Skip Headers
Oracle® Database Real Application Security Administrator's and Developer's Guide
12c Release 1 (12.1)

E10479-19
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
PDF · Mobi · ePub

Index

A  C  D  E  F  G  I  J  M  N  O  P  R  S  T  U  V  W  X 

A

access control entry (ACE)
about, 1.2.5
definition, 4.3.1
access control lists (ACL)
about, 1.2.6
directories
trace files, using to resolve predicate errors, 5.4.3
dynamic data realm constraints
about, 5.4.2
ACL evaluation order, 5.6.3
evaluation order, 5.6.3
static data realm constraints
ACL evaluation order, 5.6.3
static data realms
about, 5.4.2
user-managed
example, 5.6.2
ACE
definition, 4.3.1
evaluation order, 4.3.9
acl
troubleshooting, D.2.4
ACL
adding ACE, 4.3.4
binding, 4.5
changing security class, 4.3.4
constraining inheritance, 4.3.10.2
create, 4.3.2
extending inheritance, 4.3.10.1
identifiers
master-detail tables, retrieving ACL identifiers for, 9.4
inheritance, 4.3.10
constraining, 4.3.10.2, 4.3.10.2
extending, 4.3.10.1, 4.3.10.1
inheritance|ACL
changing parent ACL, 4.3.4
multilevel authentication, 4.3.6
removing ACL, 4.3.4
scope
definition, 4.2.3
ACLS
See access control lists
ACLs and ACEs
about, 4.3.1
creating, 4.3.2
aggregate privilege
about, 1.2.3
benefits, 1.2.3
definition, 4.1.1
ALL grant, 4.1.1.1
ALL privilege, 4.1.1.1
ALL_XDS_ACL_REFRESH view, 8.39
ALL_XDS_ACL_REFSTAT view, 8.40
ALL_XDS_LATEST_ACL_REFSTAT view, 8.41
anonymous user, 7.1
application integration
support for external users and roles, 7.1
application privileges
about, 1.2.3
granting to principles, 2.4
application roles
about, 1.2.2, 1.2.2, 1.2.2, 2.2.1
creating dynamic role, 2.2.2.2, 2.2.3.2
creating regular role, 2.2.2.1, 2.2.3.1
granting database role to an application role, 2.4.3
granting to another application role, 2.4.2
granting to existing application user, 2.4.1.2
granting to new application user, 2.4.1.1
using effective dates, 2.3
validating, 2.2.3.3
application sessions
about, 3.1
advantages, 3.1.2
attaching, 3.2.3
cookies, setting for, 3.2.4
creating, 3.1.1, 3.2.1, 10.1.4.1
creating anonymous application session, 3.2.2
database session
attaching to, 10.1.4.2
detaching from, 10.1.4.18
destroying, 10.1.4.19
event handling, 3.2.7
global callback events, using, 3.2.7
namespace
creating, 10.1.4.5
deleting, 10.1.4.11
namespaces
attribute values, getting, 10.1.4.8
attribute values, setting, 10.1.4.7
attributes, getting, 3.3.4
attributes, setting, 3.3.3
deleting, 3.3.6
roles
disabling for specified session, 10.1.4.13
enabling for specified session, 10.1.4.12
roles, disabling from session, 3.3.8
roles, enabling for session, 3.3.7
saving, 10.1.4.17
security context, setting, 10.1.4.4
session state, manipulating, 3.3
switch user, 10.1.4.4
troubleshooting, D.2.1
users, assigning to, 3.2.5
users, creating namespace templates, 3.3.1.3
users, custom attributes, 3.3.5
users, destroying, 3.2.10
users, detaching from, 3.2.9
users, initializing namespaces, 3.3.2.1, 3.3.2.2, 3.3.2.3, 3.3.2.4
users, initializing namespaces explicitly, 3.3.2.5
users, switching to, 3.2.6
application sessions in the database
architecture figure, 3.1.1
application user roles
application sessions, disabling from, 3.3.8
application sessions, enabling for, 3.3.7
disabling for specified session, 10.1.4.13
enabling for specified session, 10.1.4.12
application users
about, 1.2.2, 2.1.1
application sessions, assigning to, 3.2.5
application sessions, creating namespace templates, 3.3.1.3
application sessions, custom attributes, 3.3.5
application sessions, destroying, 3.2.10
application sessions, detaching from, 3.2.9
application sessions, initializing namespaces, 3.3.2.1, 3.3.2.2, 3.3.2.3, 3.3.2.4
application sessions, initializing namespaces explicitly, 3.3.2.5
application sessions, switching to, 3.2.6
compared with database user, 1.2.2.1
creating, 2.1.1.1
direct login users, 2.1.3.2
creating direct login user, 2.1.3.1
definition, 1.2.2
general procedure, 2.1.1.1
modifying, 2.1.1.1
validating, 2.1.5
application users and roles
troubleshooting, D.2.2
applying
additional application privileges
to a column, 5.5
assigning
an application user to an anonymous application session, 3.2.5
attaching
an application session, 3.2.3
authentication
multilevel, 4.3.6, 4.3.6
strong, 4.3.6
weak, 4.3.6

