Index
A
- access control policy
- reports
- Core Database Vault Audit Report 27.5.5
- reports
- Access to Sensitive Objects Report 27.6.3.2
- accounts
- See: database accounts
- Accounts With DBA Roles Report 27.6.5.2
- Accounts with SYSDBA/SYSOPER Privilege Report 27.6.3.4
- ad hoc tools
- preventing use of 8.7.1
- administrators
- ADRCI utility
- Database Vault E.1.6.3
- alerts
- ALTER ROLE statement
- monitoring 26.1
- ALTER SESSION command rules 7.1.3.2, 17.7
- about 7.1.3.2
- ALTER SESSION event command rules
- ALTER SESSION privilege
- ALTER SESSION statement
- guidelines on managing privileges D.6.6.1
- ALTER SYSTEM command rules
- deleting system event command rules 17.8
- ALTER SYSTEM event command rules
- ALTER SYSTEM or ALTER SESSION Report 27.6.5.5
- ALTER SYSTEM privilege
- reports, ALTER SYSTEM or ALTER SESSION Report 27.6.5.5
- ALTER SYSTEM statement
- guidelines on managing privileges D.6.6.1
- ALTER USER statement
- monitoring 26.1
- ANY System Privileges for Database Accounts Report 27.6.2.4
- application security
- finding privilege use by users 4.1.5.1
- AUDIT_SYS_OPERATIONS initialization parameter 2.1
- AUDIT_TRAIL$ system table
- auditing
- about A.1
- archiving Database Vault audit trail A.4.2
- about A.4.1
- Core Database Audit Report 27.6.8
- DBMS_MACUTL fields 21.1.1
- factors
- options 8.3.4.3
- intruders
- using factors 8.3.4.2
- Oracle Database audit settings A.5
- purging Database Vault audit trail A.4.3
- about A.4.1
- realms
- reports 27.5
- rule sets
- secure application roles
- audit records 9.9
- auditing policies
- audit policy change
- monitoring 26.1
- AUDIT privilege 27.6.5.10
- AUDIT Privileges Report 27.6.5.10
- authentication
- authorizations
- AUTHORIZE_MAINTENANCE_USER procedure 22.1.5
C
- catalog-based roles 27.6.5.9
- CDB_DV_STATUS view 25.2
- CDBs
- clients
- finding IP address with DVF.F$CLIENT_IP 18.3.3
- code groups
- retrieving value with DBMS_MACUTL functions 21.2
- Command Rule Audit Report 27.5.2
- Command Rule Configuration Issues Report 27.4.1
- command rules 7.1.1, 7.3, 7.4
- See also: rule sets
- about 7.1.1
- creating 7.4
- data dictionary view 7.11
- data masking 13.11.4
- default command rules 7.2
- deleting 7.6
- editing 7.4
- functions
- DBMS_MACUTL (utility) 21
- guidelines 7.9
- how command rules work 7.7
- modifying enablement status 7.5
- objects
- performance effect 7.10
- procedures
- DBMS_MACADM (configuration) 17
- process flow 7.7
- propagating configuration to other databases 13.2.1
- reports 7.11
- rule sets
- simulation mode 11.1
- troubleshooting
- with auditing report 27.5.2
- tutorial 7.8
- views 7.11, 25.4
- with PDBs 7.1.2
- compliance
- Oracle Database Vault addressing 1.4
- computer name
- configuration
- CONFIGURE_DV procedure
- CONNECT command rules
- CONNECT events, controlling with command rules 7.1.1
- connection pooling
- finding unnecessarily granted privileges 4.1.5.1
- context profiles
- privilege analysis 4.1.4
- core database
- troubleshooting with Core Database Vault Audit Report 27.5.5
- Core Database Audit Report 27.6.8
- Core Database Vault Audit Trail Report 27.5.5
- CPU_PER_SESSION resource profile 27.6.6.2
- CREATE ANY JOB privilege D.6.3
- CREATE ANY JOB statement
- guidelines on managing privileges D.6.3
- CREATE EXTERNAL JOB privilege D.6.4
- CREATE JOB privilege D.6.3
- CREATE JOB statement
- guidelines on managing privileges D.6.3
- CREATE ROLE statement
- monitoring 26.1
- CREATE USER statement
- monitoring 26.1
- CTXSYS schema realm protection 5.2.4
D
- Database Account Default Password Report 27.6.7.1
- database accounts
- backup DV_OWNER and DV_ACCTMGR 14.4
- configuring Database Vault accounts as enterprise users 12.1.3
- counting privileges of 27.6.4.1
- DBSNMP
- DVSYS 14.3
- LBACSYS 14.3
- monitoring 26.1
- reports
- Accounts With DBA Roles Report 27.6.5.2
- ALTER SYSTEM or ALTER SESSION Report 27.6.5.5
- ANY System Privileges for Database Accounts Report 27.6.2.4
- AUDIT Privileges Report 27.6.5.10
- BECOME USER Report 27.6.5.4
- Database Account Default Password Report 27.6.7.1
- Database Account Status Report 27.6.7.2
- Database Accounts With Catalog Roles Report 27.6.5.9
- Direct and Indirect System Privileges By Database Account Report 27.6.2.2
- Direct Object Privileges Report 27.6.1.3
- Direct System Privileges By Database Account Report 27.6.2.1
- Hierarchical System Privileges by Database Account Report 27.6.2.3
- Object Access By PUBLIC Report 27.6.1.1
- Object Access Not By PUBLIC Report 27.6.1.2
- OS Security Vulnerability Privileges 27.6.5.11
- Password History Access Report 27.6.5.6
- Privileges Distribution By Grantee, Owner, Privilege Report 27.6.4.3
- Privileges Distribution By Grantee, Owner Report 27.6.4.2
- Privileges Distribution By Grantee Report 27.6.4.1
- Roles/Accounts That Have a Given Role Report 27.6.5.8
- Security Policy Exemption Report 27.6.5.3
- WITH ADMIN Privilege Grants Report 27.6.5.1
- WITH GRANT Privileges Report 27.6.5.7
- solution for lockouts B.1
- suggested 14.3
- Database Account Status Report 27.6.7.2
- Database Accounts With Catalog Roles Report 27.6.5.9
- database administrative operations 13
- database domains, Database_Domain default factor 8.2
- database objects 14.1
- See also: objects
- database options, installing B.1
- database roles
- about 14.2.1
- counting privileges of 27.6.4.1
- default Oracle Database Vault 14.2.1
- DV_ACCTMGR
- about 14.2.15
- DV_ADMIN 14.2.5
