This chapter provides a description of each security view and its columns. It contains the following sections:
For examples of how to use views, see Examples.
The MGMT$ESA_ALL_PRIVS_REPORT view displays a table containing users and roles that have the 'GRANT ANY PRIVILEGE' privilege in database security reports.
Table 16-1 MGMT$ESA_ALL_PRIVS_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The user or roles that have been granted this privilege (that is, GRANT ANY PRIVILEGE->DBA->SYS) |
OBJECT_NAME |
The name of the user that been granted the privilege (GRANT ANY PRIVILEGE) |
The MGMT$ESA_ANY_DICT_REPORT view displays a table and a chart containing users and roles with access to any dictionary in database security reports.
Table 16-2 MGMT$ESA_ANY_DICT_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The user or roles that been granted this privilege. For example, SELECT ANY DICTIONARY->SCHEMA_OWNER_ROLE->SYS |
OBJECT_NAME |
The user that has been granted any of the ANY DICTIONARY privileges. For example, SELECT ANY DICTIONARY, ANALYZE ANY DICTIONARY, and so on. |
The MGMT$ESA_ANY_PRIV_REPORT view displays a table and a chart containing users with 'ANY' in some privilege granted to them in database security reports.
Table 16-3 MGMT$ESA_ANY_PRIV_REPORT
COLUMN | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The user or role which has been granted a privilege having 'ANY'. For example, BACKUP ANY TABLE->EXP_FULL_DATABASE->DATAPUMP_EXP_FULL_DATABASE->SYS |
OBJECT_NAME |
The user that has been granted one of the ANY privileges. For example, ALTER ANY MATERIALIZED VIEW, ALTER ANY INDEX, BACKUP ANY TABLE, and so on. |
The MGMT$ESA_AUDIT_SYSTEM_REPORT view displays a table containing users and roles with the 'AUDIT SYSTEM' privilege in database security reports.
Table 16-4 MGMT$ESA_AUDIT_SYSTEM_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The user or role which has been granted 'AUDIT SYSTEM' privilege. For example, AUDIT SYSTEM->SYS, AUDIT SYSTEM->IMP_FULL_DATABASE->DATAPUMP_IMP_FULL_DATABASE->DBA->SYSTEM, and so on. |
OBJECT_NAME |
The user that has been granted 'ALTER SYSTEM' privilege |
The MGMT$ESA_BECOME_USER_REPORT view displays a table containing users and roles with the 'BECOME USER' privilege in database security reports.
Table 16-5 MGMT$ESA_BECOME_USER_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The user or role which has been granted 'BECOME USER' privilege. For example, BECOME USER->SYS, BECOME USER->DBA->SYSTEM, BECOME USER->IMP_FULL_DATABASE->DATAPUMP_IMP_FULL_DATABASE->DBA->BAM, and so on. |
OBJECT_NAME |
The user that has been granted the 'BECOME USER' privilege |
The MGMT$ESA_CATALOG_REPORT view displays a table and a chart containing all the users that have a role such as '%CATALOG%' in database security reports.
Table 16-6 MGMT$ESA_CATALOG_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The user or role which has been granted a role like '%CATALOG%'. For example, RECOVERY_CATALOG_OWNER->SYS, EXECUTE_CATALOG_ROLE->TBLO_ROLE->CRM, and so on. |
OBJECT_NAME |
User that has been granted one of the 'CATALOG' privileges. For example, SELECT_CATALOG_ROLE, EXECUTE_CATALOG_ROLE, DELETE_CATALOG_ROLE, and so on. |
The MGMT$ESA_CONN_PRIV_REPORT view displays a table and a chart containing users and roles with the CONNECT or RESOURCE role in database security reports.
Table 16-7 MGMT$ESA_CONN_PRIV_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The user or role which has been granted the CONNECT or RESOURCE role |
OBJECT_NAME |
The role if granted directly, or the role through it has been granted |
The MGMT$ESA_CREATE_PRIV_REPORT view displays a table and a chart containing users and roles with the CREATE privilege in database security reports.
Table 16-8 MGMT$ESA_CREATE_PRIV_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The user or role which has been granted the privilege to create an object in the database. For example, CREATE ANY CONTEXT->SYS, CREATE ANY INDEX->OLAP_DBA->OLAPSYS, and so on. |
OBJECT_NAME |
User that has been granted one of the 'CREATE' privileges |
The MGMT$ESA_DBA_GROUP_REPORT view displays a table containing members of the operating system user group DBA in database security reports.
Table 16-9 MGMT$ESA_DBA_GROUP_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The operating system user which is in the user group DBA. |
OBJECT_NAME |
DBA Group |
The MGMT$ESA_DBA_ROLE_REPORT view displays a table containing users and roles with the DBA role granted to them in database security reports.
Table 16-10 MGMT$ESA_DBA_ROLE_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The user or role which has been granted the DBA role |
OBJECT_NAME |
User that has been granted the DBA role |
The MGMT$ESA_DIRECT_PRIV_REPORT view displays a table and a chart containing privileges granted directly in database security reports.
Table 16-11 MGMT$ESA_DIRECT_PRIV_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
User which has been granted a privilege directly i.e. not via a role |
OBJECT_NAME |
The privilege that has been granted directly. For example, ALTER SESSION, SELECT ANY DICTIONARY, and so on. |
The MGMT$ESA_EXMPT_ACCESS_REPORT view displays a table containing users and roles with the EXEMPT ACCESS POLICY privilege in database security reports.