C

CHECK_PRIVILEGE operator, 4.4.1
checking
ACLs for a privilege, 4.3.5, 4.3.5
checking security attribute
using getSecurityAttribute method
SecurityAttribute returns value ENABLED, B.2.1
SecurityAttribute returns value NONE, B.2.1
SecurityAttribute returns value UNKNOWN, B.2.1
checking user authorization indicator
using getAuthorizationIndicator method
AuthorizationIndicator returns value NONE, B.2.2
AuthorizationIndicator returns value UNAUTHORIZED, B.2.2
AuthorizationIndicator returns value UNKNOWN, B.2.2
column authorization
JDBCI interface, B.2
OCI interface, B.1
COLUMN_AUTH_INDICATOR function, 9.1
column-level security, 5.5
configuring
an application role, 2.2.3
application roles, 2.2
application user switch
proxying an application user, 2.1.4
application users, 2.1
global callback event handlers
for an application session, 3.2.7
constraining ACL inheritance
definition, 4.3.10.2
cookies
application sessions, setting for, 3.2.4
create views
using BEQUEATH clause, 5.9
creating
ACLs and ACEs, 4.3.2
anonymous application session, 3.2.2
application sessions, 3.2.1
application user accounts, 2.1.1.1
application users, 2.1.1.1
custom attributes
in application session, 3.3.5
direct login user, 2.1.3.1
dynamic application role, 2.2.2.2, 2.2.3.2
namespace templates, 3.3.1.3
namespaces
using namespace templates, 3.3.1
regular application role, 2.2.2.1, 2.2.3.1
security class, 4.2.2
simple application user account, 2.1.2

