Index
A B C D E F G H I J L M N O P Q R S T U V W
Symbols
- % wildcard, 11.3
A
- access control policy
-
- configuring with tools and components
-
- Oracle Label Security PL/SQL APIs, 1.2.6
- Oracle Policy Manager, 1.2.6
- reports
-
- Core Database Vault Audit Report, 11.4.2.5
- access control run-time PL/SQL procedures and functions, H.1
- Access to Sensitive Objects Report, 11.5.3.2
- accounts
-
- See database accounts
- Accounts With DBA Roles Report, 11.5.5.2
- Accounts with SYSDBA/SYSOPER Privilege Report, 11.5.3.4
- ALTER DATABASE statement
-
- monitoring, 10.2
- ALTER ROLE statement
-
- monitoring, 10.3
- ALTER SESSION privilege
-
- reports, ALTER SYSTEM or ALTER SESSION Report, 11.5.5.5
- trace files, enabling, J.1
- ALTER SESSION statement
-
- guidelines on managing privileges, I.3.6
- ALTER SYSTEM or ALTER SESSION Report, 11.5.5.5
- ALTER SYSTEM privilege
-
- reports, ALTER SYSTEM or ALTER SESSION Report, 11.5.5.5
- ALTER SYSTEM statement
-
- controlling with command rules, 6.1
- guidelines on managing privileges, I.3.6
- ALTER TABLE statement
-
- monitoring, 10.2
- ALTER USER statement
-
- monitoring, 10.3
- ANY privileges, D.2.6
- ANY System Privileges for Database Accounts Report, 11.5.2.4
- APIs
-
- See DVSYS.DBMS_MACADM package, DVSYS.DBMS_MACSEC_ROLES package, DVSYS.DBMS_MACUTL package
- audit policy change
-
- monitoring, 10.3
- AUDIT privilege, 11.5.5.10
- AUDIT Privileges Report, 11.5.5.10
- AUDIT_SYS_OPERATIONS initialization parameter, 2.1.1
- AUDIT_TRAIL initialization parameter
-
- effect on auditing policy, A.2
- effect on Core Database Audit Report, 11.5.8
- effect on monitoring database, 10.3
- example of setting, A.2
- AUDIT_TRAIL$ system table
-
- archiving, A.5
- format, A.4.2
- auditing
-
- archiving Database Vault audit trail, A.5
- Core Database Audit Report, 11.5.8
- Database Vault policy settings, A.3
- DVSYS.DBMS_MACUTL fields, G.1
- factors
-
- options, 7.3
- intruders
-
- using factors, 7.3
- using rule sets, 5.3
- realms
-
- DVSYS.DBMS_MACUTL fields, G.1
- options, 4.3
- reports, 11.4.2
- rule sets
-
- DVSYS.DBMS_MACUTL fields, G.1
- options, 5.3
- secure application roles
-
- audit records, 8.8
- troubleshooting, J.1
- views used to audit events, D.4
- See also auditing policies
- auditing policies
-
- about, A.1
- custom events
-
- about, A.4
- audit trail, A.4.2
- listing, A.4.1
- monitoring changes to, 10.3, A.1
- settings, A.3
- See also auditing, AUDIT_TRAIL initialization parameter
- authentication
-
- Authentication_Method default factor, 7.2
- command rules, 6.1
- method, finding with DVF.F$AUTHENTICATION_METHOD, H.2
- realm functions, E.1
- authorizations, realms, 4.6
B
- BECOME USER Report, 11.5.5.4
- BECOME USER system privilege
-
- about, 11.5.5.4
C
- catalog-based roles, 11.5.5.9
- child factors
-
- See factors
- clients
-
- finding IP address with DVF.F$CLIENT_IP, H.2
- code groups
-
- DVSYS.DBMS_MACUTL fields, G.1
- ID, retrieving with DVSYS.DBMS_MACUTL functions, G.2
- retrieving value with DVSYS.DBMS_MACUTL functions, G.2
- Command Rule Audit Report, 11.4.2.2
- Command Rule Configuration Issues Report, 11.4.1.1
- command rules
-
- about, 6.1
- audit event, custom, A.4.1
- creating, 6.4
- default command rules, 6.2
- deleting, 6.5
- diagnosing behavior, J.1
- editing, 6.4
- example, 6.7
- functions
-
- DVSYS.DBMS_MACADM (configuration), E.3
- DVSYS.DBMS_MACUTL (utility), G
- guidelines, 6.8
- how command rules work, 6.6
- objects
-
- name, 6.4
- owner, 6.4
- performance effect, 6.9
- process flow, 6.6
- reports, 6.10
- rule sets
-
- selecting, 6.4
- used with, 6.1
- troubleshooting
-
- general diagnostic advice, J.1
- with auditing report, 11.4.2.2
- views, D.4
- See also rule sets
- compliance
-
- Oracle Database Vault addressing, 1.3
- computer name
-
- finding with DVF.F$MACHINE, H.2
- Machine default factor, 7.2
- configuration
-
- changes, monitoring, 10.3
- See also DVSYS.DBMS_MACADM package
- CONNECT events, controlling with command rules, 6.1
- core database
-
- troubleshooting with Core Database Vault Audit Report, 11.4.2.5
- Core Database Audit Report, 11.5.8
- Core Database Vault Audit Trail Report, 11.4.2.5
- CPU_PER_SESSION resource profile, 11.5.6.2
- CREATE ANY JOB privilege, I.3.3
- CREATE ANY JOB statement
-
- guidelines on managing privileges, I.3.3
- CREATE EXTERNAL JOB privilege, I.3.4
- CREATE JOB privilege, I.3.3
- CREATE JOB statement
-
- guidelines on managing privileges, I.3.3
- CREATE ROLE statement
-
- monitoring, 10.3
- CREATE TABLE statement
-
- monitoring, 10.2
- CREATE USER statement
-
- monitoring, 10.3
D
- data definition language (DDL)
-
- statement
-
- controlling with command rules, 6.1
- data dictionary
-
- adding DV_ACCTMGR role to realm, 3.2.1
- data manipulation language (DML)
-
- statement
-
- checking with DVSYS.DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED function, G.2
- controlling with command rules, 6.1
- data Oracle Database Vault recognizes
-
- See factors
- Database Account Default Password Report, 11.5.7.1
- Database Account Status Report, 11.5.7.2
- database accounts
-
- counting privileges of, 11.5.4.1
- creation scenarios, D.3.1, D.3.1
- DBSNMP, 4.2
- default Oracle Database Vault, D.3.1
- DVSYS, D.3
- LBACSYS, D.3
- monitoring, 10.3
- reports
-
- Accounts With DBA Roles Report, 11.5.5.2
- ALTER SYSTEM or ALTER SESSION Report, 11.5.5.5
- ANY System Privileges for Database Accounts Report, 11.5.2.4
- AUDIT Privileges Report, 11.5.5.10
