.5.5.3
- monitoring policy changes, 15.3
- nonexistent, 16.4.1.2
- Oracle Policy Manager, 1.2.6
- procedures
-
- DVSYS.DBMS_MACADM (configuration), 11.7
- reports, 9.4.5
- views
-
- DBA_DV_MAC_POLICY, 10.4.8
- DBA_DV_MAC_POLICY_FACTOR, 10.4.9
- DBA_DV_POLICY_LABEL, 10.4.10
- See also LBACSYS account
- Oracle Policy Manager
-
- used with Oracle Label Security, 1.2.6
- Oracle Real Application Clusters
-
- compatibility with Oracle Database Vault, 1.1
- configuring Database Vault on RAC nodes, C.4
- multiple factor identities, 7.3
- Oracle software owner, guidelines on managing, D.2.2
- Oracle Technology Network (OTN), Preface
- Oracle Virtual Private Database (VPD)
-
- accounts that bypass, 16.5.5.3
- factors, attaching to, 9.3
- GRANT EXECUTE privileges with Grant VPD Administration default rule set, 5.2
- OS Directory Objects Report, 16.5.9.2
- OS Security Vulnerability Privileges Report, 16.5.5.11
- OS_AUTHENT_PREFIX initialization parameter, 2.1
- OS_ROLES initialization parameter, 2.1
P
- parameters
-
- modified after installation, 2.1
- reports
-
- Security Related Database Parameters Report, 16.5.6.1
- parent factors
-
- See factors
- Password History Access Report, 16.5.5.6
- passwords
-
- forgotten, solution for, B.1
- reports, 16.5.7
-
- Database Account Default Password Report, 16.5.7.1
- Password History Access Report, 16.5.5.6
- Username/Password Tables Report, 16.5.9.5
- patches
-
- security consideration, D.3
- performance
-
- rule sets, order of rule run, 5.7.2
- performance effect
-
- command rules, 6.9
- realms, 4.14
- reports
-
- Resource Profiles Report, 16.5.6.2
- System Resource Limits Report, 16.5.6.3
- rule sets, 5.10
- secure application roles, 8.7
- performance tools
-
- Database Control, realms, 4.14
- Oracle Enterprise Manager
-
- command rules, 6.9
- factors, 7.11
- realms, 4.14
- rule sets, 5.10
- secure application roles, 8.7
- Oracle Enterprise Manager Database Control
-
- command rules, 6.9
- factors, 7.11
- rule sets, 5.10
- secure application roles, 8.7
- STATSPACK utility
-
- command rules, 6.9
- factors, 7.11
- realms, 4.14
- rule sets, 5.10
- secure application roles, 8.7
- TKPROF utility
-
- command rules, 6.9
- factors, 7.11
- realms, 4.14
- rule sets, 5.10
- secure application roles, 8.7
- PL/SQL
-
- packages
-
- summarized, 14.4
- unwrapped bodies, 16.5.9.4
- Unwrapped PL/SQL Package Bodies Report, 16.5.9.4
- PL/SQL factor functions, 14.2
- policy changes, monitoring, 15.3, 15.4
- port number
-
- finding, 3.1
- Oracle Database Vault, 3.1
- privileges
-
- ANY privileges, 10.2.6
- checking with DVSYS.DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function, 13.3
- existing users and roles, Database Vault affect on, 2.4
- least privilege principle
-
- violations to, 16.5.9.1
- monitoring
-
- GRANT statement, 15.3
- REVOKE statement, 15.3
- Oracle Database Vault restricting, 2.2
- reports
-
- Accounts With DBA Roles Report, 16.5.5.2
- ALTER SYSTEM or ALTER SESSION Report, 16.5.5.5
- ANY System Privileges for Database Accounts Report, 16.5.2.4
- AUDIT Privileges Report, 16.5.5.10
- Database Accounts With Catalog Roles Report, 16.5.5.9
- Direct and Indirect System Privileges By Database Account Report, 16.5.2.2
- Direct System Privileges By Database Account Report, 16.5.2.1
- Hierarchical System Privileges By Database Account Report, 16.5.2.3
- listed, 16.5.4
- OS Directory Objects Report, 16.5.9.2
- Privileges Distribution By Grantee Report, 16.5.4.1
- Privileges Distribution By Grantee, Owner Report, 16.5.4.2
- Privileges Distribution By Grantee, Owner, Privilege Report, 16.5.4.3
- WITH ADMIN Privilege Grants Report, 16.5.5.1