Table 16-12 MGMT$ESA_EXMPT_ACCESS_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The user or role which has been granted the 'EXEMPT ACCESS POLICY' privilege |
OBJECT_NAME |
User that has been granted one of the 'EXEMPT ACCESS POLICY' privilege |
The MGMT$ESA_KEY_OBJECTS_REPORT view displays a table and a chart containing users and roles with access to key objects in database security reports.
Table 16-13 MGMT$ESA_KEY_OBJECTS_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
USER |
The user which has access to key objects |
OBJECT_NAME |
The key object to which that use has access. For example, View DBA_USERS, Table SOURCE$, Table USER$ |
PRIVILEGE |
The privilege on the key object that has been granted to the user. For example, SELECT, DELETE, and so on. |
The MGMT$ESA_OH_OWNERSHIP_REPORT view displays a table containing file ownership by Oracle home in database security reports.
Table 16-14 MGMT$ESA_OH_OWNERSHIP_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The file whose owner is not the ORACLE HOME owner |
OBJECT_NAME |
The owner of the file |
The MGMT$ESA_OH_PERMISSION_REPORT view displays a table containing file permissions by Oracle home in database security reports.
Table 16-15 MGMT$ESA_OH_PERMISSION_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The file that has an insecure permission |
OBJECT_NAME |
The permission of the file |
The MGMT$ESA_POWER_PRIV_REPORT view displays a table and a chart containing all the users and roles with ALTER SESSION, ALTER SYSTEM, CREATE PROCEDURE or CREATE LIBRARY privileges in database security reports.
Table 16-16 MGMT$ESA_POWER_PRIV_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The user that has powerful privileges |
OBJECT_NAME |
The powerful privilege held by the user |
The MGMT$ESA_PUB_PRIV_REPORT view displays a table and a chart containing privileges granted to PUBLIC in database security reports.
Table 16-17 MGMT$ESA_PUB_PRIV_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The object on which some privilege has been granted to PUBLIC |
OBJECT_NAME |
The privilege on the object which has been granted to PUBLIC. For example, SELECT, EXECUTE, and so on. |
The MGMT$ESA_SYS_PUB_PKG_REPORT view displays a table containing system packages with public execute privileges in database security reports.
Table 16-18 MGMT$ESA_SYS_PUB_PKG_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
PUBLIC |
OBJECT_NAME |
The package owned by SYS on which PUBLIC has execute privileges |
The MGMT$ESA_TABSP_OWNERS_REPORT view displays a table containing tablespaces and their owners in database security reports.
Table 16-19 MGMT$ESA_TABSP_OWNERS_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The tablespace |
OBJECT_NAME |
The owner of the tablespace |
The MGMT$ESA_TRC_AUD_PERM_REPORT view displays a table containing trace and audit files permissions in database security reports.
Table 16-20 MGMT$ESA_TRC_AUD_PERM_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The file path |
OBJECT_NAME |
The purpose of the file. For example, audit file destination, background dump destination, core dump destination, user dump destination, and so on. |
PERMISSION |
Permission of the file |
The MGMT$ESA_WITH_ADMIN_REPORT view displays a table and a chart containing users and roles having some privileges granted to them with the WITH ADMIN option in database security reports.
Table 16-21 MGMT$ESA_WITH_ADMIN_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The user or role which has been granted a privilege 'WITH ADMIN' option |
OBJECT_NAME |
The privilege which has been granted 'WITH ADMIN' option |
The MGMT$ESA_WITH_GRANT_REPORT view displays a table and a chart containing users and roles having some privileges granted to them with 'WITH GRANT' option in database security reports.
Table 16-22 MGMT$ESA_WITH_GRANT_REPORT
Column | Description |
---|---|
TARGET_GUID |
The GUID of the target for which the report has the data |
TARGET_NAME |
The name of the target for which the report has the data |
PRINCIPAL |
The user or role which has been granted a privilege 'WITH GRANT' option |
OBJECT_NAME |
The privilege which has been granted 'WITH GRANT' option |
The MGMT$ESM_COLLECTION_LATEST view contains properties relating to security for database targets.
Table 16-23 MGMT$ESM_COLLECTION_LATEST
Column | Description |
---|---|
TARGET_GUID |
The GUID of the database target |
PROPERTY |
Name of the attribute |
VALUE |
Value of the attribute |
VALUE2 |
Used to capture additional values of the attribute |
The MGMT$ESM_FILE_SYSTEM_LATEST view contains the file system type for the Windows host targets.
Table 16-24 MGMT$ESM_FILE_SYSTEM_LATEST
Column | Description |
---|---|
TARGET_GUID |
The GUID of the Windows host target |
FILE_SYSTEM |
The type of file system |
The MGMT$ESM_PORTS_LATEST view contains the open ports for the host target.
Table 16-25 MGMT$ESM_PORTS_LATEST
Column | Description |
---|---|
TARGET_GUID |
The GUID of the host target |
PORT |
The value of the open port (listening mode) |
The MGMT$ESM_SERVICE_LATEST view contains the insecure services running on the host targets.
Table 16-26 MGMT$ESM_SERVICE_LATEST
Column | Description |
---|---|
TARGET_GUID |
The GUID of the host target |
SERVICE |
The port value for the service |