- DV_AUDIT_CLEANUP 14.2.8
- DV_DATAPUMP_NETWORK_LINK 14.2.9
- DV_GOLDENGATE_ADMIN 14.2.12
- DV_GOLDENGATE_REDO_ACCESS 14.2.13
- DV_MONITOR 14.2.6
- DV_OWNER 14.2.4
- DV_PATCH_ADMIN 14.2.14
- DV_POLICY_OWNER 14.2.18
- DV_PUBLIC 14.2.19
- DV_REALM_OWNER 14.2.16
- DV_REALM_RESOURCE 14.2.17
- DV_SECANALYST 14.2.7
- DV_STREAMS_ADMIN 14.2.10
- DV_XSTREAM_ADMIN 14.2.11
- enabled, determining with ROLE_IS_ENABLED 18.2.7
- granting Database Vault roles to users 14.2.3
- monitoring 26.1
- Oracle Database Vault, default 14.2.1
- reports
- Accounts With DBA Roles Report 27.6.5.2
- ALTER SYSTEM or ALTER SESSION Report 27.6.5.5
- AUDIT Privileges Report 27.6.5.10
- BECOME USER Report 27.6.5.4
- Database Accounts With Catalog Roles Report 27.6.5.9
- OS Security Vulnerability Privileges 27.6.5.11
- Privileges Distribution By Grantee Report 27.6.4.1
- Roles/Accounts That Have a Given Role Report 27.6.5.8
- Security Policy Exemption Report 27.6.5.3
- WITH ADMIN Privilege Grants Report 27.6.5.1
- separation of duty enforcement 2.3
- databases
- defined with factors 8.1
- domain, Domain default factor 8.2
- event monitoring E.1.1
- grouped schemas
- See realms 5.1.1
- host names, Database_Hostname default factor 8.2
- instance, retrieving information with functions 18.1
- instances
- IP addresses
- monitoring events E.1.1
- names
- parameters
- Security Related Database Parameters Report 27.6.6.1
- roles that do not exist 27.4.7
- schema creation, finding with DVF.F$IDENTIFICATION_TYPE 18.3.11
- schema creation, Identification_Type default factor 8.2
- user name, Session_User default factor 8.2
- database sessions 8.3.3.2
- Database Vault
- See: Oracle Database Vault
- Database Vault Account Management realm 5.2.2
- Database Vault command rule protections 7.1.1
- Database Vault realm protection 5.1.1
- Database Vault realm protections 5.1.1
- data definition language (DDL)
- statement
- controlling with command rules 7.1.1
- statement
- Data Definition Language (DDL) statements
- Data Dictionary realm
- data masking 13.11.2
- data manipulation language (DML)
- data masking
- data Oracle Database Vault recognizes
- See: factors
- DBA_DV_CODE view 25.3
- DBA_DV_COMMAND_RULE view 7.11, 25.4
- DBA_DV_DATAPUMP_AUTH view 25.5
- DBA_DV_DDL_AUTH view 25.6
- DBA_DV_DICTIONARY_ACCTS view 25.7
- DBA_DV_FACTOR_LINK 25.10
- DBA_DV_FACTOR_LINK view 25.10
- DBA_DV_FACTOR_TYPE view 25.9
- DBA_DV_FACTOR view 25.8
- DBA_DV_IDENTITY_MAP view 25.12
- DBA_DV_IDENTITY view 25.11
- DBA_DV_JOB_AUTH view 25.13
- DBA_DV_MAC_POLICY_FACTOR view 25.15
- DBA_DV_MAC_POLICY view 25.14
- DBA_DV_MAINTENANCE_AUTH view 25.16
- DBA_DV_ORADEBUG view 25.17
- DBA_DV_PATCH_ADMIN_AUDIT view 25.18
- DBA_DV_POLICY_LABEL view 25.20
- DBA_DV_POLICY_OBJECT view 25.21
- DBA_DV_POLICY_OWNER view 25.22
- DBA_DV_POLICY view 25.19
- DBA_DV_PROXY_AUTH view 25.23
- DBA_DV_PUB_PRIVS view 25.24
- DBA_DV_REALM_AUTH view 25.26
- DBA_DV_REALM_OBJECT view 25.27
- DBA_DV_REALM view 25.25
- DBA_DV_ROLE view 25.28
- DBA_DV_RULE_SET_RULE view 25.31
- DBA_DV_RULE_SET view 25.30
- DBA_DV_RULE view 25.29
- DBA_DV_SIMULATION_LOG view 25.33
- DBA_DV_STATUS view 25.32
- DBA_DV_TTS_AUTH view 25.34
- DBA_DV_USER_PRIVS_ALL view 25.36
- DBA_DV_USER_PRIVS view 25.35
- DBA_USERS_WITH_DEFPWD data dictionary view
- access to in Oracle Database Vault 2.4
- DBA role
- impact of Oracle Database Vault installation 2.4
- DBMS_FILE_TRANSFER package, guidelines on managing D.6.2.1
- DBMS_MACADM.ADD_AUTH_TO_REALM procedure 15.1
- DBMS_MACADM.ADD_CMD_RULE_TO_POLICY procedure 23.1, 23.5
- DBMS_MACADM.ADD_FACTOR_LINK procedure 18.1.1
- DBMS_MACADM.ADD_NLS_DATA
- procedure C.2
- DBMS_MACADM.ADD_NLS_DATA procedure 22.1.1
- DBMS_MACADM.ADD_OBJECT_TO_REALM procedure 15.2
- DBMS_MACADM.ADD_OWNER_TO_POLICY procedure 23.2
- DBMS_MACADM.ADD_POLICY_FACTOR procedure 18.1.2
- DBMS_MACADM.ADD_REALM_TO_POLICY procedure 23.3
- DBMS_MACADM.ADD_RULE_TO_RULE_SET procedure 16.1.1
- DBMS_MACADM.AUTHORIZE_DATAPUMP_USER procedure 22.1.2, 22.1.9
- DBMS_MACADM.AUTHORIZE_DDL procedure 22.1.3
- DBMS_MACADM.AUTHORIZE_DIAGNOSTIC_ADMIN procedure 22.1.4
- DBMS_MACADM.AUTHORIZE_PROXY_USER procedure 22.1.6
- DBMS_MACADM.AUTHORIZE_SCHEDULER_USER procedure 22.1.7
- DBMS_MACADM.AUTHORIZE_TTS_USER procedure 22.1.8
- DBMS_MACADM.CHANGE_IDENTITY_FACTOR procedure 18.1.3
- DBMS_MACADM.CHANGE_IDENTITY_VALUE procedure 18.1.4
- DBMS_MACADM.CREATE_COMMAND_RULE procedure 17.1
- DBMS_MACADM.CREATE_CONNECT_COMMAND_RULE procedure 17.2
- DBMS_MACADM.CREATE_DOMAIN_IDENTITY procedure 18.1.5
- DBMS_MACADM.CREATE_FACTOR_TYPE procedure 18.1.7
- DBMS_MACADM.CREATE_FACTOR procedure 18.1.6
- DBMS_MACADM.CREATE_IDENTITY_MAP procedure 18.1.9
- DBMS_MACADM.CREATE_IDENTITY procedure 18.1.8
- DBMS_MACADM.CREATE_MAC_POLICY procedure 20.1
- DBMS_MACADM.CREATE_POLICY_LABEL procedure 20.2
- DBMS_MACADM.CREATE_POLICY procedure 23.4
- DBMS_MACADM.CREATE_REALM procedure 15.3
- DBMS_MACADM.CREATE_ROLE procedure 19.1.1
- DBMS_MACADM.CREATE_RULE_SET procedure 16.1.3
- DBMS_MACADM.CREATE_RULE procedure 16.1.2
- DBMS_MACADM.CREATE_SESSION_EVENT_CMD_RULE procedure 17.3
- DBMS_MACADM.CREATE_SYSTEM_EVENT_CMD_RULE procedure 17.4
- DBMS_MACADM.DELETE_AUTH_FROM_REALM procedure 15.4
- DBMS_MACADM.DELETE_COMMAND_RULE procedure 17.5
- DBMS_MACADM.DELETE_CONNECT_COMMAND_RULE procedure 17.6
- DBMS_MACADM.DELETE_FACTOR_LINK procedure 18.1.11
- DBMS_MACADM.DELETE_FACTOR_TYPE procedure 18.1.12
- DBMS_MACADM.DELETE_FACTOR procedure 18.1.10
