25 Oracle Database Vault Data Dictionary Views
You can find information about the Oracle Database Vault configuration settings by querying the Database Vault-specific data dictionary views.
- About the Oracle Database Vault Data Dictionary Views
Oracle Database Vault provides a set ofDBA
-style data dictionary views that can be accessed through theDV_SECANALYST
role or theDV_ADMIN
role. - CDB_DV_STATUS View
TheCDB_DV_STATUS
data dictionary view shows the status of Oracle Database Vault being enabled and configured in a multitenant environment. - DBA_DV_CODE View
TheDBA_DV_CODE
data dictionary view lists generic lookup codes for the user interface, error messages, and constraint checking. - DBA_DV_COMMAND_RULE View
TheDBA_DV_COMMAND_RULE
data dictionary view lists the SQL statements that are protected by command rules. - DBA_DV_DATAPUMP_AUTH View
TheDBA_DV_DATAPUMP_AUTH
data dictionary view lists the authorizations for using Oracle Data Pump in an Oracle Database Vault environment. - DBA_DV_DDL_AUTH View
TheDBA_DV_DDL
data dictionary view lists the users and schemas that were specified by theDBMS_MACADM.AUTHORIZE_DDL
procedure. - DBA_DV_DICTIONARY_ACCTS View
TheDBA_DV_DICTIONARY_ACCTS
data dictionary view indicates whether users can directly log into theDVSYS
andDVF
schema accounts. - DBA_DV_FACTOR View
TheDBA_DV_FACTOR
data dictionary view lists the existing factors in the current database instance. - DBA_DV_FACTOR_TYPE View
TheDBA_DV_FACTOR_TYPE
data dictionary view lists the names and descriptions of factor types used in the system. - DBA_DV_FACTOR_LINK View
TheDBA_DV_FACTOR_LINK
data dictionary view shows the relationships of each factor whose identity is determined by the association of child factors. - DBA_DV_IDENTITY View
TheDBA_DV_IDENTITY
data dictionary view lists the identities for each factor. - DBA_DV_IDENTITY_MAP View
TheDBA_DV_IDENTITY_MAP
data dictionary view lists the mappings for each factor identity. - DBA_DV_JOB_AUTH View
TheDBA_DV_JOB_AUTH
data dictionary view lists the authorizations for using Oracle Scheduler in an Oracle Database Vault environment. - DBA_DV_MAC_POLICY View
TheDBA_DV_MAC_POLICY
data dictionary view lists the Oracle Label Security policies defined for use with Oracle Database Vault. - DBA_DV_MAC_POLICY_FACTOR View
TheDBA_DV_MAC_POLICY
data dictionary view lists the factors that are associated with Oracle Label Security policies. - DBA_DV_MAINTENANCE_AUTH View
TheDBA_DV_MAINTENANCE_AUTH
data dictionary view provides information about the configuration of Oracle Database Vault authorizations to use Information Life Management (ILM) features. - DBA_DV_ORADEBUG View
TheDBA_DV_ORADEBUG
data dictionary view indicates whether users can use theORADEBUG
utility in an Oracle Database Vault environment. - DBA_DV_PATCH_ADMIN_AUDIT View
TheDBA_DV_PATCH_ADMIN_AUDIT
data dictionary view indicates if auditing has been enabled or disabled for the user who has been granted theDV_ADMIN_PATCH
role. - DBA_DV_POLICY View
TheDBA_DV_POLICY
data dictionary view lists the Oracle Database Vault policies that were created in the current database instance. - DBA_DV_POLICY_LABEL View
TheDBA_DV_POLICY_LABEL
data dictionary view lists the Oracle Label Security label for each factor identifier in theDBA_DV_IDENTITY
view for each policy. - DBA_DV_POLICY_OBJECT View
TheDBA_DV_POLICY_OBJECT
data dictionary view lists information about the objects that are protected by Oracle Database Vault policies in the current database instance. - DBA_DV_POLICY_OWNER View
TheDBA_DV_POLICY_OWNER
data dictionary view lists the owners of Oracle Database Vault policies that were created in the current database instance. - DBA_DV_PROXY_AUTH View
TheDBA_DV_PROXY_AUTH
data dictionary view lists the proxy users and schemas that were specified by theDBMS_MACADM.AUTHORIZE_PROXY_USER