- WITH GRANT Privileges Report, 16.5.5.7
- roles
-
- checking with DVSYS.DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function, 13.3
- system
-
- checking with DVSYS.DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function, 13.3
- views
-
- DBA_DV_PUB_PRIVS, 10.4.11
- DBA_DV_USER_PRIVS, 10.4.19
- DBA_DV_USER_PRIVS_ALL, 10.4.20
- Privileges Distribution By Grantee Report, 16.5.4.1
- Privileges Distribution By Grantee, Owner Report, 16.5.4.2
- Privileges Distribution By Grantee, Owner, Privilege Report, 16.5.4.3
- privileges using external password, 16.5.3.4
- problems, diagnosing, E.1
- procedures
-
- command rules
-
- DVSYS.DBMS_MACADM (configuration), 11.4
- factors
-
- DVSYS.DBMS_MACADM (configuration), 11.5
- realms
-
- DVSYS.DBMS_MACADM (configuration), 11.2
- profiles, 16.5.6
- Public Execute Privilege To SYS PL/SQL Procedures Report, 16.5.3.3
Q
- quotas
-
- tablespace, 16.5.9.6
R
- RAC
-
- See Oracle Real Application Clusters (RAC)
- Realm Audit Report, 16.4.2.1
- Realm Authorization Configuration Issues Report, 16.4.1.5
- realms
-
- about, 4.1
- audit events, custom, A.1.1
- authentication-related procedures, 11.2
- authorization
-
- how realm authorizations work, 4.10
- process flow, 4.10
- troubleshooting, E.2
- updating with DVSYS.DBMS_MACADM.UPDATE_REALM_AUTH, 11.2
- authorizations
-
- grantee, 4.6
- rule set, 4.6
- creating, 4.3
- data dictionary views, 4.15
- default realms, 4.2
- deleting, 4.8
- disabling, 4.7
- DV_REALM_OWNER role, 10.2.3
- DV_REALM_RESOURCE role, 10.2.4
- DVSYS.DBMS_MACUTL constants, example of, 13.2.2
- editing, 4.4
- effect on other Oracle Database Vault components, 4.12
- enabling, 4.7
- example, 4.11
- functions
-
- DVSYS.DBMS_MACUTL (utility), 13.1
- DVSYS.DBMS_MACUTL constants (fields), 13.2.1
- guidelines, 4.13
- how realms work, 4.9
- Java stored procedures, 4.9
- object-related procedures, 11.2
- performance effect, 4.14
- procedures
-
- DVSYS.DBMS_MACADM (configuration), 11.2, 11.2
- process flow, 4.9
- realm authorizations
-
- about, 4.6
- realm secured objects
-
- deleting, 4.5
- editing, 4.5
- object name, 4.5
- object owner, 4.5
- object type, 4.5
- realm system authorizations
-
- creating, 4.6
- deleting, 4.6
- editing, 4.6
- realm-secured objects, 4.5
- reports, 4.15
- roles
-
- DV_REALM_OWNER, 10.2.3
- DV_REALM_RESOURCE, 10.2.4
- secured object, 16.4.1.5
- territory a realm protects, 4.5
- troubleshooting, E.2, E.3
- tutorial, 3.2
- updating with DVSYS.DBMS_MACADM.UPDATE_REALM, 11.2
- views
-
- DBA_DV_CODE, 10.4.1
- DBA_DV_REALM, 10.4.12
- DBA_DV_REALM_AUTH, 10.4.13
- DBA_DV_REALM_OBJECT, 10.4.14, 10.4.14
- See also rule sets
- RECOVERY_CATALOG_OWNER role, 16.5.5.9
- recycle bin, guidelines on managing, D.3.2
- REMOTE_LOGIN_PASSWORDFILE initialization parameter, 2.1
- REMOTE_OS_AUTHENT initialization parameter, 2.1
- REMOTE_OS_ROLES initialization parameter, 2.1
- reporting menu
-
- report results page, 16.3
-
- parameter, 16.3
- reports
-
- about, 16.1
- Access to Sensitive Objects Report, 16.5.3.2
- Accounts With DBA Roles Report, 16.5.5.2
- Accounts with SYSDBA/SYSOPER Privilege Report, 16.5.3.4
- ALTER SYSTEM or ALTER SESSION Report, 16.5.5.5
- ANY System Privileges for Database Accounts Report, 16.5.2.4
- AUDIT Privileges Report, 16.5.5.10
- auditing, 16.4.2
- BECOME USER Report, 16.5.5.4
- categories of, 16.1
- Command Rule Audit Report, 16.4.2.2
- Command Rule Configuration Issues Report, 16.4.1.1
- Core Database Audit Report, 16.5.8
- Core Database Vault Audit Trail Report, 16.4.2.5
- Database Account Default Password Report, 16.5.7.1
- Database Account Status Report, 16.5.7.2
- Database Accounts With Catalog Roles Report, 16.5.5.9