- DBMS_MACADM.DELETE_IDENTITY_MAP procedure 18.1.14
- DBMS_MACADM.DELETE_IDENTITY procedure 18.1.13
- DBMS_MACADM.DELETE_MAC_POLICY_CASCADE procedure 20.3
- DBMS_MACADM.DELETE_OBJECT_FROM_REALM procedure 15.5
- DBMS_MACADM.DELETE_OWNER_FROM_POLICY procedure 23.6
- DBMS_MACADM.DELETE_POLICY_FACTOR procedure 20.4
- DBMS_MACADM.DELETE_POLICY_LABEL procedure 20.5
- DBMS_MACADM.DELETE_REALM_CASCADE procedure 15.7
- DBMS_MACADM.DELETE_REALM_FROM_POLICY procedure 23.7
- DBMS_MACADM.DELETE_REALM procedure 15.6
- DBMS_MACADM.DELETE_ROLE procedure 19.1.2
- DBMS_MACADM.DELETE_RULE_FROM_RULE_SET procedure 16.1.5
- DBMS_MACADM.DELETE_RULE_SET procedure 16.1.6
- DBMS_MACADM.DELETE_RULE procedure 16.1.4
- DBMS_MACADM.DELETE_SESSION_EVENT_CMD_RULE procedure 17.7
- DBMS_MACADM.DELETE_SYSTEM_EVENT_CMD_RULE procedure 17.8
- DBMS_MACADM.DISABLE_DV_DICTIONARY_ACCTS procedure 22.1.17
- DBMS_MACADM.DISABLE_DV_PATCH_ADMIN_AUDIT procedure 22.1.18
- DBMS_MACADM.DISABLE_DV procedure 22.1.16
- DBMS_MACADM.DISABLE_ORADEBUG procedure 22.1.19
- DBMS_MACADM.DROP_DOMAIN_IDENTITY procedure 18.1.15
- DBMS_MACADM.DROP_POLICY procedure 23.8
- DBMS_MACADM.ENABLE_DV_DICTIONARY_ACCTS procedure 22.1.22
- DBMS_MACADM.ENABLE_DV procedure
- DBMS_MACADM.ENABLE_ORADEBUG procedure 22.1.23
- DBMS_MACADM.ENSABLE_DV_PATCH_ADMIN_AUDIT procedure 22.1.21
- DBMS_MACADM.GET_INSTANCE_INFO function 18.1.17
- DBMS_MACADM.GET_SESSION_INFO function 18.1.16
- DBMS_MACADM.RENAME_FACTOR_TYPE procedure 18.1.19
- DBMS_MACADM.RENAME_FACTOR procedure 18.1.18
- DBMS_MACADM.RENAME_POLICY procedure 23.9
- DBMS_MACADM.RENAME_REALM procedure 15.8
- DBMS_MACADM.RENAME_ROLE procedure 19.1.3
- DBMS_MACADM.RENAME_RULE_SET procedure 16.1.8
- DBMS_MACADM.RENAME_RULE procedure 16.1.7
- DBMS_MACADM.UNAUTHORIZE_DDL procedure 22.1.10
- DBMS_MACADM.UNAUTHORIZE_DIAGNOSTIC_ADMIN procedure 22.1.11
- DBMS_MACADM.UNAUTHORIZE_PROXY_USER procedure 22.1.13
- DBMS_MACADM.UNAUTHORIZE_SCHEDULER_USER procedure 22.1.14
- DBMS_MACADM.UNAUTHORIZE_TTS_USER procedure 22.1.15
- DBMS_MACADM.UPDATE_COMMAND_RULE procedure 17.9
- DBMS_MACADM.UPDATE_CONNECT_COMMAND_RULE procedure 17.10
- DBMS_MACADM.UPDATE_FACTOR_TYPE procedure 18.1.21
- DBMS_MACADM.UPDATE_FACTOR procedure 18.1.20
- DBMS_MACADM.UPDATE_IDENTITY procedure 18.1.22
- DBMS_MACADM.UPDATE_MAC_POLICY procedure 20.6
- DBMS_MACADM.UPDATE_POLICY_DESCRIPTION procedure 23.10
- DBMS_MACADM.UPDATE_POLICY_STATE procedure 23.11
- DBMS_MACADM.UPDATE_REALM_AUTH procedure 15.10
- DBMS_MACADM.UPDATE_REALM procedure 15.9
- DBMS_MACADM.UPDATE_ROLE procedure 19.1.4
- DBMS_MACADM.UPDATE_RULE_SET procedure 16.1.10
- DBMS_MACADM.UPDATE_RULE procedure 16.1.9
- DBMS_MACADM.UPDATE_SESSION_EVENT_CMD_RULE procedure 17.11
- DBMS_MACADM.UPDATE_SYSTEM_EVENT_CMD_RULE procedure 17.12
- DBMS_MACADM package
- DBMS_MACADM PL/SQL package contents 24.1
- DBMS_MACSEC_ROLES.CAN_SET_ROLE function 19.2.1
- DBMS_MACSEC_ROLES.SET_ROLE procedure 19.2.2
- DBMS_MACSEC_ROLES package
- DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED procedure 21.2.1
- DBMS_MACUTL.GET_CODE_VALUE function 21.2.2
- DBMS_MACUTL.GET_DAY function 21.2.6
- DBMS_MACUTL.GET_HOUR function 21.2.5
- DBMS_MACUTL.GET_MINUTE function 21.2.4
- DBMS_MACUTL.GET_MONTH function 21.2.7
- DBMS_MACUTL.GET_SECOND function 21.2.3
- DBMS_MACUTL.GET_YEAR function 21.2.8
- DBMS_MACUTL.IS_ALPHA function 21.2.9
- DBMS_MACUTL.IS_DIGIT function 21.2.10
- DBMS_MACUTL.IS_DVSYS_OWNER function 21.2.11
- DBMS_MACUTL.IS_OLS_INSTALLED_VARCHAR function 21.2.13
- DBMS_MACUTL.IS_OLS_INSTALLED function 21.2.12
- DBMS_MACUTL.ROLE_GRANTED_ENABLED_VARCHAR function 21.2.18
- DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function 21.2.14
- DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function 21.2.16
- DBMS_MACUTL.USER_HAS_ROLE function 21.2.15
- DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function 21.2.17
- DBMS_MACUTL package
- DBMS_MACUTL PL/SQL package contents 24.3
- DBMS_PRIVILEGE_CAPTURE PL/SQL package 4.2.1
- DBSNMP schema realm protection 5.2.3
- DBSNMP user account
- DDL operations
- deinstallation B
- deinstalling Oracle Database Vault C.3
- DELETE_CATALOG_ROLE role 27.6.5.9
- deleting event command rules 17.7
- Denial of Service (DoS) attacks
- diagnostic view and table queries
- Direct and Indirect System Privileges By Database Account Report 27.6.2.2
- Direct Object Privileges Report 27.6.1.3
- direct system privileges 27.6.2.3
- Direct System Privileges By Database Account Report 27.6.2.1
- disabling system features with Disabled default rule set 6.4
- domains
- DROP ROLE statement
- monitoring 26.1
- DROP USER statement
- monitoring 26.1
- dual key connection, dual key security
- See: two-person integrity (TPI)
- DV_ACCTMGR role E.4.2
- DV_ADMIN role
- DV_AUDIT_CLEANUP role
- DV_DATAPUMP_NETWORK_LINK role
- DV_GOLDENDATE_REDO role
- privileges associated with 14.2.13
- DV_GOLDENDGATE_ADMIN role
- Database Vault disabled 14.2.12
- DV_GOLDENGATE_ADMIN role 14.2.12
- DV_GOLDENGATE_REDO_ACCESS role 14.2.13
- DV_MONITOR role
- DV_OWNER role E.4.1
- DV_PATCH_ADMIN role 14.2.14
- DV_POLICY_OWNER role
- DV_PUBLIC role 14.2.19
- system privileges of 14.2.2
- DV_REALM_OWNER role 14.2.16
- DV_REALM_RESOURCE role 14.2.17
- DV_SECANALYST role
- DV_STREAMS_ADMIN role 14.2.10
- DV_XSTREAM_ADMIN role 14.2.11
- DVF account
- DVF PL/SQL interface contents 24.5
- DVF schema 18.3
- DVSYS.DBA_DV_FACTOR_LINK view 25.10
- DVSYS.DV$CONFIGURATION_AUDIT view 25.37