procedure. - DBA_DV_PUB_PRIVS View
TheDBA_DV_PUB_PRIVS
data dictionary view lists data reflected in the Oracle Database Vault privilege management reports used in Oracle Database Vault Administrator. - DBA_DV_REALM View
TheDBA_DV_REALM
data dictionary view lists the realms created in the current database instance. - DBA_DV_REALM_AUTH View
TheDBA_DV_REALM_AUTH
data dictionary view lists database user account or role authorization (GRANTEE
) who can access realm objects. - DBA_DV_REALM_OBJECT View
TheDBA_DV_REALM_OBJECT
data dictionary view lists the database schemas, or subsets of schemas, that are secured by the realms. - DBA_DV_ROLE View
TheDBA_DV_ROLE
data dictionary view lists the Oracle Database Vault secure application roles used in privilege management. - DBA_DV_RULE View
TheDBA_DV_RULE
data dictionary view lists the rules that have been defined. - DBA_DV_RULE_SET View
TheDBA_DV_RULE_SET
data dictionary view lists the rules sets that have been created. - DBA_DV_RULE_SET_RULE View
TheDBA_DV_RULE_SET_RULE
data dictionary view lists rules that are associated with existing rule sets. - DBA_DV_STATUS View
TheDBA_DV_STATUS
data dictionary view shows the status of Oracle Database Vault being enabled and configured. - DBA_DV_SIMULATION_LOG View
TheDBA_DV_SIMULATION_LOG
data dictionary view captures simulation log information for realms and command rules that have had simulation mode enabled. - DBA_DV_TTS_AUTH View
TheDBA_DV_TTS_AUTH
data dictionary view lists users who have been granted authorization through theDBMS_MACADM.AUTHORIZE_TTS_USER
procedure to perform Oracle Data Pump transportable operations. - DBA_DV_USER_PRIVS View
TheDBA_DV_USER_PRIVS
data dictionary view lists the privileges for a database user account excluding privileges granted through thePUBLIC
role. - DBA_DV_USER_PRIVS_ALL View
TheDBA_DV_USER_PRIVS_ALL
data dictionary view lists the privileges for a database account including privileges granted throughPUBLIC
. - DVSYS.DV$CONFIGURATION_AUDIT View
TheDVSYS.DV$CONFIGURATION_AUDIT
data dictionary view capturesDVSYS.AUDIT_TRAIL$
table audit trail records. - DVSYS.DV$ENFORCEMENT_AUDIT View
TheDVSYS.DV$ENFORCEMENT_AUDIT
data dictionary view provides information about enforcement-related audits from theDVSYS.AUDIT_TRAIL$
table. - DVSYS.DV$REALM View
TheDVSYS.DV$REALM
data dictionary view describes settings that were used to create Oracle Database Vault realms, such as which audit options have been assigned or whether the realm is a mandatory realm. - DVSYS.POLICY_OWNER_COMMAND_RULE View
TheDVSYS.POLICY_OWNER_COMMAND_RULE
data dictionary view enables users who have been granted theDV_POLICY_OWNER
role to find information about the command rules that have been associated with Database Vault policies. - DVSYS.POLICY_OWNER_POLICY View
TheDVSYS.POLICY_OWNER_POLICY
data dictionary view enables users who have been granted theDV_POLICY_OWNER
role to find information such as the names, descriptions, and states of existing policies in the current database instance, including policies created by other policy owners. - DVSYS.POLICY_OWNER_REALM View
ThePOLICY_OWNER_REALM
data dictionary view enables users who have been granted theDV_POLICY_OWNER
role to find information about the realms that have been associated with Database Vault policies. - DVSYS.POLICY_OWNER_REALM_AUTH View
TheDVSYS.POLICY_OWNER_REALM_AUTH
data dictionary view enables users who have been granted theDV_POLICY_OWNER
role to find information about the authorization that was granted to realms that have been associated with Database Vault policies. - DVSYS.POLICY_OWNER_REALM_OBJECT View
TheDVSYS.POLICY_OWNER_REALM_OBJECT
data dictionary view enables users to find information about the objects that have been added to realms that are associated with Database Vault policies, such as. Only users who have been granted theDV_POLICY_OWNER
