22 Oracle Database Vault Data Dictionary Views

You can find information about the Oracle Database Vault configuration settings by querying the Database Vault-specific data dictionary views.

Topics:

About the Oracle Database Vault Data Dictionary Views

Oracle Database Vault provides a set of DBA-style data dictionary views that can be accessed through the DV_SECANALYST role or the DV_ADMIN role.

These views provide access to the various underlying Oracle Database Vault tables in the DVSYS and LBACSYS schemas without exposing the primary and foreign key columns that may be present. These views are intended for the database administrative user to report on the state of the Oracle Database Vault configuration without having to perform the joins required to get the labels for codes that are stored in the core tables or from the related tables.

See Also:

Oracle Database Vault Reports if you are interested in running reports on Oracle Database Vault

DVSYS.DBA_DV_CODE View

The DVSYS.DBA_DV_CODE data dictionary view lists generic lookup codes for the user interface, error messages, and constraint checking.

These codes are used for the user interface, views, and for validating input in a translatable fashion.

For example:

SELECT CODE, VALUE FROM DVSYS.DBA_DV_CODE WHERE CODE_GROUP = 'BOOLEAN';

Output similar to the following appears:

CODE    VALUE
------- --------
Y       True
N       False
Column Datatype            Null Description

CODE_GROUP

VARCHAR(128)

NOT NULL

Displays one of the code groups that are listed in Table 22-1

CODE

VARCHAR(128)

NOT NULL

Boolean code used; either Y (Yes) or N (No).

VALUE

VARCHAR(4000)

NULL

Boolean value used; either True if the Boolean code is Y or False if the Boolean code is N.

LANGUAGE

VARCHAR(3)

NOT NULL

Language for this installation of Oracle Database Vault.

Supported languages are as follows:

  • en: English

  • de: German

  • es: Spanish

  • fr: French

  • it: Italian

  • ja: Japanese

  • ko: Korean

  • pt_BR: Brazilian Portuguese

  • zh_CN: Simplified Chinese

  • zh_TW: Traditional Chinese

DESCRIPTION

VARCHAR(1024)

NULL

Brief description of the code group.

Table 22-1 describes the possible values from the CODE_GROUP column in the DVSYS.DBA_DV_CODE data dictionary view.

Table 22-1 DVSYS.DBA_DV_CODE View CODE_GROUP Values

CODE_GROUP Name Description

AUDIT_EVENTS

Contains the action numbers and action names that are used for the custom event audit trail records

BOOLEAN

A simple Yes or No or True or False lookup

DB_OBJECT_TYPE

The database object types that can be used for realm objects and command authorizations

SQL_CMDS

The DDL commands that can be protected through command rules

FACTOR_AUDIT

The auditing options for factor retrieval processing

FACTOR_EVALUATE

The evaluation options (by session or by access) for factor retrieval

FACTOR_FAIL

The options for propagating errors when a factor retrieval method fails

FACTOR_IDENTIFY

The options for determining how a factor identifier is resolved (for example, by method or by factors)

FACTOR_LABEL

The options for determining how a factor identifier is labeled in the session establishment phase

LABEL_ALG

The algorithms that can be used to determine the maximum session label for a database session for each policy. See Table 18-3 for a listing of the Oracle Label Security merge algorithm codes.

OPERATORS

The Boolean operators that can be used for identity maps

REALM_AUDIT

The options for auditing realm access or realm violations

REALM_OPTION

The options for ownership of a realm

RULESET_AUDIT

The options for auditing rule set execution or rule set errors

RULESET_EVALUATE

The options for determining the success or failure of a rule set based on all associated rules being true or any associated rule being true

RULESET_EVENT

The options to invoke a custom event handler when a rule set evaluates to Succeeds or Fails

RULESET_FAIL

The options to determine the run-time visibility of a rule set failing

DVSYS.DBA_DV_COMMAND_RULE View

The DVSYS.DBA_DV_COMMAND_RULE data dictionary view lists the SQL statements command rules protect.

See Configuring Command Rules, for more information about command rules.

For example:

SELECT COMMAND, RULE_SET_NAME FROM DVSYS.DBA_DV_COMMAND_RULE;

Output similar to the following appears:

COMMAND         RULE_SET_NAME
--------------- -----------------------------
GRANT           Can Grant VPD Administration
REVOKE          Can Grant VPD Administration
ALTER SYSTEM    Allow System Parameters
ALTER USER      Can Maintain Own Account
CREATE USER     Can Maintain Account/Profiles
DROP USER       Can Maintain Account/Profiles
CREATE PROFILE  Can Maintain Account/Profiles
DROP PROFILE    Can Maintain Account/Profiles
ALTER PROFILE   Can Maintain Account/Profiles
Column Datatype               Null Description

COMMAND

VARCHAR(30)

NOT NULL

Name of the command rule. For a list of default command rules, see Default Command Rules.

RULE_SET_NAME

VARCHAR(90)

NOT NULL

Name of the rule set associated with this command rule.

OBJECT_OWNER

VARCHAR(30)

NOT NULL

The owner of the object that the command rule affects.

OBJECT_NAME

VARCHAR(128)

NOT NULL

The name of the database object the command rule affects (for example, a database table).

ENABLED

VARCHAR(1)

NOT NULL

Y indicates the command rule is enabled; N indicates it is disabled.

DVSYS.DBA_DV_DATAPUMP_AUTH View

The DVSYS.DBA_DV_DATAPUMP_AUTH data dictionary view lists the authorizations for using Oracle Data Pump in an Oracle Database Vault environment.

See Using Oracle Data Pump with Oracle Database Vault for more information.

For example:

SELECT * FROM DVSYS.DBA_DV_DATAPUMP_AUTH WHERE GRANTEE = 'PRESTON';

Output similar to the following appears:

GRANTEE SCHEMA OBJECT
------- ------ -------
PRESTON OE     ORDERS
Column Datatype                  Null Description

GRANTEE

VARCHAR2(128)

NOT NULL

Name of the user who has been granted Data Pump authorization

SCHEMA

VARCHAR2(128)

NOT NULL

Name of the schema on which the user GRANTEE is authorized to perform Data Pump operations

OBJECT

VARCHAR2(128)

NOT NULL

Name of the object within the schema specified by the SCHEMA parameter on which the GRANTEE user has Data Pump authorization (such as a table)

DVSYS.DBA_DV_DDL_AUTH View

The DVSYS.DBA_DV_DDL data dictionary view lists the users and schemas that were specified by the DBMS_MACADM.AUTHORIZE_DDL procedure.

This procedure grants a user authorization to execute Data Definition Language (DDL) statements.