- BECOME USER Report, 11.5.5.4
- Database Account Default Password Report, 11.5.7.1
- Database Account Status Report, 11.5.7.2
- Database Accounts With Catalog Roles Report, 11.5.5.9
- Direct and Indirect System Privileges By Database Account Report, 11.5.2.2
- Direct Object Privileges Report, 11.5.1.3
- Direct System Privileges By Database Account Report, 11.5.2.1
- Hierarchical System Privileges by Database Account Report, 11.5.2.3
- Object Access By PUBLIC Report, 11.5.1.1
- Object Access Not By PUBLIC Report, 11.5.1.2
- OS Security Vulnerability Privileges, 11.5.5.11
- Password History Access Report, 11.5.5.6
- Privileges Distribution By Grantee Report, 11.5.4.1, 11.5.4.1, 11.5.4.1
- Privileges Distribution By Grantee, Owner Report, 11.5.4.2, 11.5.4.2
- Privileges Distribution By Grantee, Owner, Privilege Report, 11.5.4.3, 11.5.4.3
- Roles/Accounts That Have a Given Role Report, 11.5.5.8
- Security Policy Exemption Report, 11.5.5.3
- WITH ADMIN Privilege Grants Report, 11.5.5.1
- WITH GRANT Privileges Report, 11.5.5.7
- solution for lockouts, B.1
- suggested, D.3
- SYSMAN, 4.2
- Database Accounts With Catalog Roles Report, 11.5.5.9
- database configuration
-
- monitoring changes, 10.2
- database definition language (DDL)
-
- statements
-
- controlling with command rules, 6.1
- database domains, Database_Domain default factor, 7.2
- database objects
-
- Oracle Database Vault, D
- reports
-
- Object Dependencies Report, 11.5.1.4
- See also objects
- database options, installing, B.1
- database roles
-
- about, D.2.1
- counting privileges of, 11.5.4.1
- default Oracle Database Vault, D.2.1
- DV_ACCTMGR
-
- about, D.2.6
- adding to Data Dictionary realm, 3.2.1
- DV_ADMIN, D.2.5
- DV_OWNER, D.2.2
- DV_PUBLIC, D.2.7
- DV_REALM_OWNER, D.2.3
- DV_REALM_RESOURCE, D.2.4
- DV_SECANALYST, D.2.8
- enabled, determining with DVSYS.ROLE_IS_ENABLED, H.1.5
- monitoring, 10.3
- Oracle Database Vault, default, D.2.1
- reports
-
- Accounts With DBA Roles Report, 11.5.5.2
- ALTER SYSTEM or ALTER SESSION Report, 11.5.5.5
- AUDIT Privileges Report, 11.5.5.10
- BECOME USER Report, 11.5.5.4
- Database Accounts With Catalog Roles Report, 11.5.5.9
- OS Security Vulnerability Privileges, 11.5.5.11
- Privileges Distribution By Grantee Report, 11.5.4.1
- Roles/Accounts That Have a Given Role Report, 11.5.5.8
- Security Policy Exemption Report, 11.5.5.3
- WITH ADMIN Privilege Grants Report, 11.5.5.1
- separation of duty enforcement, 2.3
- database schemas
-
- grouped
-
- See realms
- database sessions, 7.3
-
- controlling with Allow Sessions default rule set, 5.2
- factor evaluation, 7.7.1
- session user name, Proxy_User default factor, 7.2
- Database Vault
-
- See Oracle Database Vault
- databases
-
- dbconsole
-
- checking process, 3.1
- starting process, 3.1
- defined with factors, 7.1
- domain, Domain default factor, 7.2
- event monitoring, J.1
- host names, Database_Hostname default factor, 7.2
- instance, retrieving information with functions, E.4
- instances
-
- Database_Instance default factor, 7.2
- names, finding with DVF.F$DATABASE_INSTANCE, H.2
- number, finding with DVSYS.DV_INSTANCE_NUM, H.3
- IP addresses
-
- Database_IP default factor, 7.2
- retrieving with DVF.F$DATABASE_IP, H.2
- listener, starting, B.3
- log file location, 3.1
- monitoring events, J.1
- names
-
- Database_Name default factor, 7.2
- retrieving with DVF.F$DATABASE_NAME, H.2
- retrieving with DVSYS.DV_DATABASE_NAME, H.3
- parameters
-
- Security Related Database Parameters Report, 11.5.6.1
- roles that do not exist, 11.4.1.7
- schema creation, finding with DVF.F$IDENTIFICATION_TYPE, H.2
- schema creation, Identification_Type default factor, 7.2
- startup, DVSYS.DBMS_MACUTL fields, G.1
- structural changes, monitoring, 10.2
- user name, Session_User default factor, 7.2
- DBA_DV_CODE view, D.4
- DBA_DV_COMMAND_RULE view, D.4
- DBA_DV_FACTOR view, D.4
- DBA_DV_FACTOR_LINK view, D.4
- DBA_DV_FACTOR_TYPE view, D.4
- DBA_DV_IDENTITY view, D.4
- DBA_DV_IDENTITY_MAP view, D.4
- DBA_DV_MAC_POLICY view, D.4
- DBA_DV_MAC_POLICY_FACTOR view, D.4
- DBA_DV_POLICY_LABEL view, D.4
- DBA_DV_PUB_PRIVS view, D.4
- DBA_DV_REALM view, D.4
- DBA_DV_REALM_AUTH view, D.4
- DBA_DV_REALM_OBJECT view, D.4
- DBA_DV_ROLE view, D.4
- DBA_DV_RULE view, D.4
- DBA_DV_RULE_SET view, D.4
- DBA_DV_RULE_SET_RULE view, D.4
- DBA_DV_USER_PRIVS view, D.4
- DBA_DV_USER_PRIVS_ALL view, D.4
- dbconsole process
-
- checking status, 3.1
- starting, 3.1
- DBMS_FILE_TRANSFER package, guidelines on managing, I.3.1
- DELETE_CATALOG_ROLE role, 11.5.5.9
- denial-of-service (DoS) attacks
-
- reports
-
- System Resource Limits Report, 11.5.6.3
- Tablespace Quotas Report, 11.5.9.6
- Direct and Indirect System Privileges By Database Account Report, 11.5.2.2
- Direct Object Privileges Report, 11.5.1.3
- direct system privileges, 11.5.2.3
- Direct System Privileges By Database Account Report, 11.5.2.1
- disabling system features with Disabled default rule set, 5.2
- domains
-
- defined with factors, 7.1
- finding database domain with DVF.F$DATABASE_DOMAIN, H.2
- finding with DVF.F$DOMAIN, H.2
- DROP ROLE statement
-
- monitoring, 10.3
- DROP TABLE statement
-
- monitoring, 10.2
- DROP USER statement
-
- monitoring, 10.3
- DV_ACCTMGR role
-
- about, D.2.6
- adding to Data Dictionary realm, 3.2.1
- DV_ADMIN role, D.2.5
- DV_OWNER role, D.2.2
- DV_PUBLIC role, D.2.7
- DV_REALM_OWNER role, D.2.3
- DV_REALM_RESOURCE role, D.2.4
- DV_SECANALYST role, D.2.8