- DVSYS.DV$ENFORCEMENT_AUDIT view 25.38
- DVSYS.DV$REALM view 25.39
- DVSYS.POLICY_OWNER_POLICY view 25.41
- DVSYS.POLICY_OWNER_REALM_AUTH view 25.43
- DVSYS.POLICY_OWNER_REALM_OBJECT view 25.44
- DVSYS.POLICY_OWNER_REALM view 25.42
- DVSYS.POLICY_OWNER_RULE_SET_RULE view 25.47
- DVSYS.POLICY_OWNER_RULE_SET view 25.46
- DVSYS.POLICY_OWNER_RULE view 25.45
- DVSYS account 14.3
- DVSYS schema
E
- email alert in rule set 6.10.1
- enabling system features with Enabled default rule set 6.4
- encrypted information 27.6.9.5
- enterprise identities, Enterprise_Identity default factor 8.2
- Enterprise Manager
- See: Oracle Enterprise Manager
- enterprise user security
- configuring Database Vault accounts for 12.1.3
- errors
- factor error options 8.3.4.2
- event handler
- rule sets 6.5
- example 7.1.3.2
- examples 8.6.3
- See also: tutorials
- EXECUTE_CATALOG_ROLE role 27.6.5.9
- impact of Oracle Database Vault installation 2.4
- Execute Privileges to Strong SYS Packages Report 27.6.3.1
- EXEMPT ACCESS POLICY system privilege 27.6.5.3
- exporting data
- See: Oracle Data Pump
- external network services, fine-grained access to
- example using email alert 6.10.1
F
- Factor Audit Report 27.5.3
- Factor Configuration Issues Report 27.4.4
- factors 8.3.4.1
- See also: rule sets
- about 8.1
- assignment 8.3.3.7
- assignment operation 27.5.3
- audit events, custom A.3.1
- audit options 8.3.4.3
- child factors
- creating 8.3.1
- creating names 8.3.2
- data dictionary views 8.11
- DBA_DV_FACTOR view 25.8
- DBA_DV_SIMULATION_LOG view 25.33
- DBMS_MACUTL constants, example of 21.1.4
- default factors 8.2
- deleting 8.5
- domain, finding with DVF.F$DOMAIN 18.3.9
- error options 8.3.4.2
- evaluate 8.3.3.3
- evaluation operation 27.5.3
- factor-identity pair mapping 8.4.6.2
- factor type
- functionality 8.6
- functions
- guidelines 8.9
- identifying using child factors 8.4.6.1
- identities
- about 8.3.3.2, 8.4.1
- adding to factor 8.4
- assigning 8.3.3.3
- configuring 8.4.4
- creating 8.4.4
- database session 8.3.3.2
- data dictionary views 8.11
- deleting 8.4.5
- enterprise-wide users 18.3.9
- how factor identities work 8.3.3.2
- labels 8.3.3.4
- mapping, about 8.4.6.1
- mapping, identified 8.3.3.1
- mapping, procedure 8.4.6.2
- mapping, tutorial 8.8.1
- Oracle Label Security labels 8.3.3.4
- reports 8.11
- resolving 8.3.3.1
- retrieval methods 8.3.3.5
- setting dynamically 18.2.2
- trust levels 8.3.3.2, 8.4.4
- with Oracle Label Security 8.3.3.2
- initialization, command rules 7.1.1
- invalid audit options 27.4.4
- label 27.4.4
- naming conventions 8.3.2
- Oracle Virtual Private Database, attaching factors to 12.3
- parent factors 8.3.3.1
- performance effect 8.10
- procedures
- DBMS_MACADM (configuration) 18.1
- process flow 8.6
- reports 8.11
- retrieving 8.6.2
- retrieving with GET_FACTOR 18.2.3
- rule sets
- selecting 8.3.4.1
- setting 8.6.3
- setting with SET_FACTOR 18.2.2
- troubleshooting
- type (category of factor) 8.3.2
- validating 8.3.3.7
- values (identities) 8.1
- views
- ways to assign 8.3.3.2
- Factor Without Identities Report 27.4.5
- FLASHBACK TABLE SQL statement 5.1.1
- functions
G
- general security reports 27.6
- GRANT statement
- monitoring 26.1
- guidelines
- ALTER SESSION privilege D.6.6.1
- ALTER SYSTEM privilege D.6.6.1
- backup DV_OWNER and DV_ACCTMGR accounts 14.4
- command rules 7.9
- CREATE ANY JOB privilege D.6.3
- CREATE EXTERNAL JOB privilege D.6.4
- CREATE JOB privilege D.6.3
- DBMS_FILE_TRANSFER package D.6.2.1
- factors 8.9
- general security D
- LogMiner packages D.6.5
- managing DV_OWNER and DV_ACCTMGR accounts 14.3
- operating system access D.2.4
- Oracle software owner D.4.2
- performance effect 8.10
- realms 5.14
- root access D.2.4
- root user access D.4.1
- rule sets 6.12
- secure application roles 9.4
- SYSDBA access D.4.3
- SYSDBA privilege, limiting D.2.3
- SYSOPER access D.4.4
- SYSTEM schema and application tables D.2.2
- SYSTEM user account D.2.1
- trusted accounts and roles D.3
- using Database Vault in a production environment D.5
- UTL_FILE package D.6.2.1
I
- identities
- See: factors, identities
- Identity Configuration Issues Report 27.4.6
- IDLE_TIME resource profile 27.6.6.2
- IMP_FULL_DATABASE role
- impact of Oracle Database Vault installation 2.4
- importing data
- See: Oracle Data Pump
- incomplete rule set 27.4.4
- role enablement 27.4.7
- Information Lifecycle Management 5.1.1
- initialization parameters
- insider threats
- See: intruders
- installations
- intruders
- See: security attacks
- compromising privileged accounts 1.5
- IP addresses
L
- labels 8.4.3
- See also: Oracle Label Security
- about 8.4.3
- Label Security Integration Audit Report 27.5.4
- languages
- LBACSYS account 14.3
- See also: Oracle Label Security
- LBACSYS schema
- locked out accounts, solution for B.1
- log files
- Database Vault log files A.3.2
- logging on
- reports, Core Database Audit Report 27.6.8
- LogMiner packages
- guidelines D.6.5
M
- managing user accounts and profiles
- Can Maintain Accounts/Profiles default rule set 6.4
- managing user accounts and profiles on own account, Can Maintain Own Accounts default rule set 6.4
- mandatory realms
- about 5.1.2
- mapping identities 8.4.6.2
- MDDATA schema realm protection 5.2.4
- MDSYS schema realm protection 5.2.4
- monitoring
- activities 26
- multitenant container databases
- See: CDBs
O
- Object Access By PUBLIC Report 27.6.1.1
- Object Access Not By PUBLIC Report 27.6.1.2