For example:

SELECT * FROM DVSYS.DBA_DV_DDL_AUTH WHERE GRANTEE = 'psmith';

Output similar to the following appears:

GRANTEE SCHEMA
------- ------ 
PSMITH  HR     
Column Datatype                  Null Description

GRANTEE

VARCHAR2(128)

NOT NULL

Name of the user who has been granted DDL authorization

SCHEMA

VARCHAR2(128)

NOT NULL

Name of the schema on which the user GRANTEE is authorized to perform DDL operations

DVSYS.DBA_DV_DICTIONARY_ACCTS View

The DVSYS.DBA_DV_DICTIONARY_ACCTS data dictionary view indicates whether users can directly log into the DVSYS and DVF schema accounts.

For example:

SELECT * FROM DVSYS.DBA_DV_DICTIONARY_ACCTS;

Output similar to the following appears:

STATE
-------
ENABLED
Column Datatype                  Null Description

STATE

VARCHAR2(8)

NOT NULL

Describes whether users can log directly into the DVSYS and DVF schemas. Possible values are:

  • ENABLED means that users can log directly into the DVSYS and DVF schemas

  • DISABLED means that users cannot log directly into the DVSYS and DVF schemas

DVSYS.DBA_DV_FACTOR View

The DVSYS.DBA_DV_FACTOR data dictionary view lists the existing factors in the current database instance.

For example:

SELECT NAME, GET_EXPR FROM DVSYS.DBA_DV_FACTOR WHERE NAME = 'Session_User';

Output similar to the following appears:

NAME          GET_EXPR
------------- ---------------------------------------------
Session_User  UPPER(SYS_CONTEXT('USERENV', 'SESSION_USER'))

Related Views

Column Datatype                  Null Description

NAME

VARCHAR2(30)

NOT NULL

Name of the factor. See Default Factors for a list of default factors.

DESCRIPTION

VARCHAR2(4000)

 

Description of the factor.

FACTOR_TYPE_NAME

VARCHAR2(90)

NOT NULL

Category of the factor, which is used to classify the purpose of the factor.

ASSIGN_RULE_SET_NAME

VARCHAR2(90)

 

Rule set used to control the identify of the factor.

GET_EXPR

VARCHAR2(1024)

 

PL/SQL expression that retrieves the identity of a factor.

VALIDATE_EXPR

VARCHAR2(1024)

 

PL/SQL expression used to validate the identify of the factor. It returns a Boolean value.

IDENTIFIED_BY

NUMBER

NOT NULL

Determines the identity of a factor, based on the expression listed in the GET_EXPR column. Possible values are:

  • 0: By constant

  • 1: By method

  • 2: By factors

IDENTIFIED_BY_MEANING

VARCHAR2(4000)

 

Provides a text description for the corresponding value in the IDENTIFIED_BY column. Possible values are:

  • By Constant: If IDENTIFIED_COLUMN is 0

  • By Method: If IDENTIFIED_COLUMN is 1

  • By Factors: If IDENTIFIED_COLUMN is 2

LABELED_BY

NUMBER

NOT NULL

Determines the labeling the factor:

  • 0: Labels the identities for the factor directly from the labels associated with an Oracle Label Security policy

  • 1: Derives the factor identity label from the labels of its child factor identities.

LABELED_BY_MEANING

VARCHAR2(4000)

 

Provides a text description for the corresponding value in the LABELED_BY column. Possible values are:

  • By Self: If LABELED_BY column is 0

  • By Factors: If LABELED_BY column is 1

EVAL_OPTIONS

NUMBER

NOT NULL

Determines how the factor is evaluated when the user logs on:

  • 0: When the database session is created

  • 1: Each time the factor is accessed

  • 2: On start-up

EVAL_OPTIONS_MEANING

VARCHAR2(4000)

 

Provides a text description for the corresponding value in the EVAL_OPTIONS column. Possible values are:

  • For Session: If EVAL_OPTIONS is 0

  • By Access: If EVAL_OPTIONS is 1

  • On Startup: If EVAL_OPTIONS is 2

AUDIT_OPTIONS

NUMBER

NOT NULL

Option for auditing the factor if you want to generate a custom Oracle Database Vault audit record. Possible values are:

  • 0: No auditing set

  • 1: Always audits

  • 2: Audits if get_expr returns an error

  • 4: Audits if get_expr is null

  • 8: Audits if the validation procedure returns an error

  • 16: Audits if the validation procedure is false

  • 32: Audits if there is no trust level set

  • 64: Audits if the trust level is negative.

FAIL_OPTIONS

NUMBER

NOT NULL

Options for reporting factor errors:

  • 1: Shows an error message.

  • 2: Does not show an error message.

FAIL_OPTIONS_MEANING

VARCHAR2(4000)

 

Provides a text description for the corresponding value in the FAIL_OPTIONS column. Possible values are:

  • Show Error Message

  • Do Not Show Error Message:

DVSYS.DBA_DV_FACTOR_LINK View

The DVSYS.DBA_DV_FACTOR_LINK data dictionary view shows the relationships of each factor whose identity is determined by the association of child factors.

This view contains one entry for each parent factor and child factor. You can use this view to resolve the relationships from the factor links to identity maps.

For example:

SELECT PARENT_FACTOR_NAME, CHILD_FACTOR_NAME FROM DVSYS.DBA_DV_FACTOR_LINK;

Output similar to the following appears:

PARENT_FACTOR_NAME             CHILD_FACTOR_NAME
------------------------------ ------------------------------
Domain                         Database_Instance
Domain                         Database_IP
Domain                         Database_Hostname

Related Views

Column Datatype           Null Description

PARENT_FACTOR_NAME

VARCHAR(128)

NOT NULL

Name of the parent factor

CHILD_FACTOR_NAME

VARCHAR(128)

NOT NULL

Name of the child factor of the parent factor

LABEL_IND

VARCHAR(1)

NOT NULL

Indicates whether the child factor that is linked to the parent factor contributes to the label of the parent factor in an Oracle Label Security integration. Possible values are:

  • Y (for Yes)

  • N (for No)

DVSYS.DBA_DV_FACTOR_TYPE View

The DVSYS.DBA_DV_FACTOR_TYPE data dictionary view lists the names and descriptions of factor types used in the system.

For example:

SELECT * FROM DVSYS.DBA_DV_FACTOR_TYPE WHERE NAME = 'Hostname';

Output similar to the following appears:

NAME      DESCRIPTION
--------- ----------------------------------------------------------------------
Time      Time-based factor

Related Views

Column Datatype              Null Description

NAME

VARCHAR(128)

NOT NULL

Name of the factor type.