D

data realm constraints
affect on database tables, 5.6.2
membership methods, 5.4.1
membership rule (WHERE predicate)
about, 5.4.1
membership rules
session variables, guideline for, 5.4.1
parameterized
about, 5.4.1
types defined by WHERE predicates, 5.4.1
data realms
about, 5.1
definition, 4.4.1
structure, 5.4.1
See also dynamic data realms, static data realms
data security
about, 5.1
ACLs, 4.4
automatic refreshment for static ACL, 10.5.3.1
troubleshooting, D.2.5
with Oracle Database Real Application Security, 1.2.1
data security documents
example, 5.3
privileges
security checks, how handled, 5.8.1
privileges, column-level security, 5.5
data security policy
tables
enabling, 10.4.3.13
removing from, 10.4.3.12
data security privileges
alter refreshment for static ACL, 10.3.4.2, 10.5.3.2
automatic refreshment for static ACL, 10.3.4.1
database role
about, 1.2.2
database user
about, 1.2.2
compared with application user, 1.2.2.1
DataSecurity module, 4.4.1
DBA_XDS_ACL_REFRESH view, 8.42
DBA_XDS_ACL_REFSTAT view, 8.43
DBA_XDS_LATEST_ACL_REFSTAT view, 8.44
DBA_XS_ACES view, 4.3.1, 4.3.11, 8.19
DBA_XS_ACL_PARAMETERS view, 8.27
DBA_XS_ACLS view, 4.3.11, 8.17
DBA_XS_ACTIVE_SESSIONS view, 8.34
DBA_XS_APPLIED_POLICIES view, 8.31
DBA_XS_COLUMN_CONSTRAINTS view, 8.29
DBA_XS_DYNAMIC_ROLES view, 8.6
DBA_XS_EXTERNAL_PRINICIPALS view, 8.3
DBA_XS_IMPLIED_PRIVILEGES view, 8.11
DBA_XS_INHERITED_REALMS view, 8.25
DBA_XS_MODIFIED_POLICIES view, 8.32
DBA_XS_NS_TEMPLATE_ATTRIBUTES view, 8.38
DBA_XS_NS_TEMPLATES view, 8.37
DBA_XS_OBJECTS view, 8.1
DBA_XS_POLICIES view, 8.21
DBA_XS_PRINICIPALS view, 8.2
DBA_XS_PRIVILEGES view, 4.3.12, 8.9
DBA_XS_PROXY_ROLES view, 8.7
DBA_XS_REALM_CONSTRAINTS view, 8.23
DBA_XS_ROLE_GRANTS view, 8.8
DBA_XS_ROLES view, 8.5
DBA_XS_SECURITY_CLASS_DEP view, 4.3.12, 8.15
DBA_XS_SECURITY_CLASSES view, 4.3.12, 8.13
DBA_XS_SESSION_NS_ATTRIBUTES view, 8.36
DBA_XS_SESSION_ROLES view, 8.35
DBA_XS_SESSIONS view, 8.33
DBA_XS_USERS view, 8.4
DBMS_XS_SESSIONS PL/SQL package
about, 10.1, 10.1
ADD_GLOBAL_CALLBACK, 3.2.7, 10.1.4.20
ASSIGN_USER, 3.3.2.3, 10.1.4.3
ATTACH_SESSION, 3.3.2.2, 10.1.4.2
constants, 10.1.2
CREATE_ATTRIBUTE, 3.3.5, 10.1.4.6
CREATE_NAMESPACE, 3.3.2.5, 10.1.4.5
CREATE_SESSION, 3.3.2.1, 10.1.4.1
DELETE_ATTRIBUTE, 10.1.4.10
DELETE_GLOBAL_CALLBACK, 3.2.7, 10.1.4.22
DELETE_NAMESPACE, 3.3.6, 10.1.4.11
DESTROY_SESSION, 3.2.10, 10.1.4.19
DETACH_SESSION, 3.2.9, 10.1.4.18
DISABLE_ROLE, 3.3.8, 10.1.4.13
ENABLE_GLOBAL_CALLBACK, 3.2.7, 10.1.4.21
ENABLE_ROLE, 3.3.7, 10.1.4.12
GET_ATTRIBUTE, 3.3.4, 10.1.4.8
object types, constructor functions, 10.1.3
REAUTH_SESSION, 10.1.4.15
RESET_ATTRIBUTE, 10.1.4.9
SAVE_SESSION, 3.2.8, 10.1.4.17
security model, 10.1.1
SET_ATTRIBUTE, 3.3.3, 10.1.4.7
SET_INACTIVITY_TIMEOUT, 10.1.4.16
SET_SESSION_COOKIE, 10.1.4.14
SWITCH_USER, 2.1.4, 3.3.2.4, 10.1.4.4
default security class
definition, 4.2.3
defining a basic data security policy
implementation tasks, 5.10.1
disable a data security policy for a table, 5.10.1.6
use case, 5.10
deleting
namespaces
in application session, 3.3.6
destroying
application session, 3.2.10
detaching
application session
from a traditional database session, 3.2.9
determining
invoker’s rights use for nested program units
using BEQUEATH clause when creating views, 5.9
the invoking application user
using SQL functions, 5.9.1
direct application user accounts
setting password verifiers, 2.1.3.3
disabling
application roles
for an application session, 3.3.8
displaying secure column values
using SQL*Plus SET SECUREDCOL command, 5.8.2
dynamic application role, 2.2.2.2
dynamic application roles
predefined, 2.2.4
dynamic data realm constraints
about, 5.4.2
ACL evaluation order, 5.6.3

E

enabling
application roles
for application session, 3.3.7
event handlers
See also global callback events
event-based tracing
about, D.1.5
components, D.2
examples
JDBC
security attributes, checking, B.2.3
user authorization, checking, B.2.3
OCI return codes, B.1.1
Real Application Security policy on master-detail related tables, 5.7.3
exception dumps, D.3
exception state dumps, D.1.4
extending ACL inheritance
definition, 4.3.10.1
external roles, 7.1
external users, 7.1
namespaces for, 7.2.1
session modes, 7.1
secure mode, 7.1
trusted mode, 7.1
external users and external roles
abortSession method, 7.2.5
assignUser method, 7.2.4
attachSession method, 7.2.3
createSession method, 7.2.2
for application integration, 7.1
saveSession method, 7.2.5
session APIs for, 7.2

F

firewall, 4.3.6
authentication, 4.3.10.2
foreign_key
specifies foreign key of detail table, 5.7.2

G

getting
session attributes
in application session, 3.3.4
global callback events
about, 3.2.7
adding, 10.1.4.20
deleting, 10.1.4.22
enable or disable, 10.1.4.21
granting
application privileges to principles, 2.4
application role
to existing application user, 2.4.1.2
to new application role, 2.4.2
to new application user, 2.4.1.1
database role
to an application role, 2.4.3

I

inheritance
master-detail related tables, 5.7.1
inheritedFrom element, components, 5.7.2
initializing
namaspace
when session is attached, 3.3.2.2
namespace, 3.3.2.3
application user is switched in application session, 3.3.2.4
when session is created, 3.3.2.1
namespaces
explicitly, 3.3.2.5, 3.3.2.5
in-memory tracing, D.1.6

