Use Oracle Database Vault to Manage Database User Privileges

Oracle Autonomous Database supports Oracle Database Vault, which you can use to implement powerful security controls within your dedicated database. These unique security controls restrict access to application data by privileged database users, reducing the risk of insider and outside threats and addressing common compliance requirements.

You can deploy controls to block privileged account access to application data and control sensitive operations inside the database. Trusted paths can be used to add additional security controls to authorized data access and database changes. Through the runtime analysis of privileges and roles, you can increase the security of existing applications by implementing least privileges and reducing the attack profile of your database accounts. Oracle Database Vault secures existing database environments transparently, eliminating costly and time consuming application changes.

Before using Oracle Database Vault, be sure to review What to Expect After You Enable Oracle Database Vault to gain an understanding of the impact of configuring and enabling Database Vault.

For detailed information on implementing Oracle Database Vault features, be sure to refer to Oracle Database Vault Administrator’s Guide.

Tip:

To try out the process of setting up Database Vault, you can go through the Protect your data with Database Vault hands-on lab.

Configure and Enable Oracle Database Vault

To configure and enable Enable Oracle Database Vault in your Autonomous Transaction Processing dedicated database, you create database users to act as the Database Vault owner and account manager, and then use these users when configuring and enabling Database Vault.

  1. Connect as the ADMIN user to your dedicated database.
  2. Create the Database Vault owner and account manager users; for example:
    create user dbv_owner identified by <password>;
    grant create session to dbv_owner;
    create user dbv_acctmgr identified by <password>;
    grant create session to dbv_acctmgr;
  3. Configure Database Vault, providing the owner and account manager user names in the command; for example:
    exec dvsys.configure_dv('dbv_owner','dbv_acctmgr');
  4. Connect as the Database Vault owner (dbv_owner in this example) to your dedicated database.
  5. Enable Database Vault:
    exec dbms_macadm.enable_dv;
  6. Restart (that is, stop and then start) your Autonomous Transaction Processing dedicated deployment.