- Direct and Indirect System Privileges By Database Account Report, 16.5.2.2
- Direct Object Privileges Report, 16.5.1.3
- Direct System Privileges By Database Account Report, 16.5.2.1
- Execute Privileges to Strong SYS Packages Report, 16.5.3.1
- Factor Audit Report, 16.4.2.3
- Factor Configuration Issues Report, 16.4.1.2
- Factor Without Identities, 16.4.1.3
- general security, 16.5
- Hierarchical System Privileges by Database Account Report, 16.5.2.3
- Identity Configuration Issues Report, 16.4.1.4
- Java Policy Grants Report, 16.5.9.1
- Label Security Integration Audit Report, 16.4.2.4
- Non-Owner Object Trigger Report, 16.5.9.7
- Object Access By PUBLIC Report, 16.5.1.1
- Object Access Not By PUBLIC Report, 16.5.1.2
- Object Dependencies Report, 16.5.1.4
- Objects Dependent on Dynamic SQL Report, 16.5.9.3
- OS Directory Objects Report, 16.5.9.2
- OS Security Vulnerability Privileges, 16.5.5.11
- Password History Access Report, 16.5.5.6
- permissions for running, 16.2
- privilege management, 16.5.4
- Privileges Distribution By Grantee Report, 16.5.4.1
- Privileges Distribution By Grantee, Owner Report, 16.5.4.2
- Privileges Distribution By Grantee, Owner, Privilege Report, 16.5.4.3
- Public Execute Privilege To SYS PL/SQL Procedures Report, 16.5.3.3
- Realm Audit Report, 16.4.2.1
- Realm Authorization Configuration Issues Report, 16.4.1.5
- Resource Profiles Report, 16.5.6.2
- Roles/Accounts That Have a Given Role Report, 16.5.5.8
- Rule Set Configuration Issues Report, 16.4.1.6
- running, 16.3
- Secure Application Configuration Issues Report, 16.4.1.7
- Secure Application Role Audit Report, 16.4.2.6
- Security Policy Exemption Report, 16.5.5.3
- Security Related Database Parameters, 16.5.6.1
- security vulnerability, 16.5.9
- System Privileges By Privilege Report, 16.5.2.5
- System Resource Limits Report, 16.5.6.3
- Tablespace Quotas Report, 16.5.9.6
- Unwrapped PL/SQL Package Bodies Report, 16.5.9.4
- Username /Password Tables Report, 16.5.9.5
- WITH ADMIN Privileges Grants Report, 16.5.5.1
- WITH GRANT Privileges Report, 16.5.5.7
- required parameters page
-
- % wildcard, 16.3
- Resource Profiles Report, 16.5.6.2
- resources
-
- reports
-
- Resource Profiles Report, 16.5.6.2
- System Resource Limits Report, 16.5.6.3
- REVOKE statement
-
- monitoring, 15.3
- roles
-
- catalog-based, 16.5.5.9
- Database Vault default roles, 10.2.1
- privileges, checking with DVSYS.DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function, 13.3
- role enablement in incomplete rule set, 16.4.1.7
- role-based system privileges, 16.5.2.3
- See also secure application roles
- Roles/Accounts That Have a Given Role Report, 16.5.5.8
- root access, guidelines on managing, D.2.1
- Rule Set Configuration Issues Report, 16.4.1.6
- rule sets
-
- about, 5.1
- adding existing rules, 5.5.2
- audit options, 5.3
- command rules
-
- disabled, 16.4.1.1
- selecting for, 6.4
- used with, 6.1
- CONNECT role configured incorrectly, solution for, B.1
- creating, 5.3
-
- rules in, 5.5.1
- data dictionary views, 5.11
- default rule sets, 5.2
- deleting
-
- rule set, 5.6
- rules from, 5.5.1, 5.5.1
- disabled for
-
- factor assignment, 16.4.1.2
- realm authorization, 16.4.1.5
- DVSYS.DBMS_MACUTL constants, example of, 13.2.2
- editing
-
- rule sets, 5.4
- rules in, 5.5.1
- error options, 5.3
- evaluation of rules, 5.5
- evaluation options, 5.3
- event handlers, 5.3
- events firing, finding with DVSYS.DV_SYSEVENT, 14.3
- factors, selecting for, 7.3
- factors, used with, 7.1
- fail code, 5.3
- fail message, 5.3
- functions
-
- DVSYS.DBMS_MACADM (configuration), 11.3
- DVSYS.DBMS_MACUTL (utility), 13.1
