When administrators log in to Oracle Audit Vault and Database Firewall, they have access only to administrative functions, whereas auditors have access only to the auditing functions.
Oracle AVDF has three types of administrative user accounts:
Audit Vault Server Super Administrator:
Manages system-wide settings
Creates user accounts for super administrators and administrators
Has access to all secured targets and secured target groups
Grants access to secured targets or secured target groups to administrators
Audit Vault Server Administrator: Has access to specific secured targets or secured target groups granted by a super administrator. Administrators cannot manage system-wide settings.
Database Firewall Administrator: Has access to the Database Firewall administrative interface.
After installing Oracle AVDF, a post-installation configuration page lets you create and specify passwords for one super administrator account and one super auditor account for the Audit Vault Server, and one administrator account for the Database Firewall.
Thereafter, the Audit Vault Server super administrator can create other administrative users, and the super auditor can create other auditor users, for the server.
The Database Firewall has only one administrator. See Oracle Audit Vault and Database Firewall Installation Guide for information on post-installation configuration.
This chapter describes managing user accounts and passwords for the Oracle AVDF administrator user interfaces. See Oracle Audit Vault and Database Firewall Auditor's Guide for information on managing auditor accounts.
As a best practice, you should use the installed Audit Vault and Database Firewall user accounts only as back-up accounts. Add new user accounts, with unique user names and passwords, for the users who are responsible for the day-to-day
Oracle AVDF operations.
Audit Vault Server super administrators can create both super administrator and administrator user accounts.
To create an administrative account in the Audit Vault Server:
Log in to the Audit Vault Server as a super administrator.
Click the Settings tab.
The Manage Admins page appears by default, and displays existing users and the secured targets or groups to which they have access.
Click Create.
Enter the User Name and Password, and re-type the password in the appropriate fields.
Note that Oracle AVDF does not accept user names with quotation marks, such as "jsmith".
In the Type drop-down list, select Admin or Super Admin.
See "About Oracle AVDF Administrative Accounts" for an explanation of these roles.
Click Save.
The new user is listed in the Manage Admins page.
You can change an administrative account type from administrator to super administrator, or vice versa.
Note that if you change a user's account type from administrator to super administrator, that user will have access to all secured targets and secured target groups.
To change a user account type in Oracle AVDF:
Log in to the Audit Vault Server as a super administrator.
Click the Settings tab.
The Manage Admins page appears by default, and displays existing users and the secured targets or groups to which they have access.
Click the name of the user account you want to change.
In the Modify Admin page, in the Type section, click Change.
In the Type drop-down list, select the new administrator type.
If you changed the type from Super Admin to Admin, grant or revoke access to any secured targets or groups as necessary for this user:
Click Save.
To delete an Audit Vault Server administrator user account:
Log in to the Audit Vault Server as a super administrator.
Click the Settings tab.
The Manage Admins page appears by default, and displays existing users and the secured targets or groups to which they have access.
Select the users you want to delete, and then click Delete.
Super administrators have access to all secured targets and secured target groups, and can grant access to specific targets and groups to administrators.
You can control access to secured targets or groups in two ways:
Modify a secured target or group to grant or revoke access for one or more users.
Modify a user account to grant or revoke access to one or more secured targets or groups.
To control which secured targets or groups are accessible by a user:
Log in to the Audit Vault Server as a super administrator.
Click the Settings tab.
The Manage Admins page appears by default, and displays existing users and the secured targets or groups to which they have access.
Click the name of the user account you want to modify.
The Modify Admin page appears.
In the Targets and Groups section, select the secured targets or secured target groups to which you want to grant or revoke access for this user.
Click Grant Access or Revoke Access.
A check mark indicates access granted. An "x" indicates access revoked.
If necessary, repeat steps 4 and 5.
Click Save.
To control which users have access to a secured target or group:
Log in to the Audit Vault Server as a super administrator.
Click the Settings tab, and then click Manage Access.
Click the name of the secured target or secured target group for which you want to define access rights.
The Modify Access for... page appears, listing user access rights to this secured target or group. Super administrators have access by default.
In the Modify Access page, select the users for which you want to grant or revoke access to this secured target or group.
Click Grant Access or Revoke Access.
A check mark indicates access granted. An "x" indicates access revoked.
If necessary, repeat steps 4 and 5.
Click Save.
You should have a policy in place for changing passwords for the Audit Vault and Database Firewall user accounts. For example, you may require that users change their passwords on a regular basis, such as every 120 days, and that they create passwords that are not easily guessed.
Passwords need not be unique; however, Oracle recommends that passwords:
Have at least one uppercase alphabetic, one alphabetic, one numeric, and one special character (plus sign, comma, period, or underscore).
Be between 8 and 30 characters long.
Be composed of the following characters:
Lowercase letters: a-z.
Uppercase letters: A-Z.
Digits: 0-9.
Punctuation marks: comma (,), period (.), plus sign (+), colon(:), and underscore (_).
Not be the same as the user name.
Not be an Oracle reserved word.
Not be an obvious word (such as welcome, account, database, and user).
Not contain any repeating characters.
To change your Audit Vault Server user password:
Log in to the Audit Vault Server as an administrator.
Click the Settings tab, and then click Change Password.
Type your Current Password, New Password, and then re-type the new password in the appropriate fields.
Check the "Recommended Password Guidelines".
Click Save.
To change the Database Firewall administrator Password:
Log in to the Database Firewall.
In the Users menu, click List.
In the Users List, click the user name whose password you want to change.
Enter and confirm your new password in the Password and Password Confirmation fields.
In the User Password field, enter your old password (the one you are changing).
Click Save.