J

Java environment
aborting a session, 7.2.5
assigning a user to a session, 7.2.4
assigning or switching an application user, 6.2.3
attaching an application session, 7.2.3
external role behavior, 7.2.3
attachng an application session, 6.2.2
authenticating users using Java APIs, 6.3
authorizing application users using ACLs, 6.4
changing the middle-tier cache size, 6.1.3
clearing the cache, 6.1.3.6
getting the maximum cache idle time, 6.1.3.3
getting the maximum cache size, 6.1.3.4
removing entries from the cache, 6.1.3.5
removing entries from the cache, getting the high watermark for cache, 6.1.3.5.2
removing entries from the cache, getting the low watermark for cache, 6.1.3.5.3
removing entries from the cache, setting the watermark, 6.1.3.5.1
setting the maximum cache size, 6.1.3.2
setting the middle-tier cache idle time, 6.1.3.1
checking if application role is enabled, 6.2.4.3
constructing an ACL identifier, 6.4.1
creating a session namespace attribute, 6.2.5.4.1
creating a user session, 6.2.1
creating an application session, 7.2.2
creating namespaces, 6.2.5.1
deleting namespaces, 6.2.5.2
deleting session namespace attributes, 6.2.5.4.6
destroying an application session, 6.2.9
detaching an application session, 6.2.8
disabling application roles, 6.2.4.2
enabling and disabling application roles, 6.2.4
enabling application roles, 6.2.4.1
getting a session namespace attribute, 6.2.5.4.3
getting data privileges associated with a specific ACL, 6.4.3
getting the application user ID for the session, 6.2.7.2
getting the Oracle connection associated with the session, 6.2.7.1
getting the session cookie, 6.2.7.5
getting the session ID for the session, 6.2.7.3
getting the string representation of the session, 6.2.7.4
implicitly creating namespaces, 6.2.5.3
initializing the middle tier, 6.1
mid-tier configuration mode, 6.1.1
privileges for the session manager, 6.1.2
roles for the session manager, 6.1.2
using getSessionManager method, 6.1.2
listing session namespace attributes, 6.2.5.4.4
performing namespace operations as session manager, 6.2.6
performing namespace operations as session user, 6.2.5
resetting session namespace attributes, 6.2.5.4.5
saving a session, 7.2.5
setting a session namespace attribute, 6.2.5.4.2
setting session cookie as session manager, 6.2.7.7
setting session inactivity timeout as session manager, 6.2.7.6
using namespace attributes, 6.2.5.4
using the checkAcl method, 6.4.2
JDBC
column authorization, interface for, B.2

M

master detail data realm
foreign_key
specifies foreign key of detail table, 5.7.2
parentObjectName element
specifies name of master table, 5.7.2
parentSchemaName element
specifies name of schema containing master table, 5.7.2
primary_key
specifies primary key from master table, 5.7.2
when element
specifies a predicate for detail table, 5.7.2
master-detail tables
ACL
identifiers, retrieving, 9.4
inheritedFrom element, components, 5.7.2
Real Application Security policies
about, 5.7.1
creating for, 5.7.3
Materialized View, 5.4.2
membership rules (WHERE predicate) in data realm constraints
about, 5.4.1
membership rules in data realm constraints
session variables, guideline for, 5.4.1
modifying
application users, 2.1.1.1
multilevel authentication, 4.3.6
definition, 4.3.6
using, 4.3.6

N

namespaces
application sessions
attributes, getting, 3.3.4
attributes, setting, 3.3.3
creating, 10.1.4.5
deleting, 3.3.6, 10.1.4.11
attribute values
getting, 10.1.4.8
setting, 10.1.4.7
attributes
deleting, 10.1.4.10

O

OCI parameter handle attribute
OCI_ATTR_XDS_POLICY_STATUS, B.1.4
OCI_XDS_POLICY_ENABLED value, B.1.4
OCI_XDS_POLICY_NONE value, B.1.4
OCI_XDS_POLICY_UNKNOWN value, B.1.4
OCI return codes
ORA-24530
column value is unauthorized to the user, B.1.1
ORA-24531
column value authorization is unknown, B.1.1
ORA-24536
column authorization unknown, B.1.1
ORA_CHECK_ACL function, 9.3, D.1.3
ORA_CHECK_PRIVILEGE function, 9.5
ORA_GET_ACLIDS function, 9.4, D.1.2
See ORA_GET_ACLIDS function
ORA_INVOKING_USER function
returns name of current database user, 5.9.1
ORA_INVOKING_USERID function
returns ID of current database user, 5.9.1
ORA_INVOKING_XS_USER function
returns name of current Real Application Security application user, 5.9.1
ORA_INVOKING_XS_USER_GUID function
returns ID of current Real Application Security application user, 5.9.1
ORA-24530
column value is unauthorized to the user
OCI return code, B.1.1
ORA-24531
column value authorization is unknown
OCI return code, B.1.1
ORA-24536
column authorization unknown
OCI return code, B.1.1
ORA-28113: policy predicate has error message, 5.4.3
Oracle Call Interface (OCI)
column authorization, interface for, B.1
Oracle Database Real Application Security
about data security, 1.2.1
access control entry (ACE), 1.2.5
access control list (ACL), 1.2.6
advantages of, 1.1.2
aggregate privilege, 1.2.3
application privileges, 1.2.3
application session concepts, 1.3
architecture, 1.1.3
data security concepts, 1.2
data security policy, 1.2.7
flow of design and development, 1.4
principals
users and roles, 1.2.2
security classes, 1.2.4
security components of, 1.1.3
use case scenario example policy, 1.5
component requirements, 1.5.2
description and security requirements, 1.5.1
implementation overview, 1.5.2
what is, 1.1
Oracle Virtual Private Database (VPD)
extended for Real Application Security, 5.1
oracle.jdbc.OracleResultSetMetaData interface
getAuthorizationIndicator method
about, B.2.2
example, B.2.3
getSecurityAttribute method
about, B.2.1
example, B.2.3