- Object Dependencies Report 27.6.1.4
- object owners
- object privilege reports 27.6.1
- objects 25.27
- See also: database objects
- command rule objects
- dynamic SQL use 27.6.9.3
- mandatory realms 5.1.2
- monitoring 26.1
- object names
- finding with DV_DICT_OBJ_NAME 16.2.7
- object owners
- finding with DV_DICT_OBJ_OWNER 16.2.6
- realms
- reports
- Access to Sensitive Objects Report 27.6.3.2
- Accounts with SYSDBA/SYSOPER Privilege Report 27.6.3.4
- Direct Object Privileges Report 27.6.1.3
- Execute Privileges to Strong SYS Packages Report 27.6.3.1
- Non-Owner Object Trigger Report 27.6.9.7
- Object Access By PUBLIC Report 27.6.1.1
- Object Access Not By PUBLIC Report 27.6.1.2
- Object Dependencies Report 27.6.1.4
- Objects Dependent on Dynamic SQL Report 27.6.9.3
- OS Directory Objects Report 27.6.9.2
- privilege 27.6.1
- Public Execute Privilege To SYS PL/SQL Procedures Report 27.6.3.3
- sensitive 27.6.3
- System Privileges By Privilege Report 27.6.2.5
- restricting user access to using mandatory realms 5.1.2
- types
- finding with DV_DICT_OBJ_TYPE 16.2.5
- views, DBA_DV_REALM_OBJECT 25.27
- Objects Dependent on Dynamic SQL Report 27.6.9.3
- object types
- supported for Database Vault realm protection 5.1.4
- OEM
- See: Oracle Enterprise Manager (OEM)
- OEM_MONITOR schema realm protection 5.2.3
- OLS
- See: Oracle Label Security
- operating system access
- guideline for using with Database Vault D.2.4
- operating systems
- ORA$DEPENDENCY profile 4.1.2
- ORA-00942 error 9.7.7
- ORA-01301 error 13.11.1
- ORA-06512 error 6.10.4, 21.2.1
- ORA-24247 error 6.10.4
- ORA-47305 error 9.7.7
- ORA-47400 error 6.10.6, 13.11.1
- ORA-47401 error 5.10.2.1, 13.11.1
- ORA-47408 error 13.11.1
- ORA-47409 error 13.11.1
- ORA-47500 error 22.2
- ORA-47503 error 3.2.4
- ORA-47920 error 21.2.1
- Oracle Database Vault
- about 1.1.1
- components 1.3, 1.3.1
- deinstalling C.3
- disabling
- enabling
- procedures for B
- integrating with other Oracle products 12
- Oracle Database installation, affect on 2
- post-installation procedures C
- privileges to use 1.2
- registering
- using DBCA 3.2.1
- reinstalling C.4
- roles
- system privileges of 14.2.2
- Oracle Database Vault Administrator (DVA)
- logging on from Oracle Enterprise Manager Cloud Control 3.3
- Oracle Database Vault Administrator pages 1.3.2
- Oracle Database Vault policies
- Oracle Database Vault realm 5.2.1
- Oracle Database Vault registration
- Oracle Data Guard
- Oracle Data Pump
- archiving the Oracle Database Vault audit trail with A.4.2
- authorizing transportable tablespace operations for Database Vault 13.3.3.3
- DBA_DV_DATAPUMP_AUTH view 25.5
- DBA_DV_TTS_AUTH view 25.34
- DBMS_MACADM.AUTHORIZE_TTS_USER 22.1.8
- DBMS_MACADM.UNAUTHORIZE_TTS_USER 22.1.15
- granting authorization to use with Database Vault 13.3.2.3
- guidelines before performing an export or import 13.3.4
- levels of authorization required
- MACADM procedures for authorization 22.1.2
- realm protection 5.2.5
- revoking standard authorization 13.3.2.4
- revoking transportable tablespace authorization 13.3.3.4
- using with Oracle Database Vault 13.3.1
- Oracle Default Component Protection Realm 5.2.6
- Oracle Default Schema Protection Realm 5.2.4
- Oracle Enterprise Manager
- Oracle Enterprise Manager Cloud Control
- Oracle Enterprise Manager realm 5.2.3
- Oracle Enterprise User Security, integrating with Oracle Database Vault 12.1
- Oracle Flashback Technology 5.1.1, 7.1.1
- Oracle GoldenGate
- Oracle Internet Directory, registering with DBCA 12.6
- Oracle Internet Directory Distinguished Name, Proxy_Enterprise_Identity default factor 8.2
- Oracle Label Security
- using OLS_LABEL_DOMINATES function in rule expressions 16.1.2
- Oracle Label Security (OLS) 14.3
- See also: LBACSYS account
- audit events, custom A.3.1
- checking if installed using DBMS_MACUTL functions 21.2
- data dictionary views 12.4.5
- functions
- DBMS_MACUTL (utility) 21.1.1
- how Database Vault integrates with 12.4.1
- initialization, command rules 7.1.1
- integration with Oracle Database Vault
- labels
- policies
- procedures
- DBMS_MACADM (configuration) 20
- reports 12.4.5
- views
- Oracle OLAP realm protection 5.2.4
- Oracle Real Application Clusters
- Oracle Recovery Manager (RMAN)
- in an Oracle Database Vault environment 13.7
- Oracle Scheduler
- Oracle software owner, guidelines on managing D.4.2
- Oracle Spatial realm protection 5.2.4
- Oracle Streams
- Database Vault role used for 14.2.10
- Oracle System Privilege and Role Management Realm 5.2.5
- Oracle Text realm protection 5.2.4
- Oracle Virtual Private Database (VPD)
- ORADEBUG utility
- OS_ROLES initialization parameter 2.1
- OS Directory Objects Report 27.6.9.2
- OS Security Vulnerability Privileges Report 27.6.5.11
- OUTlN schema realm protection 5.2.6
P
- parameters
- parent factors
- See: factors
- Password History Access Report 27.6.5.6
- passwords
- patches
- patch operations in Database Vault environment 13.14
- PDBs
- performance effect
- performance tools
- Automatic Workload Repository (AWR)
- Oracle Enterprise Manager
- Oracle Enterprise Manager Cloud Control
- TKPROF utility
- PL/SQL
- PL/SQL factor functions 18.3
- pluggable databases
- See: PDBs
- policies
- See: Oracle Database Vault policies
- POLICY_OWNER_COMMAND_RULE view 25.40
- policy changes, monitoring 26.1
- post-installation procedures C
- preprocessor programs
- privilege analysis
- about 4.1.1