DESCRIPTION

VARCHAR(1024)

NULL

Description of the factor type.

DVSYS.DBA_DV_IDENTITY View

The DVSYS.DBA_DV_IDENTITY data dictionary view lists the identities for each factor.

For example:

SELECT * FROM DVSYS.DBA_DV_IDENTITY WHERE VALUE = 'GLOBAL SHARED';

Output similar to the following appears, assuming you have created only one factor identity:

FACTOR_NAME          VALUE          TRUST_LEVEL
----------------     -------------- ------------
Identification_Type  GLOBAL SHARED  1

Related Views

Column Datatype              Null Description

FACTOR_NAME

VARCHAR(128)

NOT NULL

Name of the factor.

VALUE

VARCHAR(1024)

NOT NULL

Value of the factor.

TRUST_LEVEL

NUMBER

NOT NULL

Number that indicates the magnitude of trust relative to other identities for the same factor.

DVSYS.DBA_DV_IDENTITY_MAP View

The DVSYS.DBA_DV_IDENTITY_MAP data dictionary view lists the mappings for each factor identity.

The view includes mapping factors that are identified by other factors to combinations of parent-child factor links. For each factor, the maps are joined by the OR operation, and for different factors, the maps are joined by the AND operation.

You can use this view to resolve the identity for factors that are identified by other factors (for example, a domain) or for factors that have continuous domains (for example, Age or Temperature).

For example:

SELECT FACTOR_NAME, IDENTITY_VALUE FROM DVSYS.DBA_DV_IDENTITY_MAP;

Output similar to the following appears:

FACTOR_NAME      IDENTITY_VALUE
---------------- --------------------
Sector2_Program  Accounting-Sensitive

Related Views

Column Datatype                 Null Description

FACTOR_NAME

VARCHAR(128)

NOT NULL

Factor the identity map is for.

IDENTITY_VALUE

VARCHAR(1024)

NOT NULL

Value the factor assumes if the identity map evaluates to TRUE.

OPERATION_CODE

VARCHAR(128)

NOT NULL

Descriptive name of the operation in the OPERATION_VALUE column.

OPERATION_VALUE

VARCHAR(4000)

NULL

Relational operator for the identity map (for example, <, >, =, and so on).

OPERAND1

VARCHAR(1024)

NULL

Left operand for the relational operator; refers to the low value you enter.

OPERAND2

VARCHAR(1024)

NULL

Right operand for the relational operator; refers to the high value you enter.

PARENT_FACTOR_NAME

VARCHAR(128)

NULL

The parent factor link to which the map is related.

CHILD_FACTOR_NAME

VARCHAR(128)

NULL

The child factor link to which the map is related.

LABEL_IND

VARCHAR(1)

NULL

Indicates whether the child factor being linked to the parent factor contributes to the label of the parent factor in an Oracle Label Security integration. Possible values are:

  • Y (for Yes)

  • N (for No)

DVSYS.DBA_DV_JOB_AUTH View

The DVSYS.DBA_DV_JOB_AUTH data dictionary view lists the authorizations for using Oracle Scheduler in an Oracle Database Vault environment.

For example:

SELECT * FROM DVSYS.DBA_DV_JOB_AUTH WHERE GRANTEE = 'PRESTON';

Output similar to the following appears:

GRANTEE SCHEMA
------- ------
PRESTON OE     
Column Datatype           Null Description

GRANTEE

VARCHAR2(128)

NOT NULL

Name of the user who has been granted Oracle Scheduler authorization

SCHEMA

VARCHAR2(128)

NOT NULL

Name of the schema on which the user GRANTEE is authorized to perform Oracle Scheduler operations

DVSYS.DBA_DV_MAC_POLICY View

The DVSYS.DBA_DV_MAC_POLICY data dictionary view lists the Oracle Label Security policies defined for use with Oracle Database Vault.

For example:

SELECT POLICY_NAME, ALGORITHM_CODE, ALGORITHM_MEANING 
 FROM DVSYS.DBA_DV_MAC_POLICY;

Output similar to the following appears:

POLICY_NAME     ALGORITHM_CODE    ALGORITHM_MEANING
--------------- ----------------- --------------------------------
ACCESS_DATA     LUI               Minimum Level/Union/Intersection

Related Views

Column Datatype              Null Description

POLICY_NAME

VARCHAR(30)

NOT NULL

Name of the policy.

ALGORITHM_CODE

VARCHAR(128)

NOT NULL

Merge algorithm code used for the policy. See Table 18-3 for a listing of algorithm codes.

ALGORITHM_MEANING

VARCHAR(4000)

NULL

Provides a text description for the corresponding value in the ALGORITHM_CODE column. See Table 18-3 for a listing of algorithm code descriptions.

ERROR_LABEL

VARCHAR(4000)

NULL

Label specified for initialization errors, to be set when a configuration error or run-time error occurs during session initialization.

DVSYS.DBA_DV_MAC_POLICY_FACTOR View

The DVSYS.DBA_DV_MAC_POLICY data dictionary view lists the factors that are associated with Oracle Label Security policies.

You can use this view to determine what factors contribute to the maximum session label for each policy using the DBA_DV_MAC_POLICY view.

For example:

SELECT * FROM DVSYS.DBA_DV_MAC_POLICY_FACTOR;

Output similar to the following appears:

FACTOR_NAME    MAC_POLICY_NAME
-------------- ------------------
App_Host_Name  Access Locations

Related Views

Column Datatype             Null Description

FACTOR_NAME

VARCHAR(128)

NOT NULL

Name of the factor

MAC_POLICY_NAME

VARCHAR(30)

NOT NULL

Name of the Oracle Label Security policy associated with this facto

DVSYS.DBA_DV_ORADEBUG View

The DVSYS.DBA_DV_ORADEBUG data dictionary view indicates whether users can use the ORADEBUG utility in an Oracle Database Vault environment.

For example:

SELECT * FROM DVSYS.DBA_DV_ORADEBUG;

Output similar to the following appears:

STATE
--------
DISABLED
Column Datatype             Null Description

STATE

VARCHAR2(8)

NOT NULL

Describes whether the ORADEBUG utility can be used in a Database Vault-enabled environment. Possible values are:

  • ENABLED means that users can run the ORADEBUG utility

  • DISABLED means that users cannot run the ORADEBUG utility

DVSYS.DBA_DV_PATCH_ADMIN_AUDIT View

The DVSYS.DBA_DV_PATCH_ADMIN_AUDIT data dictionary view indicates if auditing has been enabled or disabled for the user who has the DV_ADMIN_PATCH role.