P

parameterized ACL, 4.4.2
parameterized data realm constraints
about, 5.4.1
parentObjectName element
specifies name of master table, 5.7.2
parentSchemaName element
specifies name of schema containing master table, 5.7.2
password verifiers
direct application user accounts, 2.1.3.3
PL/SQL functions
COLUMN_AUTH_INDICATOR, 9.1
XS_SYS_CONTEXT, 9.2
PL/SQL packages
DBMS_XS_SESSIONS, 10.1
XS_DATA_SECURITY_UTIL, 10.5
predefined objects
ACLs
NS_UNRESTRICTED_ACL, A.5
SESSIONACL, A.5
SYSTEMACL, A.5
database roles
PROVISIONER, A.2.3
XS_CACHE_ADMIN, A.2.3
XS_NAMESPACE_ADMIN, A.2.3
XS_RESOURCE, A.2.3
XS_SESSION_ADMIN, A.2.3
dynamic application roles, 2.2.4
DBMS_AUTH, A.2.2
DBMS_PASSWD, A.2.2
EXTERNAL_DBMS_AUTH, A.2.2
MIDTIER_AUTH, A.2.2
XSAUTHENTICATED, A.2.2
XSSWITCH, A.2.2
namespaces
XS$GLOBAL_VAR, A.3
XS$SESSION, A.3
regular application roles
XSBYPASS, A.2.1
XSCACHEADMIN, A.2.1
XSDISPATCHER, A.2.1
XSNAMESPACEADMIN, A.2.1
XSPROVISIONER, A.2.1
XSPUBLIC, A.2.1
XSSESSIONADMIN, A.2.1
security classes
DML, A.4
NSTEMPLATE_SC, A.4
SESSION, A.4
SYSTEM, A.4
users
XSGUEST, A.1
primary_key
specifies primary key from master table, 5.7.2
principals
about, 1.2.2
privileges
about application, 1.2.3
check, 4.3.5, 4.3.5
constrain, 4.3.10.2
data security documents
columns, applying additional to, 5.5
security checks, how handled, 5.8.1

R

regular application role, 2.2.2.1
roles
dynamic
assigning to user, 10.1.4.3
removing from user, 10.1.4.3
See also application roles

S

scope, ACL
definition, 4.2.3
security class
about, 1.2.4
adding parent|security class
inheritance, 4.2.6
configuration, 4.2
create, 4.2.2
definition, 4.2.1
inheritance, 4.2.2
inheritance|security class
adding privileges, 4.2.6
deleting, 4.2.6
description string, 4.2.6
removing implied privileges, 4.2.6, 4.2.6
removing parent, 4.2.6
removing privileges, 4.2.6, 4.2.6, 4.2.6
manipulating, 4.2.6
troubleshooting, D.2.3
session
application, 3
IDs
authentication time, updating, 10.1.4.15
time-out values, setting, 10.1.4.16
statistics, D.4
See also application sessions
Session
createNamespace, 6.2.5.1
deleteNamespace, 6.2.5.2
disableRole, 6.2.4.2
enableRole, 6.2.4.1
getConnection, 6.2.7.1
getId, 6.2.7.3
getNamespace, 6.2.5.3
getPrivileges, 6.4.3
getSessionCookie, 6.2.7.5
getUserId, 6.2.7.2
isAnonymous, 6.2.7.2
isRoleEnabled, 6.2.4.3
setCookie, 6.2.7.7
setInactivityTimeout, 6.2.7.6
switchUser, 6.2.3
toString, 6.2.7.4
SessionNamespace
createAttribute, 6.2.5.4.1
deleteAttribute, 6.2.5.4.6
getAttribute, 6.2.5.4.3
listAttributes, 6.2.5.4.4
resetAttribute, 6.2.5.4.5
setAttribute, 6.2.5.4.2
toString, 6.2.5.3
SET SECUREDCOL command
SQL*Plus
displaying secure column values, 5.8.2
setting
a cookie for an application session, 3.2.4
password verifiers, 2.1.3.3
session attributes
in application session, 3.3.3
SQL functions
ORA_CHECK_ACL, 9.3, D.1.3
ORA_CHECK_PRIVILEGE, 9.5
ORA_GET_ACLIDS, 9.4, D.1.2
ORA_INVOKING_USER
returns name of current datanase user, 5.9.1
ORA_INVOKING_USERID
returns ID of current database user, 5.9.1
ORA_INVOKING_XS_USER
returns name of current Real Application Security application user, 5.9.1
ORA_INVOKING_XS_USER_GUID
returns ID of current Real Application Security application user, 5.9.1
TO_ACLID, 9.6
SQL operators
CHECK_PRIVILEGE, 4.4.1
ORA_CHECK_ACL
checking ACLs for a privilege, 4.3.5
static data realms
about, 5.4.2
constraints
ACL evaluation order, 5.6.3
statistics in troubleshooting, D.1.7
switching
application users
in current application session, 3.2.6
SYS_ACLOID hidden column, 5.6.2
SYS_GET_ACLIDS function
See ORA_GET_ACLIDS function
system-constraining ACL
about, 4.3.6
definition, 4.3.6