- accessing reports in Cloud Control 4.2.7.3
- benefits 4.1.5
- CDBs 4.1.6
- creating
- creating role in Cloud Control 4.3.1
- data dictionary views 4.6
- DBMS_PRIVILEGE_CAPTURE PL/SQL package 4.2.1
- disabling
- dropping
- enabling
- examples of creating and enabling 4.2.4.1
- general steps for managing 4.2.2
- generating regrant scripts 4.3.3.3
- generating reports
- generating revoke scripts 4.3.3.2
- logon users 4.1.4
- pre-compiled database objects 4.1.2
- privilege uses captured 4.1.4
- requirements for using 4.1.3
- restrictions 4.1.4
- revoking and re-granting in Cloud Control 4.3.2
- revoking and regranting using scripts 4.3.3.1
- tutorial 4.5
- tutorial for ANY privileges 4.4
- use cases 4.1.5
- privileges
- checking with DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function 21.2
- existing users and roles, Database Vault affect on 2.4
- least privilege principle
- violations to 27.6.9.1
- monitoring
- Oracle Database Vault restricting 2.2
- prevented from existing users and roles 2.5
- reports
- Accounts With DBA Roles Report 27.6.5.2
- ALTER SYSTEM or ALTER SESSION Report 27.6.5.5
- ANY System Privileges for Database Accounts Report 27.6.2.4
- AUDIT Privileges Report 27.6.5.10
- Database Accounts With Catalog Roles Report 27.6.5.9
- Direct and Indirect System Privileges By Database Account Report 27.6.2.2
- Direct System Privileges By Database Account Report 27.6.2.1
- Hierarchical System Privileges By Database Account Report 27.6.2.3
- listed 27.6.4
- OS Directory Objects Report 27.6.9.2
- Privileges Distribution By Grantee, Owner, Privilege Report 27.6.4.3
- Privileges Distribution By Grantee, Owner Report 27.6.4.2
- Privileges Distribution By Grantee Report 27.6.4.1
- WITH GRANT Privileges Report 27.6.5.7
- restricting access using mandatory realms 5.1.2
- roles
- checking with DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function 21.2
- system
- checking with DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function 21.2
- views
- Privileges Distribution By Grantee, Owner, Privilege Report 27.6.4.3
- Privileges Distribution By Grantee, Owner Report 27.6.4.2
- Privileges Distribution By Grantee Report 27.6.4.1
- privileges using external password 27.6.3.4
- problems, diagnosing E.1.1
- procedures
- production environments
- guidelines for securing D.5
- profiles 27.6.6
- proxy user authorization
- PUBLIC access to realms 5.9
- Public Execute Privilege To SYS PL/SQL Procedures Report 27.6.3.3
- PUBLIC user account
- impact of Oracle Database Vault installation 2.4
R
- Realm Audit Report 27.5.1
- Realm Authorization Configuration Issues Report 27.4.3
- realm authorizations:multitenant environment 5.5
- realms 5.3
- See also: rule sets
- about 5.1.1
- adding roles to as grantees 5.14
- audit events, custom A.3.1
- authentication-related procedures 15.1
- authorization
- authorizations
- authorizations in multitenant environment 5.6
- creating 5.3
- creating names 5.3
- Database Vault Account Management realm 5.2.2
- data dictionary views 5.16
- data masking 13.11.3
- DBMS_MACUTL constants, example of 21.1.2
- default realms
- listed 5.2
- deleting 5.8
- disabling 5.7
- DV_REALM_OWNER role 14.2.16
- DV_REALM_RESOURCE role 14.2.17
- effect on other Oracle Database Vault components 5.13
- enabling 5.7
- enabling access to realm-protected objects 5.11
- example 5.12
- functions
- guidelines 5.14
- how realms work 5.9
- mandatory realms 5.1.2
- multitenant environment
- about 5.1.3
- naming conventions 5.3
- object-related procedures 15.2
- object types, supported 5.1.4
- Oracle Database Vault realm 5.2.1
- Oracle Default Component Protection Realm 5.2.6
- Oracle Default Schema Protection Realm 5.2.4
- Oracle Enterprise Manager realm 5.2.3
- Oracle System Privilege and Role Management Realm 5.2.5
- performance effect 5.15
- procedures
- DBMS_MACADM (configuration) 15
- process flow 5.9
- propagating configuration to other databases 13.2.1
- protection after object is dropped 5.14
- PUBLIC access 5.9
- realm authorizations
- about 5.5
- realm secured objects
- realm-secured objects 5.4
- reports 5.16
- roles
- secured object 27.4.3
- simulation mode 11.1
- territory a realm protects 5.4
- troubleshooting E.2, E.3
- tutorial 3.4.1
- views
- DBA_DV_CODE 25.3
- DBA_DV_MAINTENANCE_AUTH 25.16
- DBA_DV_POLICY 25.19
- DBA_DV_POLICY_OBJECT 25.21
- DBA_DV_POLICY_OWNER 25.22
- DBA_DV_REALM 25.25
- DBA_DV_REALM_OBJECT 25.27
- DBS_DV_REALM_AUTH 25.26
- DVSYS.POLICY_OWNER_COMMAND_RULE 25.40
- DVSYS.POLICY_OWNER_POLICY 25.41
- DVSYS.POLICY_OWNER_REALM 25.42
- DVSYS.POLICY_OWNER_REALM_AUTH 25.43
- DVSYS.POLICY_OWNER_REALM_OBJECT 25.44
- DVSYS.POLICY_OWNER_RULE 25.45
- DVSYS.POLICY_OWNER_RULE_SET 25.46
- DVSYS.POLICY_OWNER_RULE_SET_RULE 25.47
- recovering lost password E.4.1, E.4.2
- RECOVERY_CATALOG_OWNER role 27.6.5.9
- RECYCLEBIN initialization parameter
- default setting in Oracle Database Vault 2.1
- registering Oracle Database Vault 3.2.1
- reinstalling Oracle Database Vault C.4
- REMOTE_LOGIN_PASSWORDFILE initialization parameter 2.1
- reports
- about 27.1
- Access to Sensitive Objects Report 27.6.3.2
- Accounts With DBA Roles Report 27.6.5.2
- Accounts with SYSDBA/SYSOPER Privilege Report 27.6.3.4
- ALTER SYSTEM or ALTER SESSION Report 27.6.5.5
- ANY System Privileges for Database Accounts Report 27.6.2.4
- auditing 27.5
- AUDIT Privileges Report 27.6.5.10
- BECOME USER Report 27.6.5.4
- categories of 27.1
- Command Rule Audit Report 27.5.2