role can query this view. - DVSYS.POLICY_OWNER_RULE View
TheDVSYS.POLICY_OWNER_RULE
data dictionary view enables users who have been granted theDV_POLICY_OWNER
role to find information about the rules that have been associated with rule sets in Database Vault policies, such as the rule name and its expression. Only users who have been granted theDV_POLICY_OWNER
role can query this view. - DVSYS.POLICY_OWNER_RULE_SET View
TheDVSYS.POLICY_OWNER_RULE_SET
data dictionary view enables users who have been granted theDV_POLICY_OWNER
role to find information about the rule sets that have been associated with Database Vault policies. - DVSYS.POLICY_OWNER_RULE_SET_RULE View
TheDVSYS.POLICY_OWNER_RULE_SET_RULE
data dictionary view enables users who have been granted theDV_POLICY_OWNER
role to find information about the rule sets that contain rules used in Database Vault policies. - SYS.DV$CONFIGURATION_AUDIT View
TheSYS.DV$CONFIGURATION_AUDIT
view is almost the same as theDVSYS.DV$CONFIGURATION_AUDIT
view except that it captures unified audit trail Database Vault audit records. - SYS.DV$ENFORCEMENT_AUDIT View
TheSYS.DV$ENFORCEMENT_AUDIT
view is almost the same as theDVSYS.DV$ENFORCEMENT_AUDIT
view except that it captures unified audit trail Database Vault audit records.
25.1 About the Oracle Database Vault Data Dictionary Views
Oracle Database Vault provides a set of DBA
-style data dictionary views that can be accessed through the DV_SECANALYST
role or the DV_ADMIN
role.
These views provide access to the various underlying Oracle Database Vault tables in the DVSYS
and LBACSYS
schemas without exposing the primary and foreign key columns that may be present. These views are intended for the database administrative user to report on the state of the Oracle Database Vault configuration without having to perform the joins required to get the labels for codes that are stored in the core tables or from the related tables.
See Also:
Oracle Database Vault Reports if you are interested in running reports on Oracle Database Vault
Parent topic: Oracle Database Vault Data Dictionary Views
25.2 CDB_DV_STATUS View
The CDB_DV_STATUS
data dictionary view shows the status of Oracle Database Vault being enabled and configured in a multitenant environment.
Only Oracle Database administrative users, such users who have been granted the DBA
role, can query this view. Database Vault administrators do not have access to this view.
For example:
SELECT * FROM CDB_DV_STATUS;
Output similar to the following appears:
NAME STATUS CON_ID -------------------- ------ ------ DV_CONFIGURE_STATUS TRUE 0 DV_ENABLE_STATUS TRUE 0
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Shows either of the following settings:
|
|
|
|
|
|
|
|
The identification number of the container in which Oracle Database Vault is used |
Parent topic: Oracle Database Vault Data Dictionary Views
25.3 DBA_DV_CODE View
The DBA_DV_CODE
data dictionary view lists generic lookup codes for the user interface, error messages, and constraint checking.
These codes are used for the user interface, views, and for validating input in a translatable fashion.
For example:
SELECT CODE, VALUE FROM DBA_DV_CODE WHERE CODE_GROUP = 'BOOLEAN';
Output similar to the following appears:
CODE VALUE ------- -------- Y True N False
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Displays one of the code groups that are listed in Table 25-1 |
|
|
|
Boolean code used; either |
|
|
|
Boolean value used; either |
|
|
|
Language for this installation of Oracle Database Vault. Supported languages are as follows:
|
|
|
|
Brief description of the code group. |
Table 25-1 describes the possible values from the CODE_GROUP
column in the DBA_DV_CODE
data dictionary view.