T

tables
data security policy
enabling, 10.4.3.13
removing from, 10.4.3.12
master-detail tables, Real Application Security policies
about, 5.7.1
creating for, 5.7.3
time-out values
session
IDs, setting for, 10.1.4.16
TO_ACLID function, 9.6
trace files
acl, D.2.4
application roles, D.2.2
application sessions, D.2.1
application users, D.2.2
data security, D.2.5
policy predicate errors, 5.4.3
Real Application Security components, D.2
security classes, D.2.3
tracing
event and in-memory, D.1.6
traditional security model
manging application users
disadvantages of, 1.1.1
troubleshooting
acl, D.2.4
application principals, D.2.2
application sessions, D.2.1
data security, D.2.5
event-based tracing
about, D.1.5
components, D.2
exception dumps, D.3
exception state dumps, D.1.4
in-memory tracing, D.1.6
Real Application Security diagnostics, D.1
security classes, D.2.3
session statistics, D.4
statistics, D.1.7
using the ORA_CHECK_ACL function, D.1.3
using the ORA_GET_ACLIDS function, D.1.2
using validation APIs, D.1.1

U

use case scenario example policy
human resources administration of employee information, 1.5
component requirements, 1.5.2
description and security requirements, 1.5.1
implementation overview, 1.5.2
Java implementation, 6.5
authorizing with middle-tier API, 6.5
main method, 6.5
performing cleanup operations, 6.5
running a query on the database, 6.5
setting up connection, 6.5
setting up session, 6.5
user sessions
See also application sessions
USER_XDS_ACL_REFRESH view, 8.45
USER_XDS_ACL_REFSTAT view, 8.46
USER_XDS_LATEST_ACL_REFSTAT view, 8.47
USER_XS_ACES view, 8.20
USER_XS_ACL_PARAMETERS view, 8.28
USER_XS_ACLS view, 8.18
USER_XS_COLUMN_CONSTRAINTS view, 8.30
USER_XS_IMPLIED_PRIVILEGES view, 8.12
USER_XS_INHERITED_REALMS view, 8.26
USER_XS_POLICIES view, 8.22
USER_XS_PRIVILEGES view, 8.10
USER_XS_REALM_CONSTRAINTS view, 8.24
USER_XS_SECURITY_CLASS_DEP view, 8.16
USER_XS_SECURITY_CLASSES view, 8.14
users
See also application users
using
constraining application privilege, 4.3.10.2
effective dates with application roles, 2.3
multilevel authentication, 4.3.6
ORA_CHECK_ACL SQL operator, 4.3.5
SQL functions
to determine the invoking application user, 5.9.1
XS_DIAG.VALIDATE_PRINCIPAL function, 2.1.5, 2.2.3.3