- DVSYS.DBMS_MACUTL constants (fields), 13.2.1
- PL/SQL functions for rule sets, 14.3
- guidelines, 5.9
- how rule sets work, 5.7.1
- incomplete, 16.4.1.1
- naming, 5.3
- nested rules, 5.7.3
- order of rules run
-
- performance, 5.7.2
- setting, 5.7.2
- performance effect, 5.10
- procedures
-
- DVSYS.DBMS_MACADM (configuration), 11.3
- process flow, 5.7.1
- reports, 5.11
- rules that exclude one user, 5.7.4
- troubleshooting, E.2, E.3
- views
-
- DBA_DV_RULE, 10.4.16
- DBA_DV_RULE_SET, 10.4.17
- DBA_DV_RULE_SET_RULE, 10.4.18
- See also command rules, factors, realms, rules, secure application roles
- rules
-
- about, 5.5
- creating, 5.5.1
- data dictionary views, 5.11
- deleting from rule set, 5.5.1
- editing, 5.5.1
- existing rules, adding to rule set, 5.5.2
- nested in rule sets, 5.7.2
- nested within a rule set, 5.7.3
- removing from rule set, 5.5.1
- reports, 5.11
- troubleshooting, E.2
- views
-
- DBA_DV_RULE, 10.4.16
- DBA_DV_RULE_SET_RULE, 10.4.18
- See also rule sets
- rules sets
-
- audit event, custom, A.1.1
S
- schemas
-
- DVF, 10.1.2
- DVSYS, 10.1.1
- Secure Application Configuration Issues Report, 16.4.1.7
- secure application role, 8.1
- Secure Application Role Audit Report, 16.4.2.6
- secure application roles
-
- creating, 8.2
- data dictionary view, 8.8
- deleting, 8.4
- DVSYS.DBMS_MACSEC_ROLES.SET_ROLE function, 8.2
- functionality, 8.5
- functions
-
- DVSYS.DBMS_MACADM (configuration), 11.6
- DVSYS.DBMS_MACSEC_ROLES (configuration), 12.1
- DVSYS.DBMS_MACSEC_ROLES package, 12.1
- DVSYS.DBMS_MACUTL (utility), 13.1
- DVSYS.DBMS_MACUTL constants (fields), 13.2.1
- guidelines on managing, 8.3
- invoker's rights, 8.1
- performance effect, 8.7
- procedure
-
- DVSYS.DBMS_MACADM (configuration), 11.6
- procedures and functions
-
- DVSYS.DBMS_MACUTL (utility), 13.3
- reports, 8.8
-
- Rule Set Configuration Issues Report, 16.4.1.6
- troubleshooting, E.3
- troubleshooting with auditing report, 16.4.2.6
- tutorial, 8.6
- views
-
- DBA_DV_ROLE, 10.4.15
- See also roles, rule sets
- secure role applications
-
- audit event, custom, A.1.1
- security attacks
-
- Denial of Service (DoS) attacks
-
- finding system resource limits, 16.5.6.3
- Denial of Service attacks
-
- finding tablespace quotas, 16.5.9.6
- eliminating audit trail, 16.5.5.10
- monitoring security violations, 15.1
- Oracle Database Vault addressing insider threats, 1.4
- reports
-
- AUDIT Privileges Report, 16.5.5.10
- Objects Dependent on Dynamic SQL Report, 16.5.9.3
- Privileges Distribution By Grantee, Owner Report, 16.5.4.2
- Unwrapped PL/SQL Package Bodies Report, 16.5.9.4
- SQL injection attacks, 16.5.9.3
- tracking
-
- with factor auditing, 7.3
- with rule set auditing, 5.3
- security policies
-
- monitoring changes, 15.4
- security policies, Oracle Database Vault addressing, 1.5
- Security Policy Exemption Report, 16.5.5.3
- Security Related Database Parameters Report, 16.5.6.1
- security violations
-
- monitoring attempts, 15.1
- security vulnerabilities
-
- how Database Vault addresses, 1.6
- operating systems, 16.5.5.11
- reports, 16.5.9
-
- Security Related Database Parameters Report, 16.5.6.1
- root operating system directory, 16.5.9.2
- SELECT statement
-
- controlling with command rules, 6.1
- SELECT_CATALOG_ROLE role, 16.5.5.9
- sensitive objects reports, 16.5.3
- separation of duty concept
-
- command rules, 6.2
- database accounts, 10.3
- database accounts, suggested, 10.3
- database roles, 2.3
- Database Vault Account Manager role, 10.3
- Oracle Database Vault enforcing, 1.1
- realms, 1.6
- restricting privileges, 2.2
- roles, 10.2.1
- session time, setting for Oracle Database Vault Administrator, C.3
- sessions
-
