|Oracle® Database Vault Administrator's Guide
Oracle9i Release 2 (220.127.116.11)
Part Number B32509-14
|PDF · Mobi · ePub|
This appendix contains:
You can monitor your Oracle Database Vault database instance for server and background process events by checking the database instance trace files. Trace files reveal events such as the logic that the Oracle Database Vault security enforcement engine executes, and internal errors, block corruption errors, deadlock errors, administrative actions that may have occurred, values of parameters that had nondefault settings when the database instance started, and other information.
Be careful about enabling trace files, however. Doing so can increase the overhead of the database instance operation, which could decrease performance. Contact Oracle Support before you decide to enable tracing.
See Oracle Database Performance Tuning Guide for more information about trace files. The
USER_DUMP_DEST initialization parameter specifies the current location of the trace files. You can find the value of this parameter by issuing
SHOW PARAMETER USER_DUMP_DEST in SQL*Plus.
ALTER SESSION SET EVENTS '47998 trace name context forever, level 12'
For example, suppose you have an account that is trying to use a statement that is protected by a command rule, but the statement is not working as expected. You can diagnose the enforcement logic for this account by granting it the
ALTER SESSION privilege, issuing the
ALTER SESSION statement, and then retrying the statement. Afterward, check the trace files to determine what is going on.
You can disable tracing by issuing the following statement:
ALTER SESSION SET EVENTS '47998 trace name context off'
For realm protections, verify that a user has the underlying system or object privileges (granted directly or through a role) that might affect the command.
The value of the initialization parameter
NLS_LANGUAGE in Oracle Database must match up correctly with the locale and NLS settings at the operating system level (either
LANG environment variables). For example, if the operating system locale (the variable
$LANG) setting is
en_US.UTF-8, then the corresponding
NLS_LANG environment variable should be set to
AMERICAN_AMERICA.AL32UTF8 and the database
NLS_LANGUAGE parameter value will be
AMERICAN. The database
NLS_LANGUAGE parameter is derived from the operating system
NLS_LANG environment variable.
For more information about checking and configuring locale and NLS settings, see the appendix that covers globalization support in the Oracle Database Installation Guide for your platform.
For PL/SQL expressions used in factors and rule sets, grant
EXECUTE privileges on the PL/SQL package functions used in these expressions directly to the account and determine if the results appear to be correct.
Use the auditing reports to diagnose problems in general. See "Oracle Database Vault Auditing Reports" for more information.
If you suspect problems with the configuration of realms, command rules, factors, rule sets, or secure application roles, you can run the appropriate configuration report. See the following sections for more information:
To run these reports, see "How to Run Oracle Database Vault Reports".