This document provides a comprehensive overview of security for Oracle Database. It includes conceptual information about security requirements and threats, descriptions of Oracle Database security features, and procedural information that explains how to use those features to secure your database.

This preface contains these topics:


The Oracle Database Security Guide is intended for database administrators (DBAs), security administrators, application developers, and others tasked with performing the following operations securely and efficiently:

To use this document, you need a basic understanding of how and why a database is used, as well as at least basic familiarity with SQL queries or programming.

Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at

Access to Oracle Support

Oracle customers have access to electronic support through My Oracle Support. For information, visit or visit if you are hearing impaired.


This document contains:

Part I, "Overview of Security Considerations and Requirements"

Part I presents fundamental concepts of data security, and offers checklists and policies to aid in securing your site's data, operations, and users.

Chapter 1, "Security Requirements, Threats, and Concepts"

This chapter presents fundamental concepts of data security requirements and threats.

Chapter 2, "Security Checklists and Recommendations"

This chapter presents checklists, with brief explanations, for policies and practices that reduce your installation's vulnerabilities.

Chapter 3, "Security Policies and Tips"

This chapter presents basic general security policies, with specific chapter references, that apply to every site. These you must understand and apply to the unique considerations of your own site. The chapter also introduces general application design practices regarding roles and privileges.

Part II, "Security Features, Concepts, and Alternatives"

Part II presents methods and features that address the security requirements, threats, and concepts described in Part I.

Chapter 4, "Authentication Methods"

This chapter deals with verifying the identity of anyone who wants to use data, resources, or applications. Authentication establishes a trust relationship for further interactions as well as accountability linking access and actions to a specific identity.

Chapter 5, "Authorization: Privileges, Roles, Profiles, and Resource Limitations"

This chapter describes standard authorization processes that allow an entity to have certain levels of access and action, but which also limit the access, actions, and resources permitted to that entity.

Chapter 6, "Access Control on Tables, Views, Synonyms, or Rows"

This chapter discusses protecting objects by using object-level privileges and views, as well as by designing and using policies to restrict access to specific tables, views, synonyms, or rows. Such policies invoke functions that you design to specify dynamic predicates establishing the restrictions.

Chapter 7, "Security Policies"

This chapter discusses security policies in separate sections dealing with system security, data security, user security, password management, and auditing. It concludes with a more detailed version of the checklist first presented in Chapter 2.

Chapter 8, "Database Auditing: Security Considerations"

This chapter presents auditing as the monitoring and recording of selected user database actions. Auditing can be based either on individual actions, such as the type of SQL statement executed, or on combinations of factors that can include user name, application, time, and so on. Security policies can trigger auditing when specified elements in an Oracle database are accessed or altered, including the contents within a specified object.

Part III, "Security Implementation, Configuration, and Administration"

Part III presents the details of setting up, configuring, and administering Oracle Database security features.

Chapter 9, "Secure External Password Store"

This chapter discusses the secure external password store which allows you to store password credentials in a client side Oracle Wallet. It discusses client configuration for using the external password store. It also discusses managing external password store credentials.

Chapter 10, "Administering Authentication"

This chapter describes the methods for creating and administering authentication by defining users and how they are to be identified and verified before access is granted. Chapter 10 discusses the four primary methods as database, external, global, and proxy authentication.

Chapter 11, "Administering User Privileges, Roles, and Profiles"

This chapter presents the interwoven tasks and considerations involved in granting, viewing, and revoking database user privileges and roles, and the profiles that contain them.

Chapter 12, "Configuring and Administering Auditing"

This chapter describes auditing and accountability to protect and preserve privacy for the information stored in databases, detect suspicious activities, and enable finely-tuned security responses.

Chapter 13, "Introducing Database Security for Application Developers"

This chapter provides an introduction to the security challenges that face application developers and includes an overview of Oracle Database features they can use to develop secure applications.

Chapter 14, "Using Virtual Private Database to Implement Application Security Policies"

This chapter discusses developing secure applications by using application context, fine-grained access control, or virtual private database to implement security policies.

Chapter 15, "Implementing Application Context and Fine-Grained Access Control"

This chapter provides several examples of applications developed using application context, fine-grained access control, and virtual private database. It includes code examples and their corresponding explanations.

Chapter 16, "Preserving User Identity in Multitiered Environments"

This chapter discusses developing secure multiple tier applications.

Chapter 17, "Developing Applications Using Data Encryption"

This chapter discusses how you can use data encryption to develop secure applications, and the strengths and weaknesses of using this feature.

Part IV, "Appendixes"

Part IV contains two appendixes. The first appendix discusses new changes to the CONNECT role. The second appendix discusses the DBMS_SQLHASH package, which is used to verify data integrity.

Appendix A, "Addressing The CONNECT Role Change"

This appendix discusses the consequences of the fact that all privileges have been removed from the CONNECT role except the CREATE SESSION privilege.

Appendix B, "Verifying Data Integrity with DBMS_SQLHASH"

This appendix discusses the DBMS_SQLHASH package that can be used to verify data integrity.


Related Documentation

For more information, see these Oracle resources:

Many of the examples in this book use the sample schemas of the seed database, which is installed by default when you install Oracle. Refer to Oracle Database Sample Schemas for information on how these schemas were created and how you can use them yourself.

Oracle Store

Printed documentation is available for sale in the Oracle Store at

Oracle Technology Network (OTN)

You can download free release notes, installation documentation, updated versions of this guide, white papers, or other collateral from the Oracle Technology Network (OTN). Visit

For security-specific information on OTN, visit

For the latest version of the Oracle documentation, including this guide, visit

Oracle Documentation Search Engine

To access the database documentation search engine directly, visit

My Oracle Support

You can find information about security patches, certifications, and the support knowledge base by visiting My Oracle Support (formerly OracleMetaLink) at


The following text conventions are used in this document:

Convention Meaning
boldface Boldface type indicates graphical user interface elements associated with an action, or terms defined in text or the glossary.
italic Italic type indicates book titles, emphasis, or placeholder variables for which you supply particular values.
monospace Monospace type indicates commands within a paragraph, URLs, code in examples, text that appears on the screen, or text that you enter.