- audit events, custom, A.1.1
- DVSYS.DBMS_MACUTL fields, 13.2.1
- finding session user with DVF.F$SESSION_USER, 14.2
- restricting data based on, 7.9
- retrieving information with functions, 11.5
- SQL injection attacks, detecting with Object Dependent on Dynamic SQL Report, 16.5.9.3
- SQL statements
-
- default command rules that protect, 6.2
- SQL text, finding with DVSYS.DV_SQL_TEXT, 14.3
- SQL92_SECURITY initialization parameter, 2.1
- subfactors
-
- See child factors under factors topic
- SYS schema
-
- command rules, 6.4
- SYSDBA access
-
- guidelines on managing, D.2.3
- SYSOPER access
-
- guidelines on managing, D.2.4
- system features
-
- disabling with Disabled rule set, 5.2
- enabling with Enabled rule set, 5.2
- system privileges
-
- checking with DVSYS.DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function, 13.3
- reports
-
- System Privileges By Privileges Report, 16.5.2.5
- System Privileges By Privilege Report, 16.5.2.5
- System Resource Limits Report, 16.5.6.3
- system root access, guideline on managing, D.2.1
T
- tablespace quotas, 16.5.9.6
- Tablespace Quotas Report, 16.5.9.6
- third party products, affected by Oracle Database Vault, B.1
- time data
-
- DVSYS.DBMS_MACUTL functions, 13.3
- time-out value, setting for Oracle Database Vault Administrator, C.3
- trace files
-
- about, E.1
- enabling, E.1
- Transparent Data Encryption, used with Oracle Database Vault, 9.2
- triggers
-
- different from object owner account, 16.5.9.7
- reports, Non-Owner Object Trigger Report, 16.5.9.7
- troubleshooting
-
- access security sessions, 16.4.2.5
- auditing reports, using, 16.4.2
- command rules, E.1
- events, E.1
- factors, E.2
- general diagnostic tips, E.2
- locked out accounts, B.1
- passwords, forgotten, B.1
- realms, E.2
- rule sets, E.2
- rules, E.2
- secure application roles, 16.4.2.6
- trust levels
-
- about, 7.5.2
- determining for identities with DVSYS.GET_TRUST_LEVEL_FOR_IDENTITY, 14.1.4
- determining with DVSYS.GET_TRUST_LEVEL, 14.1.3
- factor identity, 7.5.2
- factors, 7.5.2
- for factor and identity requested, 14.1.4
- identities, 7.3
- of current session identity, 14.1.3
- trusted users
-
- accounts and roles that should be limited, D.2
- default for Oracle Database Vault, D.1
- tutorials
-
- access, granting with secure application roles, 8.6
- ad hoc tool access, preventing, 7.8
- e-mail alert in rule set, 5.8
- factors, mapping identities, 7.9
- Oracle Label Security integration with Oracle Database Vault, 9.4.4
- restricting access based on session data, 7.9
- restricting user activities with command rules, 6.7
- schema, protecting with a realm, 3.2
- See also examples
U
- Unwrapped PL/SQL Package Bodies Report, 16.5.9.4
- user names
-
- reports, Username/Password Tables Report, 16.5.9.5
- USER_HISTORY$ table, 16.5.5.6
- Username/Password Tables Report, 16.5.9.5
- users
-
- creating accounts, 2.4
- enterprise identities, finding with DVF.F$PROXY_ENTERPRISE_IDENTITY, 14.2
- enterprise-wide identities, finding with DVF.F$ENTERPRISE_IDENTITY, 14.2
- finding session user with DVF.F$SESSION_USER, 14.2
- login user name, finding with DVSYS.DV_LOGIN_USER, 14.3
- restricting access by factor identity, 7.9
- utility functions
-
- See DVSYS.DBMS_MACUTL package
- UTL_FILE object, 16.5.1.4
- UTL_FILE package, guidelines on managing, D.3.1
V
- views
-
- Oracle Database Vault-specific views, 10.4
- See also names beginning with DBA_DV
- VPD
-
- See Oracle Virtual Private Database (VPD)
W
- wildcard, %, 16.3
- WITH ADMIN Privileges Grants Report, 16.5.5.1
- WITH ADMIN status, 16.5.2.1, 16.5.2.2
- WITH GRANT clause, 16.5.5.7
- WITH GRANT Privileges Report, 16.5.5.7