The DBMS_MACADM.ENABLE_DV_PATCH_ADMIN_AUDIT procedure enables this type of auditing.

For example:

SELECT * FROM DVSYS.DBA_DV_PATCH_ADMIN_AUDIT;

Output similar to the following appears:

STATE
--------
DISABLED
Column Datatype             Null Description

STATE

VARCHAR2(8)

NOT NULL

Describes whether auditing has been enabled or disabled for the DV_ADMIN_PATCH role user. Possible values are:

  • ENABLED means that the auditing has been enabled

  • DISABLED means that the auditing has been disabled

DVSYS.DBA_DV_POLICY_LABEL View

The DVSYS.DBA_DV_POLICY_LABEL data dictionary view lists the Oracle Label Security label for each factor identifier in the DBA_DV_IDENTITY view for each policy.

For example:

SELECT * FROM DVSYS.DBA_DV_POLICY_LABEL;

Output similar to the following appears:

IDENTITY_VALUE   FACTOR_NAME     POLICY_NAME       LABEL
---------------- --------------  ----------------  ---------
App_Host_Name    Sect2_Fin_Apps  Access Locations  Sensitive

Related Views

Column Datatype                Null Description

IDENTITY_VALUE

VARCHAR(1024)

NOT NULL

Name of the factor identifier.

FACTOR_NAME

VARCHAR(128)

NOT NULL

Name of the factor associated with the factor identifier.

POLICY_NAME

VARCHAR(30)

NOT NULL

Name of the Oracle Label Security policy associated with this factor.

LABEL

VARCHAR(4000)

NOT NULL

Name of the Oracle Label Security label associated with the policy.

DVSYS.DBA_DV_PROXY_AUTH View

The DVSYS.DBA_DV_PROXY_AUTH data dictionary view lists the proxy users and schemas that were specified by the DBMS_MACADM.AUTHORIZE_PROXY_USER procedure.

This procedure grants a proxy user authorization to proxy other user accounts.

For example:

SELECT * FROM DVSYS.DBA_DV_DDL_AUTH WHERE GRANTEE = 'PRESTON';

Output similar to the following appears:

GRANTEE SCHEMA
------- ------
PRESTON DKENT     
Column Datatype                  Null Description

GRANTEE

VARCHAR2(128)

NOT NULL

Name of the proxy user

SCHEMA

VARCHAR2(128)

NOT NULL

Name of the schema that is proxied by the GRANTEE user.

DVSYS.DBA_DV_PUB_PRIVS View

The DVSYS.DBA_DV_PUB_PRIVS data dictionary view lists data reflected in the Oracle Database Vault privilege management reports used in Oracle Database Vault Administrator.

See also Privilege Management - Summary Reports.

For example:

SELECT USERNAME, ACCESS_TYPE FROM DVSYS.DBA_DV_PUB_PRIVS WHERE USERNAME = 'OE';

Output similar to the following appears:

USERNAME    ACCESS_TYPE
----------- -----------------
OE          PUBLIC

Related Views

Column Datatype             Null Description

USERNAME

VARCHAR(128)

NOT NULL

Database schema in the current database instance.acces

ACCESS_TYPE

VARCHAR(128)

NULL

Access type granted to the user listed in the USERNAME column (for example, PUBLIC).

PRIVILEGE

VARCHAR(40)

NOT NULL

Privilege granted to the user listed in the USERNAME column.

OWNER

VARCHAR(128)

NOT NULL

Owner of the database schema to which the USERNAME user has been granted privileges.

OBJECT_NAME

VARCHAR(128)

NOT NULL

Name of the object within the schema listed in the OWNER column.

DVSYS.DBA_DV_REALM View

The DVSYS.DBA_DV_REALM data dictionary view lists the realms created in the current database instance.

For example:

SELECT NAME, AUDIT_OPTIONS, ENABLED FROM DVSYS.DBA_DV_REALM 
  WHERE AUDIT_OPTIONS = '1';

Output similar to the following appears:

NAME                          AUDIT_OPTIONS    ENABLED
----------------------------- ---------------- --------
Performance Statistics Realm  1                Y

Related Views

Column Datatype               Null Description

NAME

VARCHAR(90)

NOT NULL

Names of the realms created. SeeDefault Realms for a listing of default realms.

DESCRIPTION

VARCHAR(1024)

NOT NULL

Description of the realm created.

AUDIT_OPTIONS

NUMBER

NOT NULL

Specifies whether auditing is enabled. Possible values are:

  • 0: No auditing for the realm.

  • 1: Creates an audit record when a realm violation occurs (for example, when an unauthorized user tries to modify an object that is protected by the realm).

  • 2: Creates an audit record for authorized activities on objects protected by the realm.

  • 3: Creates an audit record for both authorized and unauthorized activities on objects protected by the realm.

ENABLED

VARCHAR(1)

NOT NULL

Specifies whether realm checking is enabled. Y (Yes) indicates it is enabled; N (No) indicates it is not.

DVSYS.DV$REALM View

The DVSYS.DV$REALM data dictionary view lists the realms created in the current database instance.

It also indicates information such as who created and updated the realm, and when the realm was created and updated.

For example:

SELECT NAME, CREATED_BY, TYPE FROM DVSYS.DV$REALM WHERE NAME LIKE 'Statistics';

Output similar to the following appears:

NAME                         CREATED_BY TYPE 
---------------------------- ---------- -----
Performance Statistics Realm JGODFREY   2

Related Views

Column Datatype                 Null Description

ID#

NUMBER

NOT NULL

ID number of the realm

NAME

VARCHAR2(128)

NOT NULL

Name of the realm

DESCRIPTION

VARCHAR2(1024)

NULL

Description of the realm

AUDIT_OPTIONS

NUMBER

NOT NULL

Audit options set for the realm. See audit_options in Table 13-10 for a description of the possible values.

ENABLED

VARCHAR2(1)

NOT NULL

Whether the realm has been enabled. See enabled in Table 13-10 for a description of the possible values.

REALM_TYPE

NUMBER

NULL

Type of realm: whether it is a regular realm or a mandatory realm. See realm_type in Table 13-10 for a description of the possible values.

VERSION

NUMBER

NULL

Version of Oracle Database Vault in which the realm was created

CREATED_BY

VARCHAR2(128)

NULL

User who created the realm

CREATE_DATE

DATE

NULL

Date on which the realm was created.

UPDATED_BY

VARCHAR2(128)

NULL

User who last updated the realm

UPDATE_DATE

DATE

NULL

Date on which the realm was last updated

DVSYS.DBA_DV_REALM_AUTH View

The DVSYS.DBA_DV_REALM_AUTH data dictionary view lists database user account or role authorization (GRANTEE) who can access realm objects.