- DVA
-
- See Oracle Database Vault Administrator
- DVCA
-
- See Oracle Database Vault Configuration Assistant
- DVF account
-
- auditing policy, A.3
- database accounts
-
- DVF, D.3
- DVF schema, H.2
-
- about, D.1.2
- auditing policy, A.3
- DVSYS account, D.3
-
- auditing policy, A.3
- DVSYS schema
-
- about, D.1.1
- auditing policy, A.3
- command rules, 6.4
- DV_OWNER role, D.2.2
- factor validation methods, 7.3
- DVSYS.DBMS_MACADM package
-
- about, E
- command rule functions, listed, E.3
- factor functions, listed, E.4
- Oracle Label Security policy functions, listed, E.6
- realm functions, listed, E.1
- rule set functions, listed, E.2
- secure application role functions, listed, E.5
- DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM function, E.1.1, E.1.2, E.1.3, E.1.4
- DVSYS.DBMS_MACADM.ADD_FACTOR_LINK function, E.4.1
- DVSYS.DBMS_MACADM.ADD_OBJECT_TO_REALM function, E.1.5
- DVSYS.DBMS_MACADM.ADD_POLICY_FACTOR function, E.4.2
- DVSYS.DBMS_MACADM.ADD_RULE_TO_RULE_SET function, E.2.1, E.2.2, E.2.3
- DVSYS.DBMS_MACADM.CHANGE_IDENTITY_FACTOR function, E.4.3
- DVSYS.DBMS_MACADM.CHANGE_IDENTITY_VALUE function, E.4.4
- DVSYS.DBMS_MACADM.CREATE_COMMAND_RULE function, E.3.1
- DVSYS.DBMS_MACADM.CREATE_DOMAIN_IDENTITY function, E.4.5
- DVSYS.DBMS_MACADM.CREATE_FACTOR function, E.4.6
- DVSYS.DBMS_MACADM.CREATE_FACTOR_TYPE function, E.4.7
- DVSYS.DBMS_MACADM.CREATE_IDENTITY function, E.4.8
- DVSYS.DBMS_MACADM.CREATE_IDENTITY_MAP function, E.4.9
- DVSYS.DBMS_MACADM.CREATE_MAC_POLICY function, E.6.1
- DVSYS.DBMS_MACADM.CREATE_POLICY_LABEL function, E.6.2
- DVSYS.DBMS_MACADM.CREATE_REALM function, E.1.6
- DVSYS.DBMS_MACADM.CREATE_ROLE function, E.5.1
- DVSYS.DBMS_MACADM.CREATE_RULE function, E.2.4
- DVSYS.DBMS_MACADM.CREATE_RULE_SET function, E.2.5
- DVSYS.DBMS_MACADM.DELETE_AUTH_FROM_REALM function, E.1.7
- DVSYS.DBMS_MACADM.DELETE_COMMAND_RULE function, E.3.2
- DVSYS.DBMS_MACADM.DELETE_FACTOR function, E.4.10
- DVSYS.DBMS_MACADM.DELETE_FACTOR_LINK function, E.4.11
- DVSYS.DBMS_MACADM.DELETE_FACTOR_TYPE function, E.4.12
- DVSYS.DBMS_MACADM.DELETE_IDENTITY function, E.4.13
- DVSYS.DBMS_MACADM.DELETE_IDENTITY_MAP function, E.4.14
- DVSYS.DBMS_MACADM.DELETE_MAC_POLICY_CASCADE function, E.6.3
- DVSYS.DBMS_MACADM.DELETE_OBJECT_FROM_REALM function, E.1.8
- DVSYS.DBMS_MACADM.DELETE_POLICY_FACTOR function, E.6.4
- DVSYS.DBMS_MACADM.DELETE_POLICY_LABEL function, E.6.5
- DVSYS.DBMS_MACADM.DELETE_REALM function, E.1.9
- DVSYS.DBMS_MACADM.DELETE_REALM_CASCADE function, E.1.10
- DVSYS.DBMS_MACADM.DELETE_ROLE function, E.5.2
- DVSYS.DBMS_MACADM.DELETE_RULE function, E.2.6
- DVSYS.DBMS_MACADM.DELETE_RULE_FROM_RULE_SET function, E.2.7
- DVSYS.DBMS_MACADM.DELETE_RULE_SET function, E.2.8
- DVSYS.DBMS_MACADM.DROP_DOMAIN_IDENTITY function, E.4.15
- DVSYS.DBMS_MACADM.GET_INSTANCE_INFO function, E.4.16
- DVSYS.DBMS_MACADM.GET_SESSION_INFO function, E.4.17
- DVSYS.DBMS_MACADM.RENAME_FACTOR function, E.4.18
- DVSYS.DBMS_MACADM.RENAME_FACTOR_TYPE function, E.4.19
- DVSYS.DBMS_MACADM.RENAME_REALM function, E.1.11
- DVSYS.DBMS_MACADM.RENAME_ROLE function, E.5.3
- DVSYS.DBMS_MACADM.RENAME_RULE function, E.2.9
- DVSYS.DBMS_MACADM.RENAME_RULE_SET function, E.2.10
- DVSYS.DBMS_MACADM.SYNC_RULES function, E.2.11
- DVSYS.DBMS_MACADM.UPDATE_COMMAND_RULE function, E.3.3
- DVSYS.DBMS_MACADM.UPDATE_FACTOR function, E.4.20
- DVSYS.DBMS_MACADM.UPDATE_FACTOR_TYPE function, E.4.21
- DVSYS.DBMS_MACADM.UPDATE_IDENTITY function, E.4.22
- DVSYS.DBMS_MACADM.UPDATE_MAC_POLICY function, E.6.6
- DVSYS.DBMS_MACADM.UPDATE_REALM function, E.1.12
- DVSYS.DBMS_MACADM.UPDATE_REALM_AUTH function, E.1.13
- DVSYS.DBMS_MACADM.UPDATE_ROLE function, E.5.4
- DVSYS.DBMS_MACADM.UPDATE_RULE function, E.2.12
- DVSYS.DBMS_MACADM.UPDATE_RULE_SET function, E.2.13
- DVSYS.DBMS_MACSEC_ROLES package
-
- about, F
- functions, listed, F
- DVSYS.DBMS_MACSEC_ROLES.CAN_SET_ROLE function, F.1
- DVSYS.DBMS_MACSEC_ROLES.SET_ROLE function, F.2
- DVSYS.DBMS_MACUTL package
-
- about, G
- fields (constants), listed, G.1
- functions, listed, G.2
- DVSYS.DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED function, G.2.1
- DVSYS.DBMS_MACUTL.GET_CODE_ID function, G.2.2
- DVSYS.DBMS_MACUTL.GET_CODE_VALUE function, G.2.3
- DVSYS.DBMS_MACUTL.GET_DAY function, G.2.8
- DVSYS.DBMS_MACUTL.GET_FACTOR_CONTEXT function, G.2.4
- DVSYS.DBMS_MACUTL.GET_HOUR function, G.2.7
- DVSYS.DBMS_MACUTL.GET_MESSAGE_LABEL function, G.2.18, G.2.19
- DVSYS.DBMS_MACUTL.GET_MINUTE function, G.2.6
- DVSYS.DBMS_MACUTL.GET_MONTH function, G.2.9
- DVSYS.DBMS_MACUTL.GET_SECOND function, G.2.5
- DVSYS.DBMS_MACUTL.GET_SQL_TEXT function, G.2.11
- DVSYS.DBMS_MACUTL.GET_YEAR function, G.2.10
- DVSYS.DBMS_MACUTL.IN_CALL_STACK function, G.2.12
- DVSYS.DBMS_MACUTL.IS_ALPHA function, G.2.13
- DVSYS.DBMS_MACUTL.IS_DIGIT function, G.2.14
- DVSYS.DBMS_MACUTL.IS_DVSYS_OWNER function, G.2.15
- DVSYS.DBMS_MACUTL.IS_OLS_INSTALLED function, G.2.16
- DVSYS.DBMS_MACUTL.IS_OLS_INSTALLED_VARCHAR function, G.2.17
- DVSYS.DBMS_MACUTL.RAISE_UNAUTHORIZED_OPERATION function, G.2.20
- DVSYS.DBMS_MACUTL.TO_ORACLE_IDENTIFIER function, G.2.21
- DVSYS.DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function, G.2.22
- DVSYS.DBMS_MACUTL.USER_HAS_ROLE function, G.2.23
- DVSYS.DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function, G.2.24
- DVSYS.DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function, G.2.25
E
- e-mail alerts in rule set, 5.8