V

V$XS_SESSION_NS_ATTRIBUTES view, 8.48
V$XS_SESSION_ROLES view, 8.49
validating
ACLs, 4.3.3, 10.6.2.3
application roles, 2.2.3.3, 2.2.3.3
application users, 2.1.5, 2.1.5
data security policy, 5.2, 10.6.2.4
namespaces, 10.6.2.5
principals, 10.6.2.1
security classes, 4.2.5, 10.6.2.2
workspace objects, 10.6.2.6
views, 8
ALL_XDS_ACL_REFRESH, 8.39
ALL_XDS_ACL_REFSTAT, 8.40
ALL_XDS_LATEST_ACL_REFSTAT, 8.41
DBA_XDS_ACL_REFRESH, 8.42
DBA_XDS_ACL_REFSTAT, 8.43
DBA_XDS_LATEST_ACL_REFSTAT, 8.44
DBA_XS_ACES, 8.19
DBA_XS_ACL_PARAMETERS, 8.27
DBA_XS_ACLS, 8.17
DBA_XS_ACTIVE_SESSIONS, 8.34
DBA_XS_APPLIED_POLICIES, 8.31
DBA_XS_COLUMN_CONSTRAINTS, 8.29
DBA_XS_DYNAMIC_ROLES, 8.6
DBA_XS_EXTERNAL_PRINCIPALS, 8.3
DBA_XS_IMPLIED_PRIVILEGES, 8.11
DBA_XS_INHERITED_REALMS, 8.25
DBA_XS_MODIFIED_POLICIES, 8.32
DBA_XS_NS_TEMPLATE_ATTRIBUTES, 8.38
DBA_XS_NS_TEMPLATES, 8.37
DBA_XS_OBJECTS, 8.1
DBA_XS_POLICIES, 8.21
DBA_XS_PRINCIPALS, 8.2
DBA_XS_PRIVILEGES, 8.9
DBA_XS_PROXY_ROLES, 8.7
DBA_XS_REALM_CONSTRAINTS, 8.23
DBA_XS_ROLE_GRANTS, 8.8
DBA_XS_ROLES, 8.5
DBA_XS_SECURITY_CLASS_DEP, 8.15
DBA_XS_SECURITY_CLASSES, 8.13
DBA_XS_SESSION_NS_ATTRIBUTES, 8.36
DBA_XS_SESSION_ROLES, 8.35
DBA_XS_SESSIONS, 8.33
DBA_XS_USERS, 8.4
privileges in data security documents, 5.8.1
USER_XDS_ACL_REFRESH, 8.45
USER_XDS_ACL_REFSTAT, 8.46
USER_XDS_LATEST_ACL_REFSTAT, 8.47
USER_XS_ACES, 8.20
USER_XS_ACL_PARAMETERS, 8.28
USER_XS_ACLS, 8.18
USER_XS_COLUMN_CONSTRAINTS, 8.30
USER_XS_IMPLIED_PRIVILEGES, 8.12
USER_XS_INHERITED_REALMS, 8.26
USER_XS_POLICIES, 8.22
USER_XS_PRIVILEGES, 8.10
USER_XS_REALM_CONSTRAINTS, 8.24
USER_XS_SECURITY_CLASS_DEP, 8.16
USER_XS_SECURITY_CLASSES, 8.14
V$XS_SESSION_NS_ATTRIBUTES, 8.48
V$XS_SESSION_ROLES, 8.49