See About Realm Authorization for more information.

For example:

SELECT REALM_NAME, GRANTEE, AUTH_RULE_SET_NAME FROM DVSYS.DBA_DV_REALM_AUTH;

Output similar to the following appears:

REALM_NAME                    GRANTEE  AUTH_RULE_SET_NAME
---------------------------- --------- ---------------------
Performance Statistics Realm  SYSADM   Check Conf Access 

Related Views

Column Datatype                 Null Description

REALM_NAME

VARCHAR(90)

NOT NULL

Name of the realm.

GRANTEE

VARCHAR(30)

NOT NULL

User or role name to authorize as owner or participant.

AUTH_RULE_SET_NAME

VARCHAR(90)

NULL

Rule set to check before authorizing. If the rule set evaluates to TRUE, then the authorization is allowed.

AUTH_OPTIONS

VARCHAR(4000)

NULL

Type of realm authorization: either Participant or Owner.

DVSYS.DBA_DV_REALM_OBJECT View

The DVSYS.DBA_DV_REALM_OBJECT data dictionary view lists the database schemas, or subsets of schemas, that are secured by the realms.

See About Realm-Secured Objects for more information.

For example:

SELECT REALM_NAME, OWNER, OBJECT_NAME FROM DVSYS.DBA_DV_REALM_OBJECT;

Output similar to the following appears:

REALM_NAME                   OWNER    OBJECT_NAME
---------------------------- -------- -----------
Performance Statistics Realm OE       ORDERS

Related Views

Column Datatype            Null Description

REALM_NAME

VARCHAR(90)

NOT NULL

Name of the realm.

OWNER

VARCHAR(90)

NOT NULL

Database schema owner who owns the realm.

OBJECT_NAME

VARCHAR(90)

NOT NULL

Name of the object the realm protects.

OBJECT_TYPE

VARCHAR(90)

NOT NULL

Type of object the realm protects, such as a database table, view, index, or role.

DVSYS.DBA_DV_ROLE View

The DVSYS.DBA_DV_ROLE data dictionary view lists the Oracle Database Vault secure application roles used in privilege management.

For example:

SELECT ROLE, RULE_NAME FROM DVSYS.DBA_DV_ROLE;

Output similar to the following appears:

ROLE               RULE_NAME
------------------ --------------------
Sector2_APP_MGR    Check App2 Access
Sector2_APP_DBA    Check App2 Access

Related Views

Column Datatype               Null Description

ROLE

VARCHAR(30)

NOT NULL

Name of the secure application role.

RULE_NAME

VARCHAR(90)

NOT NULL

Name of the rule set associated with the secure application role.

ENABLED

VARCHAR(1)

NOT NULL

Indicates whether the secure application role is enabled. Y (Yes) enables the role; N (No) disables it.

DVSYS.DBA_DV_RULE View

The DVSYS.DBA_DV_RULE data dictionary view lists the rules that have been defined.

For example:

SELECT * FROM DVSYS.DBA_DV_RULE WHERE NAME = 'Maintenance Window';

Output similar to the following appears:

NAME                RULE_EXP
------------------- ----------------------------------------------
Maintenance Window  TO_CHAR(SYSDATE,'HH24') BETWEEN '10' AND '12'

To find the rule sets that use specific rules, query the DBA_DV_RULE_SET_RULE view.

Related Views

Column Datatype              Null Description

NAME

VARCHAR(90)

NOT NULL

Name of the rule.

RULE_EXPR

VARCHAR(1024)

NOT NULL

PL/SQL expression for the rule.

DVSYS.DBA_DV_RULE_SET View

The DVSYS.DBA_DV_RULE_SET data dictionary view lists the rules sets that have been created.

For example:

SELECT RULE_SET_NAME, HANDLER_OPTIONS, HANDLER FROM DVSYS.DBA_DV_RULE_SET
 WHERE RULE_SET_NAME = 'Maintenance Period';

Output similar to the following appears:

RULE_SET_NAME       HANDLER_OPTIONS  HANDLER
------------------- ---------------- ----------------------
Maintenance Period                   1 dbavowner.email_alert

Related Views

Column Datatype                Null Description

RULE_SET_NAME

VARCHAR(128)

NOT NULL

Name of the rule set.

DESCRIPTION

VARCHAR(1024)

NULL

Description of the rule set.

ENABLED

VARCHAR(1)

NOT NULL

Indicates whether the rule set has been enabled. Y (Yes) enables the rule set; N (No) disables it.

EVAL_OPTIONS_MEANING

VARCHAR(4000)

NULL

For rules sets that contain multiple rules, determines how many rules are evaluated. Possible values are:

  • All True: All rules in the rule set must evaluate to true for the rule set itself to evaluate to TRUE.

  • Any True: At least one rule in the rule set must evaluate to true for the rule set itself to evaluate to TRUE.

AUDIT_OPTIONS

NUMBER

NOT NULL

Indicates when auditing is used. Possible values are:

  • 0: No auditing

  • 1: Audit on failure

  • 2: Audit on success

  • 3: Audit on both failure and success

FAIL_OPTIONS_MEANING

VARCHAR(4000)

NULL

Determines when an audit record is created for the rule set. Possible values are:

  • Do Not Show Error Message.

  • Show Error Message

FAIL_MESSAGE

VARCHAR(80)

NULL

Error message for failure that is associated with the fail code listed in the FAIL_CODE column.

FAIL_CODE

VARCHAR(10)

NULL

The error message number associated with the message listed in the FAIL_MESSAGE column. Possible values are in the ranges of -20000 to -20999 or 20000 to 20999.

HANDLER_OPTIONS

NUMBER

NOT NULL

Determines how error handling is used. Possible values are:

  • 0: Disables error handling.

  • 1: Call handler on rule set failure.

  • 2: Call handler on rule set success.

HANDLER

VARCHAR(1024)

NULL

Name of the PL/SQL function or procedure that defines the custom event handler logic.

IS_STATIC

VARCHAR2(5)

NULL

Indicates how often the rule set is evaluated during a user session. Possible values are:

  • TRUE: The rule set is evaluated once, and result of the rule set is reused throughout the user session.

  • FALSE (default): The rule set is evaluated each time it is accessed during the user session.

DVSYS.DBA_DV_RULE_SET_RULE View

The DVSYS.DBA_DV_RULE_SET_RULE data dictionary view lists rules that are associated with existing rule sets.