- enabling system features with Enabled default rule set, 5.2
- encrypted information, 11.5.9.5
- enterprise identities, Enterprise_Identity default factor, 7.2
- Enterprise Manager
-
- See Oracle Enterprise Manager
- errors
-
- DVSYS.DBMS_MACUTL.RAISE_UNAUTHORIZED_OPERATION function, G.2
- factor error options, 7.3
- rule set error options, 5.3
- troubleshooting, J
- event handler
-
- rule sets, 5.3
- example of using Oracle Database Vault, 3.2
- examples
-
- command rules, 6.7
- database account creation scenarios, D.3.1
- e-mail alert in rule set, 5.8
- factors, 7.8
- realms, 4.11
- rule sets, 5.8
- secure application roles, 8.6
- EXECUTE ANY PROCEDURE privilege, securing for external C callouts, I.3.8.1
- EXECUTE ANY PROCEDURE privilege, securing for Java stored procedures, I.3.7.1
- Execute Privileges to Strong SYS Packages Report, 11.5.3.1
- EXECUTE_CATALOG_ROLE role, 11.5.5.9
- EXEMPT ACCESS POLICY system privilege, 11.5.5.3
- external C callouts
-
- EXECUTE ANY PROCEDURE privilege, I.3.8.1
- security considerations, I.3.8
F
- Factor Audit Report, 11.4.2.3
- Factor Configuration Issues Report, 11.4.1.2
- Factor Without Identities Report, 11.4.1.3
- factors
-
- about, 7.1
- assignment, 7.3
-
- disabled rule set, 11.4.1.2
- incomplete rule set, 11.4.1.2
- validate, 7.3
- assignment operation, 11.4.2.3
- audit events, custom, A.4.1
- audit options, 7.3
- child factors
-
- about, 7.3
- Factor Configuration Issues Report, 11.4.1.2
- mapping, 7.5.2, 7.5.2
- creating, 7.3
- default factors, 7.2
- deleting, 7.6
- domain, finding with DVF.F$DOMAIN, H.2
- editing, 7.4
- error options, 7.3
- evaluate, 7.3
- evaluation operation, 11.4.2.3
- example, 7.8
- factor type
-
- about, 7.3
- selecting, 7.3
- factor-identity pair mapping, 7.5.2
- functionality, 7.7
- functions
-
- DVSYS.DBMS_MACADM (configuration), E.4
- DVSYS.DBMS_MACUTL (utility), G
- DVSYS.DBMS_MACUTL fields (constants), G.1
- guidelines, 7.9
- identifying using child factors, 7.5.2
- identities
-
- about, 7.3
- adding to factor, 7.5
- assigning, 7.3
- configuring, 7.5.1
- creating, 7.5.1
- database session, 7.3
- deleting, 7.5.1
- determining with DVSYS.GET_FACTOR, 7.3
- editing, 7.5.1
- enterprise-wide users, H.2
- how factor identities work, 7.3
- labels, 7.3, 7.5.1
- mapping, 7.3, 7.5.2
- Oracle Label Security labels, 7.3
- reports, 7.11
- resolving, 7.3
- retrieval methods, 7.3
- setting dynamically, H.1.1
- trust levels, 7.3, 7.5.1
- with Oracle Label Security, 7.3
- initialization, command rules, 6.1
- invalid audit options, 11.4.1.2
- label, 11.4.1.2
- naming, 7.3
- Oracle Virtual Private Database, attaching factors to, 9.3
- parent factors, 7.3
- performance effect, 7.10
- process flow, 7.7
- reports, 7.11
- retrieving, 7.7.2
- retrieving with DVSYS.GET_FACTOR, H.1.2
- rule sets
-
- selecting, 7.3
- used with, 7.1
- setting, 7.7.3
- setting with DVSYS.SET_FACTOR, H.1.1
- troubleshooting
-
- auditing report, 11.4.2.3
- configuration problems, J.3
- tips, J.2
- type (category of factor), 7.3
- validating, 7.3
- values (identities), 7.1
- views
-
- DBA_DV_CODE, D.4
- DBA_DV_FACTOR_LINK, D.4
- DBA_DV_FACTOR_TYPE, D.4
- DBA_DV_IDENTITY, D.4
- DBA_DV_IDENTITY_MAP, D.4
- DBA_DV_MAC_POLICY_FACTOR, D.4
- ways to assign, 7.3
- See also rule sets
- functions
-
- command rules
-
- DVSYS.DBMS_MACADM (configuration), E.3
- DVSYS.DBMS_MACUTL (utility), G
- DVSYS schema enabling, H.1
- factors
-
- DVSYS.DBMS_MACADM (configuration), E.4
- DVSYS.DBMS_MACUTL (utility), G
- Oracle Label Security policy
-
- DVSYS.DBMS_MACADM (configuration), E.6
- realms
-
- DVSYS.DBMS_MACADM (configuration), E.1
- DVSYS.DBMS_MACUTL (utility), G
- rule sets
-
- DVSYS.DBMS_MACADM (configuration), E.2
- DVSYS.DBMS_MACUTL (utility), G
- PL/SQL functions for inspecting SQL, H.3
- secure application roles
-
- DVSYS.DBMS_MACADM (configuration), E.5
- DVSYS.DBMS_MACSEC_ROLES (configuration), F
- DVSYS.DBMS_MACUTL (utility), G
G
- general security reports, 11.5
- GRANT statement
-
- monitoring, 10.3
- guidelines
-
- ALTER SESSION privilege, I.3.6
- ALTER SYSTEM privilege, I.3.6
- command rules, 6.8
- CREATE ANY JOB privilege, I.3.3
- CREATE EXTERNAL JOB privilege, I.3.4
- CREATE JOB privilege, I.3.3
- DBMS_FILE_TRANSFER package, I.3.1
- factors, 7.9
- general security, I
- Java stored procedures, I.3.7
- LogMiner packages, I.3.5
- Oracle software owner, I.2.2
- performance effect, 7.10
- realms, 4.13
- recycle bin, I.3.2
- root user access, I.2.1
- rule sets, 5.9
- secure application roles, 8.3
- SELECT_CATALOG_ROLE role, I.3.2
- SYSDBA access, I.2.3
- SYSOPER access, I.2.4
- trusted accounts and roles, I.1
- UTL_FILE package, I.3.1
H
- hackers
-
- See intruders
- Hierarchical System Privileges by Database Account Report, 11.5.2.3
- host names
-
- finding with DVF.F$DATABASE_HOSTNAME, H.2
I
- identifiers, converting to legal Oracle with DVSYS.DBMS_MACUTL.TO_ORACLE_IDENTIFIER function, G.2
- identities
-
- See factors, identities
- Identity Configuration Issues Report, 11.4.1.4
- IDLE_TIME resource profile, 11.5.6.2
- incomplete rule set, 11.4.1.2
-
- role enablement, 11.4.1.7
- initialization parameters
-
- Allow System Parameters default rule set, 5.2
- modified after installation, 2.1
- modified by Oracle Database Vault, 2.1.1
- reports, 11.5.6
- insider threats
-
- See intruders
- installations
-
- security considerations, I.3
- intruders
-
- Denial of Service attacks
-
- finding tablespace quotas, 11.5.9.6
- denial-of-service attacks
-