- Command Rule Configuration Issues Report 27.4.1
- Core Database Audit Report 27.6.8
- Core Database Vault Audit Trail Report 27.5.5
- Database Account Default Password Report 27.6.7.1
- Database Account Status Report 27.6.7.2
- Database Accounts With Catalog Roles Report 27.6.5.9
- Direct and Indirect System Privileges By Database Account Report 27.6.2.2
- Direct Object Privileges Report 27.6.1.3
- Direct System Privileges By Database Account Report 27.6.2.1
- Enterprise Manager Cloud Control 13.2.3
- Execute Privileges to Strong SYS Packages Report 27.6.3.1
- Factor Audit Report 27.5.3
- Factor Configuration Issues Report 27.4.4
- Factor Without Identities 27.4.5
- general security 27.6
- Hierarchical System Privileges by Database Account Report 27.6.2.3
- Identity Configuration Issues Report 27.4.6
- Java Policy Grants Report 27.6.9.1
- Label Security Integration Audit Report 27.5.4
- Non-Owner Object Trigger Report 27.6.9.7
- Object Access By PUBLIC Report 27.6.1.1
- Object Access Not By PUBLIC Report 27.6.1.2
- Object Dependencies Report 27.6.1.4
- Objects Dependent on Dynamic SQL Report 27.6.9.3
- OS Directory Objects Report 27.6.9.2
- OS Security Vulnerability Privileges 27.6.5.11
- Password History Access Report 27.6.5.6
- permissions for running 27.2
- privilege management 27.6.4
- Privileges Distribution By Grantee, Owner, Privilege Report 27.6.4.3
- Privileges Distribution By Grantee, Owner Report 27.6.4.2
- Privileges Distribution By Grantee Report 27.6.4.1
- Public Execute Privilege To SYS PL/SQL Procedures Report 27.6.3.3
- Realm Audit Report 27.5.1
- Realm Authorization Configuration Issues Report 27.4.3
- Resource Profiles Report 27.6.6.2
- Roles/Accounts That Have a Given Role Report 27.6.5.8
- Rule Set Configuration Issues Report 27.4.2
- running 27.3
- Secure Application Configuration Issues Report 27.4.7
- Secure Application Role Audit Report 27.5.6
- Security Policy Exemption Report 27.6.5.3
- Security Related Database Parameters 27.6.6.1
- security vulnerability 27.6.9
- System Privileges By Privilege Report 27.6.2.5
- System Resource Limits Report 27.6.6.3
- Tablespace Quotas Report 27.6.9.6
- Unwrapped PL/SQL Package Bodies Report 27.6.9.4
- Username /Password Tables Report 27.6.9.5
- WITH ADMIN Privileges Grants Report 27.6.5.1
- WITH GRANT Privileges Report 27.6.5.7
- Resource Profiles Report 27.6.6.2
- resources
- REVOKE statement
- monitoring 26.1
- roles 9.1
- See also: secure application roles
- Roles/Accounts That Have a Given Role Report 27.6.5.8
- root access
- rules 6.6.1
- See also: rule sets
- about 6.6.1
- creating 6.6.3
- creating names 6.6.3
- data dictionary views 6.14
- default 6.6.2
- default, no longer supported 6.3
- deleting 6.6.5
- deleting from rule set 6.6.5
- existing rules, adding to rule set 6.6.4
- naming conventions 6.6.3
- nested within a rule set 6.9.2
- removing from rule set 6.6.5
- reports 6.14
- troubleshooting E.2
- views
- Rule Set Configuration Issues Report 27.4.2
- rule sets 6.1
- See also: command rules, factors, realms, rules, secure application roles
- about 6.1
- adding existing rules 6.6.4
- auditing
- intruders
- using rule sets 6.5
- intruders
- audit options 6.5
- command rules
- creating 6.5
- rules in 6.6.3
- creating names 6.5
- data dictionary views 6.14
- DBMS_MACUTL constants, example of 21.1.3
- default, no longer supported 6.3
- default rules 6.6.2
- default rule sets 6.4
- deleting 6.8
- rules from 6.6.5
- disabled for
- evaluation of rules 6.6.1
- event handlers 6.5
- events firing, finding with DV_SYSEVENT 16.2.1
- factors, selecting for 8.3.4.1
- fail code 6.5
- fail message 6.5
- functions
- guidelines 6.12
- how rule sets work 6.9.1
- incomplete 27.4.1
- multitenant environment
- about 6.2
- naming conventions 6.5
- nested rules 6.9.2
- performance effect 6.13
- procedures
- DBMS_MACADM (configuration) 16.1
- process flow 6.9.1
- propagating configuration to other databases 13.2.1
- removing references to objects 6.7
- reports 6.14
- rule sets
- evaluation options 6.5
- rules that exclude one user 6.9.3
- security attacks
- tracking
- with rule set auditing 6.5
- tracking
- static evaluation 6.12
- troubleshooting E.2, E.3
- views
- rules sets
- audit event, custom A.3.1
S
- SCHEDULER_ADMIN role
- impact of Oracle Database Vault installation 2.4
- scheduling database jobs
- CREATE EXTERNAL JOB privilege security consideration D.6.4
- scheduling jobs
- See: Oracle Scheduler
- schemas
- Secure Application Configuration Issues Report 27.4.7
- secure application role 9.1
- Secure Application Role Audit Report 27.5.6
- secure application roles 9.1
- See also: roles, rule sets
- audit event, custom A.3.1
- creating 9.2
- data dictionary view 9.9
- DBMS_MACSEC_ROLES.SET_ROLE function 9.2
- deleting 9.5
- enabling Oracle Database roles to work with Oracle Database Vault 9.3
- functionality 9.6
- functions
- guidelines on managing 9.4
- performance effect 9.8
- procedure
- DBMS_MACADM (configuration) 19.1
- procedures and functions
- DBMS_MACUTL (utility) 21.2
- propagating configuration to other databases 13.2.1
- reports 9.9
- Rule Set Configuration Issues Report 27.4.2
- troubleshooting E.3
- troubleshooting with auditing report 27.5.6
- tutorial 9.7.1
- views
- DBA_DV_ROLE 25.28
- security attacks
- Denial of Service (DoS) attacks
- finding system resource limits 27.6.6.3
- Denial of Service attacks
- finding tablespace quotas 27.6.9.6