For example:

SELECT RULE_SET_NAME, RULE_NAME, RULE_EXPR FROM DVSYS.DBA_DV_RULE_SET_RULE
 WHERE RULE_NAME = 'Is Security Officer';

Output similar to the following appears:

RULE_SET_NAME                RULE_NAME          RULE_EXP
---------------------------- ------------------ ---------------------------------
Can Grant VPD Administration Is Security Owner  DBMS_MACUTL.USER_HAS_ROLE_VARCHAR
                                                ('DV_OWNER',
                                                  dvsys.dv_login_user) = 'Y'
                                                

Related Views

Column Datatype              Null Description

RULE_SET_NAME

VARCHAR(90)

NOT NULL

Name of the rule set that contains the rule.

RULE_NAME

VARCHAR(90)

NOT NULL

Name of the rule.

RULE_EXPR

VARCHAR(1024)

NOT NULL

PL/SQL expression that defines the rule listed in the RULE_NAME column.

ENABLED

VARCHAR(1)

NULL

Indicates whether the rule is enabled or disabled. Y (Yes) enables the rule set; N (No) disables it.

RULE_ORDER

NUMBER

NOT NULL

The order in which rules are used within the rule set. Does not apply to this release.

DVSYS.DBA_DV_STATUS View

The DVSYS.DBA_DV_STATUS data dictionary view shows the status of Oracle Database Vault being enabled and configured.

For example:

SELECT * FROM DVSYS.DBA_DV_STATUS;

Output similar to the following appears:

NAME                 STATUS
-------------------- ------
DV_CONFIGURE_STATUS  TRUE
DV_ENABLE_STATUS     TRUE     
Column Datatype           Null Description

NAME

VARCHAR2(19)

NOT NULL

Shows either of the following settings:

  • DV_CONFIGURE_STATUS shows whether Oracle Database Vault has been configured, that is, with the DVSYS.CONFIGURE_DV procedure.

  • DV_ENABLE_STATUS shows whether Oracle Database Vault has been enabled, that is, with the DBMS_MACADM.ENABLE_DV procedure.

STATUS

VARCHAR2(64)

NOT NULL

TRUE means that Oracle Database Vault is configured or enabled; FALSE means that it is not.

DVSYS.DBA_DV_TTS_AUTH View

The DVSYS.DBA_DV_TTS_AUTH data dictionary view lists users who have been granted authorization through the DBMS_MACADM.AUTHORIZE_TTS_USER procedure to perform Oracle Data Pump transportable operations.

See Using Oracle Data Pump with Oracle Database Vault for more information.

For example:

SELECT * FROM DVSYS.DBA_DV_TTS_AUTH;

Output similar to the following appears:

GRANTEE  TSNAME
-------- --------
DB_MGR   HR_TS

Related Views

Column Datatype             Null Description

GRANTEE

VARCHAR(128)

NOT NULL

Name of the user who has been granted transportable tablespace authorization

TSNAME

VARCHAR(128)

NOT NULL

Name of the transportable tablespace to which the GRANTEE user has been granted authorization

DVSYS.DBA_DV_USER_PRIVS View

The DVSYS.DBA_DV_USER_PRIVS data dictionary view lists the privileges for a database user account excluding privileges granted through the PUBLIC role.

For example:

SELECT USERNAME, ACCESS_TYPE, PRIVILEGE FROM DVSYS.DBA_DV_USER_PRIVS;

Output similar to the following appears:

USERNAME  ACCESS_TYPE          PRIVILEGE
--------- -------------------- ------------
DVSYS     DV_PUBLIC            EXECUTE
DVOWNER   DV_ADMIN             SELECT
SYS       SELECT_CATALOG_ROLE  SELECT
...

Related Views

Column Datatype             Null Description

USERNAME

VARCHAR(128)

NOT NULL

Name of the database schema account in which privileges have been defined.

ACCESS_TYPE

VARCHAR(128)

NULL

Role the database user account listed in the USERNAME column uses to access the database. Oracle Database Vault accounts have direct access.

PRIVILEGE

VARCHAR(40)

NOT NULL

Privilege granted to the user listed in the USERNAME column.

OWNER

VARCHAR(128)

NOT NULL

Name of the database user account.

OBJECT_NAME

VARCHAR(128)

NOT NULL

Name of the PL/SQL function or procedure used to define privileges.

DVSYS.DBA_DV_USER_PRIVS_ALL View

The DVSYS.DBA_DV_USER_PRIVS_ALL data dictionary view lists the privileges for a database account including privileges granted through PUBLIC.

For example:

SELECT USERNAME, ACCESS_TYPE, PRIVILEGE FROM DVSYS.DBA_DV_USER_PRIVS;

Output similar to the following appears:

USERNAME            ACCESS_TYPE  PRIVILEGE
------------------- ------------ -----------------
bea_DVACCTMGR  CONNECT      CREATE_SESSION
LEO_DVOWNER      DIRECT       CREATE PROCEDURE
...

Related Views

Column Datatype              Null Description

USERNAME

VARCHAR(128)

NULL

Name of the database schema account in which privileges have been defined.

ACCESS_TYPE

VARCHAR(128)

NULL

Role the database user account listed in the USERNAME column uses to access the database. Oracle Database Vault accounts have direct access.

PRIVILEGE

VARCHAR(40)

NULL

Privilege granted to the user listed in the USERNAME column.

OWNER

VARCHAR(128)

NULL

Name of the database user account.

OBJECT_NAME

VARCHAR(128)

NULL

Name of the PL/SQL function or procedure used to define privileges.

DVSYS.DV$CONFIGURATION_AUDIT View

The DVSYS.DV$CONFIGURATION_AUDIT data dictionary view captures DVSYS.AUDIT_TRAIL$ table audit trail records.

It includes records that are related to successful and failed configuration changes made to realms, rules, rule sets, factors, and other Oracle Database Vault policy configuration activities.

For example:

SELECT USERNAME, ACTION_NAME FROM DVSYS.DV$CONFIGURATION_AUDIT 
WHERE USERNAME = 'PSMITH';

Output similar to the following appears:

USERNAME   ACTION_NAME 
---------- ---------------------
PSMITH     Realm Creation Audit
PSMITH     Rule Set Update Audit

Related View

Column Datatype              Null Description

ID#

NUMBER

NOT NULL

Numeric identifier for the audit record

OS_USERNAME

VARCHAR(255)

NULL

Operating system login user name of the user whose actions were audited

USERNAME

VARCHAR(128)

NULL

Name of the database user whose actions were audited

USERHOST

VARCHAR2(128)

NULL

Client computer name

TERMINAL

VARCHAR2(30)

NULL

Identifier for the user's terminal

TIMESTAMP

DATA

NULL

Date and time of creation of the audit trail entry (in the local database session time zone)

OWNER

VARCHAR2(128)

NULL

Creator of the object affected by the action, always DVSYS (because DVSYS is where objects are created)

OBJ_NAME

VARCHAR2(128)

NULL

Name of the object affected by the action. Expected values are:

  • ROLE$

  • REALM$

  • CODE$

  • FACTOR$

ACTION

NUMBER

NOT NULL

Numeric action type code. The corresponding name of the action type is in the ACTION_NAME column. See Table 22-2 for a listing of the possible actions.