- finding system resource limits, 11.5.6.3
- eliminating audit trail, 11.5.5.10
- monitoring security violations, 10.1
- Oracle Database Vault addressing insider threats, 1.4
- reports
-
- AUDIT Privileges Report, 11.5.5.10
- Objects Dependent on Dynamic SQL Report, 11.5.9.3
- Privileges Distribution By Grantee, Owner Report, 11.5.4.2
- Unwrapped PL/SQL Package Bodies Report, 11.5.9.4
- SQL injection attacks, 11.5.9.3
- tracking
-
- with factor auditing, 7.3
- with rule set auditing, 5.3
- IP addresses
-
- Client_IP default factor, 7.2
- defined with factors, 7.1
J
- Java Policy Grants Report, 11.5.9.1
- Java stored procedures
-
- EXECUTE ANY PROCEDURE privilege, I.3.7.1
- guidelines on managing, I.3.7
- realm protections, 4.9
L
- Label Security Integration Audit Report, 11.4.2.4
- labels
-
- about, 7.5.1
- See also Oracle Label Security
- languages
-
- finding with DVF.F$LANG, H.2
- finding with DVF.F$LANGUAGE, H.2
- name
-
- Lang default factor, 7.2
- Language default factor, 7.2
- languages, adding to Database Vault, C.2
- LBACSYS account
-
- about, D.3
- auditing policy, A.3
- factor integration with OLS policy requirement, 9.4.3
- See also Oracle Label Security
- LBACSYS schema
-
- auditing policy, A.3
- listener, starting, B.3
- locked out accounts, solution for, B.1
- log files
-
- database process, 3.1
- logging on
-
- Oracle Database Vault
-
- Oracle Database Vault Owner account, 3.1
- reports, Core Database Audit Report, 11.5.8
- LogMiner packages
-
- guidelines, I.3.5
- lsnrctl process, starting, B.3
M
- maintenance on Oracle Database Vault, B.1
- managing user accounts and profiles on own account, Can Maintain Own Accounts default rule set, 5.2
- managing user accounts and profiles, Can Maintain Accounts/Profiles default rule set, 5.2
- mapping identities, 7.5.2
- monitoring
-
- activities, 10
N
- nested rules, 5.7.2
- network protocol
-
- finding with DVF.F$NETWORK_PROTOCOL, H.2
- network protocol, Network_Protocol default factor, 7.2
- NOAUDIT statement
-
- monitoring, 10.3
- Non-Owner Object Trigger Report, 11.5.9.7
- nonsystem database accounts, 11.5.1.3
O
- Object Access By PUBLIC Report, 11.5.1.1
- Object Access Not By PUBLIC Report, 11.5.1.2
- Object Dependencies Report, 11.5.1.4
- object owners
-
- nonexistent, 11.4.1.1
- reports
-
- Command Rule Configuration Issues Report, 11.4.1.1
- object privilege reports, 11.5.1
- objects
-
- auditing policies, A.1
- command rule objects
-
- name, 6.4
- owner, 6.4
- processing, 6.6
- dynamic SQL use, 11.5.9.3
- monitoring, 10.3
- object names
-
- finding with DVSYS.DV_DICT_OBJ_NAME, H.3
- object owners
-
- finding with DVSYS.DV_DICT_OBJ_OWNER, H.3
- object privileges
-
- checking with DVSYS.DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function, G.2
- realms
-
- functions for registering, E.1
- object name, 4.5
- object owner, 4.5
- object type, 4.5
- reports
-
- Access to Sensitive Objects Report, 11.5.3.2
- Accounts with SYSDBA/SYSOPER Privilege Report, 11.5.3.4
- Direct Object Privileges Report, 11.5.1.3
- Execute Privileges to Strong SYS Packages Report, 11.5.3.1
- Non-Owner Object Trigger Report, 11.5.9.7
- Object Access By PUBLIC Report, 11.5.1.1
- Object Access Not By PUBLIC Report, 11.5.1.2
- Object Dependencies Report, 11.5.1.4
- Objects Dependent on Dynamic SQL Report, 11.5.9.3
- OS Directory Objects Report, 11.5.9.2
- privilege, 11.5.1
- Public Execute Privilege To SYS PL/SQL Procedures Report, 11.5.3.3
- sensitive, 11.5.3
- System Privileges By Privilege Report, 11.5.2.5
- types
-
- finding with DVSYS.DV_DICT_OBJ_TYPE, H.3
- views, DBA_DV_REALM_OBJECT, D.4
- See also database objects
- Objects Dependent on Dynamic SQL Report, 11.5.9.3
- OEM
-
- See Oracle Enterprise Manager (OEM)
- OLS
-
- See Oracle Label Security
- operating systems
-
- reports
-
- OS Directory Objects Report, 11.5.9.2
- OS Security Vulnerability Privileges Report, 11.5.5.11
- vulnerabilities, 11.5.5.11
- ora_name_list_t, concatenating with DVSYS.DBMS_MACUTL.GET_SQL_TEXT function, G.2
- Oracle database
-
- See databases
- Oracle Database Vault
-
- about, 1.1
- components, 1.2, 1.2.1
- disabling, B
- enabling, B
- error tracking, J
- frequently asked questions, 1.1
- integrating with other Oracle products, 9
- maintenance, B.1
- troubleshooting, J
- Oracle Database Vault Administrator
-
- logging on, 3.1
- starting, 3.1
- Oracle Database Vault Configuration Assistant (DVCA)
-
- about, 1.2.3
- configuring Database Vault on RAC nodes, C.1
- languages, adding to Database Vault, C.2
- Oracle Database Vault Owner account
-
- example of logging on with, 3.1
- Oracle Enterprise Manager
-
- DBSNMP account, 4.2
- default realm used for, 4.2
- performance tools, 4.14
- SYSMAN account, 4.2
- Oracle Enterprise User Security, integrating with Oracle Database Vault, 9.1
- Oracle Internet Directory Distinguished Name, Proxy_Enterprise_Identity default factor, 7.2
- Oracle Label Security
-
- audit events, custom, A.4.1
- checking if installed using DVSYS.DBMS_MACUTL functions, G.2
- database option, 1.2.6
- functions
-
- DVSYS.DBMS_MACADM (configuration), E.6
- DVSYS.DBMS_MACUTL (utility), G.1
- how Database Vault integrates with, 9.4.1
- initialization, command rules, 6.1
- integration with Oracle Database Vault
-
- example, 9.4.4
- Label Security Integration Audit Report, 11.4.2.4, 11.4.2.4
- procedure, 9.4.3
- requirements, 9.4.2
- labels
-
- about, 7.5.1
- determining with GET_FACTOR_LABEL, H.1.6
- invalid label identities, 11.4.1.4