- eliminating audit trail 27.6.5.10
- monitoring security violations 26.1
- Oracle Database Vault addressing compromised privileged user accounts 1.5
- reports
- SQL injection attacks 27.6.9.3
- tracking
- with factor auditing 8.3.4.2
- Denial of Service (DoS) attacks
- security policies, Oracle Database Vault addressing 1.6
- Security Policy Exemption Report 27.6.5.3
- Security Related Database Parameters Report 27.6.6.1
- security violations
- monitoring attempts 26.1
- security vulnerabilities
- SELECT_CATALOG_ROLE role 27.6.5.9
- sensitive objects reports 27.6.3
- separation of duty concept
- about D.1.1
- command rules 7.2
- database accounts 14.3
- database accounts, suggested 14.3
- database roles 2.3
- Database Vault Account Manager role 14.3
- documenting tasks D.1.4
- example matrix D.1.3
- how Oracle Database Vault addresses 2.3
- realms 1.7
- restricting privileges 2.2
- roles 14.2.1
- tasks in Oracle Database Vault environment D.1.2
- session event command rule
- updating 17.11
- session event command rules
- sessions
- simulation mode
- SQL92_SECURITY initialization parameter 2.1
- SQL injection attacks, detecting with Object Dependent on Dynamic SQL Report 27.6.9.3
- SQL statements
- default command rules that protect 7.2
- SQL statements protected by 7.3
- SQL text, finding with DV_SQL_TEXT 16.2.8
- subfactors
- See: child factors under factors topic
- SYS_CONTEXT function
- Boolean expressions used in privilege analysis 4.2.3.3
- SYS.DV$CONFIGURATION_AUDIT view 25.48
- SYS.DV$ENFORCEMENT_AUDIT view 25.49
- SYS account
- privilege analysis 4.1.4
- SYSDBA access
- guidelines on managing D.4.3
- SYSDBA privilege
- limiting, importance of D.2.3
- SYSOPER access
- guidelines on managing D.4.4
- system event command rule
- updating 17.12
- system event command rules
- system features
- system privileges
- System Privileges By Privilege Report 27.6.2.5
- System Resource Limits Report 27.6.6.3
- system root access, guideline on managing D.4.1
- SYSTEM schema
- SYSTEM user account
- guidelines for using with Database Vault D.2.1
- SYS user, patch operations 13.14
- SYS user account
- adding to realm authorization 5.14
T
- tablespace quotas 27.6.9.6
- Tablespace Quotas Report 27.6.9.6
- time data
- DBMS_MACUTL functions 21.2
- trace files
- about E.1.1
- trace files, Oracle Database Vault
- about E.1.1
- activities that can be traced E.1.2
- ADRCI utility E.1.6.3
- directory location for trace files E.1.6.1
- disabling for all sessions E.1.10.2
- disabling for current session E.1.10.1
- enabling for all sessions E.1.5.2
- enabling for current session E.1.5.1
- examples
- finding trace file directory E.1.6.1
- levels of trace events E.1.3
- performance effect E.1.4
- querying
- traisimulationning mode
- tutorial 11.3
- Transparent Data Encryption, used with Oracle Database Vault 12.2
- transportable tablespaces
- triggers
- troubleshooting
- trusted users
- trust levels
- tutorials 8.6.3
- See also: examples
- access, granting with secure application roles 9.7.1
- ad hoc tool access, preventing 8.7.1
- configuring two-person integrity (TPI) 6.11.1
- Database Vault factors with Virtual Private Database and Oracle Label Security 12.4.4.1
- email alert in rule set 6.10.1
- factors, mapping identities 8.8.1
- Oracle Label Security integration with Oracle Database Vault 12.4.4.1
- privilege analysis 4.5
- privilege analysis for ANY privileges 4.4
- restricting access based on session data 8.8.1
- restricting user activities with command rules 7.8
- schema, protecting with a realm 3.4.1
- simulation mode 11.3
- two-man rule security
- See: two-person integrity (TPI)
- two-person integrity (TPI)
U
- UNAUTHORIZE_MAINTENANCE_USER procedure 22.1.12
- unified audit trail
- Unwrapped PL/SQL Package Bodies Report 27.6.9.4
- USER_HISTORY$ table 27.6.5.6
- user authorization
- Username/Password Tables Report 27.6.9.5
- user names
- reports, Username/Password Tables Report 27.6.9.5
- users
- utility functions
- See: .DBMS_MACUTL package
- UTL_FILE object 27.6.1.4
- UTL_FILE package, guidelines on managing D.6.2.1
V
- views 25.1
- See also: names beginning with DVSYS.DBA_DV
- CDB_DV_STATUS 25.2
- DBA_DV_CODE 25.3
- DBA_DV_COMMAND_RULE 25.4
- DBA_DV_DATAPUMP_AUTH 25.5
- DBA_DV_DDL_AUTH 25.6
- DBA_DV_DICTIONARY_ACCTS 25.7
- DBA_DV_FACTOR 25.8
- DBA_DV_FACTOR_TYPE 25.9
- DBA_DV_IDENTITY 25.11
- DBA_DV_IDENTITY_MAP 25.12
- DBA_DV_JOB_AUTH 25.13
- DBA_DV_MAINTENANCE_AUTH 25.16
- DBA_DV_ORADEBUG 25.17
- DBA_DV_PATCH_ADMIN_AUDIT 25.18
- DBA_DV_POLICY 25.19
- DBA_DV_POLICY_LABEL 25.20
- DBA_DV_POLICY_OBJECT 25.21
- DBA_DV_POLICY_OWNER 25.22
- DBA_DV_PROXY_AUTH 25.23
- DBA_DV_PUB_PRIVS 25.24
- DBA_DV_REALM 25.25
- DBA_DV_REALM_AUTH 25.26
- DBA_DV_REALM_OBJECT 25.27
- DBA_DV_ROLE 25.28
- DBA_DV_RULE_SET 25.30
- DBA_DV_RULE_SET_RULE 25.31
- DBA_DV_SIMULATION_LOG 25.33
- DBA_DV_STATUS 25.32
- DBA_DV_TTS_AUTH 25.34
- DBA_DV_USER_PRIVS 25.35
- DBA_DV_USER_PRIVS_ALL 25.36
- DVSYS.DV$CONFIGURATION_AUDIT 25.37
- DVSYS.DV$ENFORCEMENT_AUDIT 25.38
- DVSYS.DV$REALM 25.39
- DVSYS.POLICY_OWNER_COMMAND_RULE 25.40
- DVSYS.POLICY_OWNER_POLICY 25.41
- DVSYS.POLICY_OWNER_REALM 25.42
- DVSYS.POLICY_OWNER_REALM_AUTH 25.43
- DVSYS.POLICY_OWNER_REALM_OBJECT 25.44
- DVSYS.POLICY_OWNER_RULE 25.45
- DVSYS.POLICY_OWNER_RULE_SET 25.46
- DVSYS.POLICY_OWNER_RULE_SET_RULE 25.47
- SYS.DV$CONFIGURATION_AUDIT 25.48
- SYS.DV$ENFORCEMENT_AUDIT 25.49
- VPD
- See: Oracle Virtual Private Database (VPD)