ACTION_NAME

VARCHAR2(128)

NULL

Name of the action type corresponding to the numeric code in the ACTION column. See Table 22-2 for a listing of the possible actions.

ACTION_OBJECT_ID

NUMBER

NULL

The unique identifier of the record in the table specified under OBJ_NAME

ACTION_OBJECT_NAME

VARCHAR2(128)

NULL

The unique name or natural key of the record in the table specified under OBJ_NAME

ACTION_COMMAND

VARCHAR2(4000)

NULL

The SQL text of the command procedure that was executed that resulted in the audit event being triggered

AUDIT_OPTION

VARCHAR2(4000)

NULL

The labels for all audit options specified in the record that resulted in the audit event being triggered. For example, a factor set operation that is supposed to audit on get failure and get NULL would indicate these two options.

RULE_SET_ID

NUMBER

NULL

The unique identifier of the rule set that was executing and caused the audit event to trigger

RULE_SET_NAME

VARCHAR2(128)

NULL

The unique name of the rule set that was executing and caused the audit event to trigger

RULE_ID

NUMBER

NULL

Not used

RULE_NAME

VARCHAR2(128)

NULL

Not used

FACTOR_CONTEXT

VARCHAR2(4000)

NULL

An XML document that contains all of the factor identifiers for the current session at the point when the audit event was triggered

COMMENT_TEXT

VARCHAR2(4000)

NULL

Text comment on the audit trail entry, providing more information about the statement audited

SESSIONID

NUMBER

NOT NULL

Numeric identifier for each Oracle session

ENTRYID

NUMBER

NOT NULL

Same as the value in the ID# column

STATEMENTID

NUMBER

NOT NULL

Numeric identifier for the statement invoked that caused the audit event to be generated. This is empty for most Oracle Database Vault events.

RETURNCODE

NUMBER

NOT NULL

Oracle error code generated by the action. The error code for a statement or procedure invoked that caused the audit event to be generated. This is empty for most Oracle Database Vault events.

EXTENDED_TIMESTAMP

TIMESTAMP(6) WITH TIME ZONE

NULL

Time stamp of creation of the audit trail entry (time stamp of user login for entries) in UTC (Coordinated Universal Time) time zone

PROXY_SESSIONID

NUMBER

NULL

Proxy session serial number, if an enterprise user has logged in through the proxy mechanism

GLOBAL_UID

VARCHAR2(32)

NULL

Global user identifier for the user, if the user has logged in as an enterprise user

INSTANCE_NUMBER

NUMBER

NULL

Instance number as specified by the INSTANCE_NUMBER initialization parameter

OS_PROCESS

VARCHAR2(16)

NULL

Operating system process identifier of the Oracle process

CREATED_BY

VARCHAR2(128)

NULL

Database login user name of the user whose actions were audited

CREATE_DATE

DATE

NULL

Date on which the action occurred, based on the SYSDATE date

UPDATED_BY

VARCHAR2(128)

NULL

Same as CREATED_BY column value

UPDATE_DATE

DATE

NULL

Same as UPDATED_BY column value

GRANTEE

VARCHAR2(128)

NULL

User ID of users who have been granted Database Vault-protected roles, realm authorization, command-rule authorization, job scheduler authorization, or Oracle Data Pump authorizations

ENABLED_STATUS

VARCHAR2(1)

NULL

Indicates whether the configuration was enabled

Table 22-2 describes the possible values for the ACTION column of the DVSYS.DV$CONFIGURATION_AUDIT view.