- policies
-
- accounts that bypass, 11.5.5.3
- monitoring policy changes, 10.3
- nonexistent, 11.4.1.2
- Oracle Policy Manager, 1.2.6
- views
-
- DBA_DV_MAC_POLICY, D.4
- DBA_DV_MAC_POLICY_FACTOR, D.4
- DBA_DV_POLICY_LABEL, D.4
- See also LBACSYS account
- Oracle Policy Manager
-
- used with Oracle Label Security, 1.2.6
- Oracle Real Application Clusters (RAC)
-
- compatibility with Oracle Database Vault, 1.1
- configuring Database Vault on RAC nodes, C.1
- enabling and disabling Oracle Database Vault, B
- multiple factor identities, 7.3
- Oracle software owner, guidelines on managing, I.2.2
- Oracle Technology Network (OTN), Preface
- Oracle Virtual Private Database (VPD)
-
- accounts that bypass, 11.5.5.3
- factors, attaching to, 9.3
- GRANT EXECUTE privileges with Grant VPD Administration default rule set, 5.2
- OS Directory Objects Report, 11.5.9.2
- OS Security Vulnerability Privileges Report, 11.5.5.11
- OS_AUTHENT_PREFIX initialization parameter, 2.1.1
- OS_ROLES initialization parameter, 2.1.1
P
- parameters
-
- modified after installation, 2.1
- reports
-
- Security Related Database Parameters Report, 11.5.6.1
- parent factors
-
- See factors
- Password History Access Report, 11.5.5.6
- passwords
-
- forgotten, solution for, B.1
- reports, 11.5.7
-
- Database Account Default Password Report, 11.5.7.1
- Password History Access Report, 11.5.5.6
- Username/Password Tables Report, 11.5.9.5
- patches
-
- security consideration, I.3
- performance
-
- rule sets, order of rule run, 5.7.2
- performance effect
-
- command rules, 6.9
- realms, 4.14
- reports
-
- Resource Profiles Report, 11.5.6.2
- System Resource Limits Report, 11.5.6.3
- rule sets, 5.10
- secure application roles, 8.7
- performance tools
-
- Database Control, realms, 4.14
- Oracle Enterprise Manager
-
- command rules, 6.9
- factors, 7.10
- realms, 4.14
- rule sets, 5.10
- secure application roles, 8.7
- Oracle Enterprise Manager Database Control
-
- command rules, 6.9
- factors, 7.10
- rule sets, 5.10
- secure application roles, 8.7
- STATSPACK utility
-
- command rules, 6.9
- factors, 7.10
- realms, 4.14
- rule sets, 5.10
- secure application roles, 8.7
- TKPROF utility
-
- command rules, 6.9
- factors, 7.10
- realms, 4.14
- rule sets, 5.10
- secure application roles, 8.7
- PL/SQL
-
- packages
-
- summarized, H.4
- unwrapped bodies, 11.5.9.4
- Unwrapped PL/SQL Package Bodies Report, 11.5.9.4
- PL/SQL factor functions, H.2
- policy changes, monitoring, 10.3, 10.4
- port number
-
- finding, 3.1
- Oracle Database Vault, 3.1
- privileges
-
- ANY privileges, D.2.6
- auditing policies, A.1
- checking with DVSYS.DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function, G.2
- least privilege principle
-
- violations to, 11.5.9.1
- monitoring
-
- GRANT statement, 10.3
- REVOKE statement, 10.3
- Oracle Database Vault restricting, 2.2
- reports
-
- Accounts With DBA Roles Report, 11.5.5.2
- ALTER SYSTEM or ALTER SESSION Report, 11.5.5.5
- ANY System Privileges for Database Accounts Report, 11.5.2.4
- AUDIT Privileges Report, 11.5.5.10
- Database Accounts With Catalog Roles Report, 11.5.5.9
- Direct and Indirect System Privileges By Database Account Report, 11.5.2.2
- Direct System Privileges By Database Account Report, 11.5.2.1
- Hierarchical System Privileges By Database Account Report, 11.5.2.3
- listed, 11.5.4
- OS Directory Objects Report, 11.5.9.2
- Privileges Distribution By Grantee Report, 11.5.4.1
- Privileges Distribution By Grantee, Owner Report, 11.5.4.2
- Privileges Distribution By Grantee, Owner, Privilege Report, 11.5.4.3
- WITH ADMIN Privilege Grants Report, 11.5.5.1
- WITH GRANT Privileges Report, 11.5.5.7
- roles
-
- checking with DVSYS.DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function, G.2
- system
-
- checking with DVSYS.DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function, G.2
- views
-
- DBA_DV_PUB_PRIVS, D.4
- DBA_DV_USER_PRIVS, D.4
- DBA_DV_USER_PRIVS_ALL, D.4
- Privileges Distribution By Grantee Report, 11.5.4.1
- Privileges Distribution By Grantee, Owner Report, 11.5.4.2
- Privileges Distribution By Grantee, Owner, Privilege Report, 11.5.4.3
- privileges using external password, 11.5.3.4
- problems, diagnosing, J.1
- profiles, 11.5.6
- proxy users
-
- finding with DVF.F$PROXYUSER, H.2
- Public Execute Privilege To SYS PL/SQL Procedures Report, 11.5.3.3
Q
- quotas
-
- tablespace, 11.5.9.6
R
- RAC
-
- See Oracle Real Application Clusters (RAC)
- Realm Audit Report, 11.4.2.1
- Realm Authorization Configuration Issues Report, 11.4.1.5
- realms
-
- about, 4.1
- audit events, custom, A.4.1
- authentication-related functions, E.1
- authorization
-
- how realm authorizations work, 4.10
- process flow, 4.10
- troubleshooting, J.2
- updating with DVSYS.DBMS_MACADM.UPDATE_REALM_AUTH, E.1
- authorizations
-
- grantee, 4.6
- rule set, 4.6
- creating, 4.3
- default realms, 4.2
- deleting, 4.8
- disabling, 4.7
- DV_REALM_OWNER role, D.2.3
- DV_REALM_RESOURCE role, D.2.4
- editing, 4.4
- effect on other Oracle Database Vault components, 4.12
- enabling, 4.7
- example, 4.11
- functions
-
- DVSYS.DBMS_MACADM (configuration), E.1, E.1
- DVSYS.DBMS_MACUTL (utility), G
- DVSYS.DBMS_MACUTL fields (constants), G.1
- guidelines, 4.13
- how realms work, 4.9
- Java stored procedures, 4.9
- object-related functions, E.1
- performance effect, 4.14
- process flow, 4.9
- realm authorizations
-
- about, 4.6
- realm secured objects
-
- deleting, 4.5
- editing, 4.5