W

when element
specifies a predicate for detail table, 5.7.2

X

XS_ACL PL/SQL package
about, 10.2
ADD_ACL_PARAMETER, 10.2.4.6
APPEND_ACES, 4.3.4, 10.2.4.2
constants, 10.2.3
CREATE_ACL, 10.2.4.1
DELETE_ACL, 10.2.4.9
object types, constructor functions, 10.2.2
REMOVE_ACES, 4.3.4, 10.2.4.3
REMOVE_ACL_PARAMETERS, 10.2.4.7
security model, 10.2.1
SET_DESCRIPTION, 10.2.4.8
SET_PARENT_ACL, 4.3.4, 4.3.10.1, 4.3.10.2, 10.2.4.5
SET_SECURITY_CLASS, 4.3.4, 10.2.4.4
XS_ADMIN_UTIL PL/SQL package
about, 10.3
constants, 10.3.3
GRANT_SYSTEM_PRIVILEGE, 10.3.4.1
object types, 10.3.2
REVOKE_SYSTEM_PRIVILEGE, 10.3.4.2
security model, 10.3.1
XS_DATA_SECURITY PL/SQL package
about, 10.4
ADD_COLUMN_CONSTRAINTS, 10.4.3.4
APPEND_REALM_CONSTRAINTS, 10.4.3.2
APPLY_OBJECT_POLICY, 5.6.2, 10.4.3.13
CREATE_ACL_PARAMETER, 10.4.3.6
CREATE_POLICY, 10.4.3.1
DELETE_ACL_PARAMETER, 10.4.3.7
DELETE_POLICY, 10.4.3.9
DISABLE_OBJECT_POLICY, 10.4.3.11
ENABLE_OBJECT_POLICY, 10.4.3.10
affect on database tables, 5.6.2
object types, constructor functions, 10.4.1
REMOVE_COLUMN_CONSTRAINTS, 10.4.3.5
REMOVE_OBJECT_POLICY, 10.4.3.12
REMOVE_REALM_CONSTRAINTS, 10.4.3.3
security model, 10.4.2
SET_DESCRIPTION, 10.4.3.8
XS_DATA_SECURITY_UTIL PL/SQL package
about, 10.5, 10.5
ALTER_STATIC_ACL_REFRESH, 10.5.3.2
constants, 10.5.2
SCHEDULE_STATIC_ACL_REFRESH, 10.5.3.1
security model, 10.5.1
XS_DIAG PL/SQL package
about, 10.6
security model, 10.6.1
VALIDATE_ACL, 4.3.3, 10.6.2.3
VALIDATE_DATA_SECURITY, 5.2, 10.6.2.4
VALIDATE_NAMESPACE_TEMPLATE, 10.6.2.5
VALIDATE_PRINCIPAL, 2.1.5, 2.2.3.3, 10.6.2.1
VALIDATE_SECURITY_CLASS, 4.2.5, 10.6.2.2
VALIDATE_WORKSPACE, 10.6.2.6
XS_NAMESPACE PL/SQL package
about, 10.7
ADD_ATTRIBUTES, 10.7.4.2
constants, 10.7.3
CREATE_TEMPLATE, 3.3.1.3, 10.7.4.1
DELETE_TEMPLATE, 10.7.4.6
object types, constructor functions, 10.7.2
REMOVE_ATTRIBUTES, 10.7.4.3
security model, 10.7.1
SET_DESCRIPTION, 10.7.4.5
SET_HANDLER, 10.7.4.4
XS_PRINCIPAL PL/SQL package
about, 10.8
ADD_PROXY_TO_DBUSER, 10.8.4.8
ADD_PROXY_USER, 2.1.4, 10.8.4.6
constants, 10.8.3
CREATE_DYNAMIC_ROLE, 2.2.3.2, 10.8.4.3
CREATE_ROLE, 2.2.3.1, 10.8.4.2
CREATE_USER, 2.1.3.2, 2.3, 10.8.4.1
DELETE_PRINCIPAL, 10.8.4.21
ENABLE_BY_DEFAULT, 10.8.4.13
ENABLE_ROLES_BY_DEFAULT, 10.8.4.14
GRANT_ROLES, 2.4.1.2, 2.4.2, 10.8.4.4
object types, constructor functions, 10.8.2
REMOVE_PROXY_FROM_DBUSER, 10.8.4.9
REMOVE_PROXY_USER, 10.8.4.7
REVOKE_ROLES, 10.8.4.5
security model, 10.8.1
SET_DESCRIPTION, 10.8.4.20
SET_DYNAMIC_ROLE_DURATION, 10.8.4.11
SET_DYNAMIC_ROLE_SCOPE, 10.8.4.12
SET_EFFECTIVE_DATES, 10.8.4.10
SET_GUID, 10.8.4.16
SET_PASSWORD, 2.1.3.2, 10.8.4.18
SET_USER_SCHEMA, 10.8.4.15
SET_USER_STATUS, 10.8.4.17
SET_VERIFIER, 2.1.3.3, 10.8.4.19
XS_SECURITY_CLASS PL/SQL package
about, 10.9
ADD_IMPLIED_PRIVILEGES, 4.1.1, 4.2.6, 10.9.2.6
ADD_PARENTS, 4.2.6, 10.9.2.2
ADD_PRIVILEGES, 4.1.1, 4.2.6, 10.9.2.4
CREATE_SECURITY_CLASS, 10.9.2.1
DELETE_SECURITY_CLASS, 4.2.6, 10.9.2.9
REMOVE_IMPLIED_PRIVILEGES, 4.2.6, 4.2.6, 10.9.2.7
REMOVE_PARENTS, 4.2.6, 10.9.2.3
REMOVE_PRIVILEGES, 4.2.6, 4.2.6, 10.9.2.5
security model, 10.9.1
SET_DESCRIPTION, 4.2.6, 10.9.2.8
XS_SYS_CONTEXT function, 9.2
XSAccessController
checkAcl, 6.4.2
XSAuthenticationModule
authenticate, 6.3
XSSessionManager
assignUser, 6.2.3
attachSession, 6.2.2
class, 6.1
clearCache, 6.1.3.6
createAnonymousSession, 6.2.1
createSession, 6.2.1
destroySession, 6.2.9
detachSession, 6.2.8
getCacheMaxIdleSize, 6.1.3.4
getCacheMaxIdleTime, 6.1.3.3
getHighWaterMark, 6.1.3.5.2
getLowWaterMark, 6.1.3.5.3
getSessionManager, 6.1.2
setCacheMaxIdleTime, 6.1.3.1
setCacheMaxSize, 6.1.3.2
setWaterMark, 6.1.3.5.1