Table 22-2 DVSYS.DV$CONFIGURATION_AUDIT View ACTION Values

Action Type Code Action Name

20001

Enable DV enforcement Audit

20002

Disable DV enforcement Audit

20003

Realm Creation Audit

20004

Realm Update Audit

20005

Realm Rename Audit

20006

Realm Deletion Audit

20007

Add Realm Auth Audit

20008

Delete Realm Auth Audit

20009

Update Realm Auth Audit

20010

Add Realm Object Audit

20011

Update Realm Object Audit

20012

Delete Realm Object Audit

20013

Enable Event Audit

20014

Disable Event Audit

20015

Rule Set Creation Audit

20016

Rule Set Update Audit

20017

Rule Set Rename Audit

20018

Rule Set Deletion Audit

20019

Add Rule To Rule Set Audit

20020

Delete Rule From Rule Set Audit

20021

Rule Creation Audit

20022

Rule Update Audit

20023

Rule Rename Audit

20024

Rule Deletion Audit

20025

CommandRule Creation Audit

20026

CommandRule Update Audit

20027

CommandRule Deletion Audit

20028

Authorize Datapump User Audit

20029

Unauthorize Datapump User Audit

20030

Authorize Job User Audit

20031

Unauthorize Job User Audit

20032

Factor_Type Creation Audit

20033

Factor_Type Deletion Audit

20034

Factor_Type Update Audit

20035

Factor_Type Rename Audit

20036

Factor Creation Audit

20037

G_FACTOR_DELETION_AUDIT_CODE

20038

Factor Update Audit

20039

Factor Rename Audit

20040

Add Factor Link Audit

20041

Delete Factor Link Audit

20042

Add Policy Factor Audit

20043

Delete Policy Factor Audit

20044

Create Identity Audit

20045

Delete Identity Audit

20046

Update Identity Audit

20047

Change Identity Factor Audit

20048

Change Identity Value Audit

20049

Create Identity Map Audit

20050

Delete Identity Map Audit

20051

Create Policy Label Audit

20052

Delete Policy Label Audit

20053

Create Mac Policy Audit

20054

Update Mac Policy Audit

20055

Delete Mac Policy Audit

20056

Create Role Audit

20057

Delete Role Audit

20058

Update Role Audit

20059

Rename Role Audit

20060

Create Domain Identity Audit

20061

Drop Domain Identity Audit

20062

Enable Oradebug Audit

20063

Disable Oradebug Audit

20064

Authorize Proxy User Audit

20065

Unauthorize Proxy User Audit

20066

Enable DV Dictionary Accounts Audit

20067

Disable DV Dictionary Accounts Audit

20068

Authorize DDL Audit

20069

Unauthorize DDL Audit

20070

Authorize TTS Audit

20071

Unauthorize TTS Audit

20072

Authorize PREPROCESSOR Audit

20073

Unauthorize PREPROCESSOR Audit

20074

Create Policy Audit

20075

Update Policy Description Audit

20076

Update Policy State Audit

20077

Rename Policy Audit

20078

Drop Policy Audit

20079

Add Realm to Policy Audit

20080

Delete Realm From Policy Audit

20081

Add Command Rule to Policy Audit

20082

Delete Command Rule from Policy Audit

20083

Add Policy Owner Audit

20084

Delete Policy Owner Audit

20085

Authorize Maintenance Audit

20086

Unauthorize Maintenance Audit

DVSYS.DV$ENFORCEMENT_AUDIT View

The DVSYS.DV$ENFORCEMENT_AUDIT data dictionary view provides information about enforcement-related audits from the DVSYS.AUDIT_TRAIL$ table.

It captures user violations on command rules, realms, and factors.

For example:

SELECT USERNAME, ACTION_COMMMAND FROM DVSYS.DV$ENFORCEMENT_AUDIT 
WHERE OWNER = 'HR';

Output similar to the following appears:

USERNAME    ACTION_COMMMAND
----------- ------------------------------
PSMITH      CREATE_REALM

Related View

Column Datatype              Null Description

ID#

NUMBER

NOT NULL

Numeric identifier for the audit record

OS_USERNAME

VARCHAR(255)

NULL

Operating system login user name of the user whose actions were audited

USERNAME

VARCHAR(128)

NULL

Name of the database user whose actions were audited

USERHOST

VARCHAR(255)

NULL

Client computer name

TERMINAL

VARCHAR(255)

NULL

Identifier for the user's terminal

TIMESTAMP

DATE

NULL

Date and time of creation of the audit trail entry (in the local database session time zone)

OWNER

VARCHAR(128)

NULL

Creator of the object affected by the action, always DVSYS (because DVSYS is where objects are created)

OBJ_NAME

VARCHAR(128)

NULL

Name of the object affected by the action. Expected values are:

  • ROLE$

  • REALM$

  • CODE$

  • FACTOR$

ACTION

NUMBER

NOT NULL

Numeric action type code. The corresponding name of the action type is in the ACTION_NAME column. See Table 22-3 for a listing of the possible actions.

ACTION_NAME

VARCHAR(128)

NULL

Name of the action type corresponding to the numeric code in the ACTION column

ACTION_OBJECT_ID

NUMBER

NULL

The unique identifier of the record in the table specified under OBJ_NAME

ACTION_OBJECT_NAME

VARCHAR(128)

NULL

The unique name or natural key of the record in the table specified under OBJ_NAME

ACTION_COMMAND

VARCHAR2(4000)

NULL

The SQL text of the command procedure that was executed that resulted in the audit event being triggered

AUDIT_OPTION

VARCHAR2(4000)

NULL

The labels for all audit options specified in the record that resulted in the audit event being triggered. For example, a factor set operation that is supposed to audit on get failure and get NULL would indicate these two options.

RULE_SET_ID

NUMBER

NULL

The unique identifier of the rule set that was executing and caused the audit event to trigger

RULE_SET_NAME

VARCHAR(128)

NULL

The unique name of the rule set that was executing and caused the audit event to trigger

RULE_ID

NUMBER

NULL

Not used

RULE_NAME

VARCHAR2(128)

NULL

Not used

FACTOR_CONTEXT

VARCHAR2(4000)

NULL

An XML document that contains all of the factor identifiers for the current session at the point when the audit event was triggered

COMMENT_TEXT

VARCHAR2(4000)

NULL

Text comment on the audit trail entry, providing more information about the statement audited

SESSIONID

NUMBER

NOT NULL

Numeric identifier for each Oracle session

ENTRYID

NUMBER

NOT NULL

Same as the value in the ID# column

STATEMENTID

NUMBER

NOT NULL

Numeric identifier for the statement invoked that caused the audit event to be generated. This is empty for most Oracle Database Vault events.

RETURNCODE

NUMBER

NOT NULL

Oracle error code generated by the action. The error code for a statement or procedure invoked that caused the audit event to be generated. This is empty for most Oracle Database Vault events.

EXTENDED_TIMESTAMP

TIMESTAMP(6) WITH TIME ZONE

NULL

Time stamp of creation of the audit trail entry (time stamp of user login for entries) in UTC (Coordinated Universal Time) time zone

PROXY_SESSIONID

NUMBER

NULL

Proxy session serial number, if an enterprise user has logged in through the proxy mechanism

GLOBAL_UID

VARCHAR2(32)

NULL

Global user identifier for the user, if the user has logged in as an enterprise user

INSTANCE_NUMBER

NUMBER

NULL

Instance number as specified by the INSTANCE_NUMBER initialization parameter

OS_PROCESS

VARCHAR2(16)

NULL

Operating system process identifier of the Oracle process

CREATED_BY

VARCHAR2(128)

NULL

Database login user name of the user whose actions were audited

CREATE_DATE

DATE

NULL

Date on which the action occurred, based on the SYSDATE date

UPDATED_BY

VARCHAR2(128)

NULL

Same as CREATED_BY column value

UPDATE_DATE

DATE

NULL

Same as UPDATED_BY column value

The following table describes the possible values for the ACTION column of the DVSYS.DV$ENFORCEMENT_AUDIT view.

Table 22-3 DVSYS.DV$ENFORCEMENT_AUDIT View ACTION Values

Action Type Code Action Name

10000

Factor Evaluation Audit

10001

Factor Assignment Audit

10002

Factor Expression Audit

10003

Realm Violation Audit

10004

Realm Authorization Audit

10005

Command Authorization Audit

10006

Secure Role Audit

10007

Session Initialization Audit

10008

Secure Command Authorization Audit

10009

OLS Session Initialization Audit

10010

OLS Attempt to Upgrade Label Audit

10011

Command Failure Audit

SYS.DV$CONFIGURATION_AUDIT View

The SYS.DV$CONFIGURATION_AUDIT view is almost the same as the DVSYS.DV$CONFIGURATION_AUDIT view except that it captures unified audit trail Database Vault audit records.

SYS.DV$ENFORCEMENT_AUDIT View

The SYS.DV$ENFORCEMENT_AUDIT view is almost the same as the DVSYS.DV$ENFORCEMENT_AUDIT view except that it captures unified audit trail Database Vault audit records.