- object name, 4.5
- object owner, 4.5
- object type, 4.5
- realm system authorizations
-
- creating, 4.6
- deleting, 4.6
- editing, 4.6
- realm-secured objects, 4.5
- reports, 4.15
- roles
-
- DV_REALM_OWNER, D.2.3
- DV_REALM_RESOURCE, D.2.4
- secured object, 11.4.1.5
- territory a realm protects, 4.5
- troubleshooting, J.2, J.3
- updating with DVSYS.DBMS_MACADM.UPDATE_REALM, E.1
- views
-
- DBA_DV_CODE, D.4
- DBA_DV_REALM, D.4
- DBA_DV_REALM_AUTH, D.4
- DBA_DV_REALM_OBJECT, D.4, D.4
- See also rule sets
- RECOVERY_CATALOG_OWNER role, 11.5.5.9
- recycle bin, guidelines on managing, I.3.2
- REMOTE_LOGIN_PASSWORDFILE initialization parameter, 2.1.1
- REMOTE_OS_AUTHENT initialization parameter, 2.1.1
- REMOTE_OS_ROLES initialization parameter, 2.1.1
- reporting menu
-
- report results page, 11.3
-
- parameter, 11.3
- reports
-
- about, 11.1
- Access to Sensitive Objects Report, 11.5.3.2
- Accounts With DBA Roles Report, 11.5.5.2
- Accounts with SYSDBA/SYSOPER Privilege Report, 11.5.3.4
- ALTER SYSTEM or ALTER SESSION Report, 11.5.5.5
- ANY System Privileges for Database Accounts Report, 11.5.2.4
- AUDIT Privileges Report, 11.5.5.10
- auditing, 11.4.2
- BECOME USER Report, 11.5.5.4
- categories of, 11.1
- Command Rule Audit Report, 11.4.2.2
- Command Rule Configuration Issues Report, 11.4.1.1
- Core Database Audit Report, 11.5.8
- Core Database Vault Audit Trail Report, 11.4.2.5
- Database Account Default Password Report, 11.5.7.1
- Database Account Status Report, 11.5.7.2
- Database Accounts With Catalog Roles Report, 11.5.5.9
- Direct and Indirect System Privileges By Database Account Report, 11.5.2.2
- Direct Object Privileges Report, 11.5.1.3
- Direct System Privileges By Database Account Report, 11.5.2.1
- Execute Privileges to Strong SYS Packages Report, 11.5.3.1
- Factor Audit Report, 11.4.2.3
- Factor Configuration Issues Report, 11.4.1.2
- Factor Without Identities, 11.4.1.3
- general security, 11.5
- Hierarchical System Privileges by Database Account Report, 11.5.2.3
- Identity Configuration Issues Report, 11.4.1.4
- Java Policy Grants Report, 11.5.9.1
- Label Security Integration Audit Report, 11.4.2.4
- Non-Owner Object Trigger Report, 11.5.9.7
- Object Access By PUBLIC Report, 11.5.1.1
- Object Access Not By PUBLIC Report, 11.5.1.2
- Object Dependencies Report, 11.5.1.4
- Objects Dependent on Dynamic SQL Report, 11.5.9.3
- OS Directory Objects Report, 11.5.9.2
- OS Security Vulnerability Privileges, 11.5.5.11
- Password History Access Report, 11.5.5.6
- permissions for running, 11.2
- privilege management, 11.5.4
- Privileges Distribution By Grantee Report, 11.5.4.1
- Privileges Distribution By Grantee, Owner Report, 11.5.4.2
- Privileges Distribution By Grantee, Owner, Privilege Report, 11.5.4.3
- Public Execute Privilege To SYS PL/SQL Procedures Report, 11.5.3.3
- Realm Audit Report, 11.4.2.1
- Realm Authorization Configuration Issues Report, 11.4.1.5
- Resource Profiles Report, 11.5.6.2
- Roles/Accounts That Have a Given Role Report, 11.5.5.8
- Rule Set Configuration Issues Report, 11.4.1.6
- running, 11.3
- Secure Application Configuration Issues Report, 11.4.1.7
- Secure Application Role Audit Report, 11.4.2.6
- Security Policy Exemption Report, 11.5.5.3
- Security Related Database Parameters, 11.5.6.1
- security vulnerability, 11.5.9
- System Privileges By Privilege Report, 11.5.2.5
- System Resource Limits Report, 11.5.6.3
- Tablespace Quotas Report, 11.5.9.6
- Unwrapped PL/SQL Package Bodies Report, 11.5.9.4
- Username /Password Tables Report, 11.5.9.5
- WITH ADMIN Privileges Grants Report, 11.5.5.1
- WITH GRANT Privileges Report, 11.5.5.7
- required parameters page
-
- % wildcard, 11.3
- Resource Profiles Report, 11.5.6.2
- resources
-
- reports
-
- Resource Profiles Report, 11.5.6.2
- System Resource Limits Report, 11.5.6.3
- REVOKE statement
-
- monitoring, 10.3
- roles
-
- catalog-based, 11.5.5.9
- Database Vault default roles, D.2.1
- privileges, checking with DVSYS.DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function, G.2
- role enablement in incomplete rule set, 11.4.1.7
- role-based system privileges, 11.5.2.3
- Roles/Accounts That Have a Given Role Report, 11.5.5.8
- root access, guidelines on managing, I.2.1
- Rule Set Configuration Issues Report, 11.4.1.6
- rule sets
-
- about, 5.1
- adding existing rules, 5.5.2
- audit options, 5.3
- command rules
-
- disabled, 11.4.1.1
- selecting for, 6.4
- used with, 6.1
- CONNECT role configured incorrectly, solution for, B.1
- creating, 5.3
-
- rules in, 5.5.1
- default rule sets, 5.2
- deleting
-
- rule set, 5.6
- rules from, 5.5.1, 5.5.1
- disabled for
-
- factor assignment, 11.4.1.2
- realm authorization, 11.4.1.5
- editing
-
- rule sets, 5.4
- rules in, 5.5.1
- error options, 5.3
- evaluation of rules, 5.5
- evaluation options, 5.3
- event handlers, 5.3
- events firing, finding with DVSYS.DV_SYSEVENT, H.3
- examples, 5.8
- factors, selecting for, 7.3
- factors, used with, 7.1
- fail code, 5.3
- fail message, 5.3
- functions
-
- DVSYS.DBMS_MACADM (configuration), E.2, E.2
- DVSYS.DBMS_MACUTL (utility), G
- DVSYS.DBMS_MACUTL fields (constants), G.1
- PL/SQL functions for rule sets, H.3
- guidelines, 5.9
- how rule sets work, 5.7.1
- incomplete, 11.4.1.1
- naming, 5.3
- nested rules, 5.7.3
- order of rules run
-
- performance, 5.7.2
- setting, 5.7.2
- performance effect, 5.10
- process flow, 5.7.1
- reports, 5.11
- rules that exclude one user, 5.7.4
- template creation, 5.3
- troubleshooting, J.2, J.3
- views
-
- DBA_DV_RULE, D.4
- DBA_DV_RULE_SET, D.4
- DBA_DV_RULE_SET_RULE, D.4
- See also command rules, factors, realms, rules, secure application roles
- rules
-
- about, 5.5
- creating, 5.5.1
- deleting from rule set, 5.5.1
- editing, 5.5.1
- existing rules, adding to rule set, 5.5.2
- nested in rule sets, 5.7.2
- nested within a rule set, 5.7.3
- removing from rule set, 5.5.1
- troubleshooting, J.2
- views
-
- DBA_DV_RULE, D.4
- DBA_DV_RULE_SET_RULE, D.4
- See also rule sets
S
- schemas
-
- DVF, D.1.2
- DVSYS, D.1.1
- Secure Application Configuration Issues Report, 11.4.1.7
- secure application role, 8.1
- Secure Application Role Audit Report, 11.4.2.6
- secure application roles
-
- creating, 8.2
- deleting, 8.4
- DVSYS.DBMS_MACSEC_ROLES.SET_ROLE function, 8.2
- example, 8.6
- functionality, 8.5
- functions
-
- DVSYS.DBMS_MACADM (configuration), E.5, E.5
- DVSYS.DBMS_MACSEC_ROLES (configuration), F
- DVSYS.DBMS_MACSEC_ROLES package, F
- DVSYS.DBMS_MACUTL (utility), G, G.2
- DVSYS.DBMS_MACUTL fields (constants), G.1
- guidelines on managing, 8.3
- performance effect, 8.7
- reports, 8.8
-
- Rule Set Configuration Issues Report, 11.4.1.6
- troubleshooting, J.3
- troubleshooting with auditing report, 11.4.2.6
- views
-
- DBA_DV_ROLE, D.4
- See also roles, rule sets
- secure role applications
-
- audit event, custom, A.4.1
- security policies
-
- monitoring changes, 10.4
- security policies, Oracle Database Vault addressing, 1.5
- Security Policy Exemption Report, 11.5.5.3
- Security Related Database Parameters Report, 11.5.6.1
- security violations
-
- monitoring attempts, 10.1
- security vulnerabilities
-
- how Database Vault addresses, 1.6
- operating systems, 11.5.5.11
- reports, 11.5.9
-
- Security Related Database Parameters Report, 11.5.6.1
- root operating system directory, 11.5.9.2
- SELECT statement
-
- controlling with command rules, 6.1
- SELECT_CATALOG_ROLE role, 11.5.5.9
- sensitive objects reports, 11.5.3
- separation of duty concept
-
- command rules, 6.2
- database accounts, D.3
- database accounts, suggested, D.3
- database roles, 2.3
- Database Vault Account Manager role, D.3
- Oracle Database Vault enforcing, 1.1
- realms, 1.6
- restricting privileges, 2.2
- roles, D.2.1
- sessions
-
- audit events, custom, A.4.1
- DVSYS.DBMS_MACUTL fields, G.1
- finding session user with DVF.F$SESSION_USER, H.2
- retrieving information with functions, E.4
- SQL injection attacks, detecting with Object Dependent on Dynamic SQL Report, 11.5.9.3
- SQL statements
-
- default command rules that protect, 6.2
- SQL text, finding with DVSYS.DV_SQL_TEXT, H.3
- SQL92_SECURITY initialization parameter, 2.1.1
- subfactors
-
- See child factors under factors topic
- SYS schema
-
- command rules, 6.4
- SYSDBA access
-
- guidelines on managing, I.2.3
- SYSOPER access
-
- guidelines on managing, I.2.4
- system features
-
- disabling with Disabled rule set, 5.2
- enabling with Enabled rule set, 5.2
- system privileges
-
- checking with DVSYS.DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function, G.2
- reports
-
- System Privileges By Privileges Report, 11.5.2.5
- System Privileges By Privilege Report, 11.5.2.5
- System Resource Limits Report, 11.5.6.3
- system root access, guideline on managing, I.2.1
T
- tablespace quotas, 11.5.9.6
- Tablespace Quotas Report, 11.5.9.6
- templates, for rule sets, 5.3
- third party products, affected by Oracle Database Vault, B.1
- time data
-
- DVSYS.DBMS_MACUTL functions, G.2
- trace files
-
- about, J.1
- enabling, J.1
- Transparent Data Encryption, used with Oracle Database Vault, 9.2
- triggers
-
- different from object owner account, 11.5.9.7
- reports, Non-Owner Object Trigger Report, 11.5.9.7
- troubleshooting
-
- access security sessions, 11.4.2.5
- auditing reports, using, 11.4.2
- command rules, J.1
- events, J.1
- factors, J.2
- general diagnostic tips, J.2
- locked out accounts, B.1
- passwords, forgotten, B.1
- realms, J.2
- rule sets, J.2
- rules, J.2
- secure application roles, 11.4.2.6
- trust levels
-
- about, 7.5.1
- determining for identities with DVSYS.GET_TRUST_LEVEL_FOR_IDENTITY, H.1.4
- determining with DVSYS.GET_TRUST_LEVEL, H.1.3
- factor identity, 7.5.1
- factors, 7.5.1
- for factor and identity requested, H.1.4
- identities, 7.3
- of current session identity, H.1.3
- trusted users
-
- accounts and roles that should be limited, I.2
- default for Oracle Database Vault, I.1
- tutorial, 3.2
U
- Unwrapped PL/SQL Package Bodies Report, 11.5.9.4
- user names
-
- reports, Username/Password Tables Report, 11.5.9.5
- USER_HISTORY$ table, 11.5.5.6
- Username/Password Tables Report, 11.5.9.5
- users
-
- auditing policies, A.1
- enterprise identities, finding with DVF.F$PROXY_ENTERPRISE_IDENTITY, H.2
- enterprise-wide identities, finding with DVF.F$ENTERPRISE_IDENTITY, H.2
- finding proxy user with DVF.F$PROXYUSER, H.2
- finding session user with DVF.F$SESSION_USER, H.2
- login user name, finding with DVSYS.DV_LOGIN_USER, H.3
- utility functions
-
- See DVSYS.DBMS_MACUTL package
- UTL_FILE object, 11.5.1.4
- UTL_FILE package, guidelines on managing, I.3.1
V
- views
-
- Oracle Database Vault-specific views, D.4
- See also names beginning with DBA_DV
- VPD
-
- See Oracle Virtual Private Database (VPD)
W
- wildcard, %, 11.3
- WITH ADMIN Privileges Grants Report, 11.5.5.1
- WITH ADMIN status, 11.5.2.1, 11.5.2.2
- WITH GRANT clause, 11.5.5.7
- WITH GRANT Privileges Report, 11.5.5.7