Table 25-1 DBA_DV_CODE View CODE_GROUP Values
CODE_GROUP Name | Description |
---|---|
|
Contains the action numbers and action names that are used for the custom event audit trail records |
|
A simple Yes or No or True or False lookup |
|
The database object types that can be used for realm objects and command authorizations |
|
The DDL commands that can be protected through command rules |
|
The auditing options for factor retrieval processing |
|
The evaluation options (by session or by access) for factor retrieval |
|
The options for propagating errors when a factor retrieval method fails |
|
The options for determining how a factor identifier is resolved (for example, by method or by factors) |
|
The options for determining how a factor identifier is labeled in the session establishment phase |
|
The algorithms that can be used to determine the maximum session label for a database session for each policy. See Table 20-2 for a listing of the Oracle Label Security merge algorithm codes. |
|
The Boolean operators that can be used for identity maps |
|
The options for auditing realm access or realm violations |
|
The options for ownership of a realm |
|
The options for auditing rule set execution or rule set errors |
|
The options for determining the success or failure of a rule set based on all associated rules being true or any associated rule being true |
|
The options to invoke a custom event handler when a rule set evaluates to Succeeds or Fails |
|
The options to determine the run-time visibility of a rule set failing |
Parent topic: Oracle Database Vault Data Dictionary Views
25.4 DBA_DV_COMMAND_RULE View
The DBA_DV_COMMAND_RULE
data dictionary view lists the SQL statements that are protected by command rules.
See Configuring Command Rules , for more information about command rules.
For example:
SELECT COMMAND, RULE_SET_NAME FROM DBA_DV_COMMAND_RULE;
Output similar to the following appears:
COMMAND RULE_SET_NAME --------------- ----------------------------- GRANT Can Grant VPD Administration REVOKE Can Grant VPD Administration ALTER SYSTEM Allow System Parameters ALTER USER Can Maintain Own Account CREATE USER Can Maintain Account/Profiles DROP USER Can Maintain Account/Profiles CREATE PROFILE Can Maintain Account/Profiles DROP PROFILE Can Maintain Account/Profiles ALTER PROFILE Can Maintain Account/Profiles
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the command rule. For a list of default command rules, see Default Command Rules. |
|
|
|
A clause from either the For a full list of possible clause values, see the following topics: |
|
|
|
A parameter from the |
|
|
|
An event that the |
|
|
|
A component of the |
|
|
|
An action of the |
|
|
|
Name of the rule set associated with this command rule. |
|
|
|
The owner of the object that the command rule affects. |
|
|
|
The name of the database object the command rule affects (for example, a database table). |
|
|
|
Possible values are as follows:
|
|
|
|
Obsolete column |
|
|
|
For a multitenant environment, indicates whether the command rule is local or common. Possible values are:
|
|
|
|
Shows the inheritance status of the command rule, when the
COMMON column output is YES . Values are as follows:
|
|
|
|
The ID number of the command rule, which is automatically generated when the command rule is created |
|
|
|
Indicates whether the command rule is a default (that is, Oracle-supplied) command rule or a user-created command rule. Possible values are:
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.5 DBA_DV_DATAPUMP_AUTH View
The DBA_DV_DATAPUMP_AUTH
data dictionary view lists the authorizations for using Oracle Data Pump in an Oracle Database Vault environment.
See Using Oracle Data Pump with Oracle Database Vault for more information.
For example:
SELECT * FROM DBA_DV_DATAPUMP_AUTH WHERE GRANTEE = 'PRESTON';
Output similar to the following appears:
GRANTEE SCHEMA OBJECT ------- ------ ------- PRESTON OE ORDERS
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the user who has been granted Data Pump authorization |
|
|
|
Name of the schema on which the user |
|
|
|
Name of the object within the schema specified by the |
Parent topic: Oracle Database Vault Data Dictionary Views
25.6 DBA_DV_DDL_AUTH View
The DBA_DV_DDL
data dictionary view lists the users and schemas that were specified by the DBMS_MACADM.AUTHORIZE_DDL
procedure.
This procedure grants a user authorization to execute Data Definition Language (DDL) statements.
For example:
SELECT * FROM DBA_DV_DDL_AUTH WHERE GRANTEE = 'psmith';
Output similar to the following appears:
GRANTEE SCHEMA ------- ------ PSMITH HR
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the user who has been granted DDL authorization |
|
|
|
Name of the schema on which the user |
Parent topic: Oracle Database Vault Data Dictionary Views
25.7 DBA_DV_DICTIONARY_ACCTS View
The DBA_DV_DICTIONARY_ACCTS
data dictionary view indicates whether users can directly log into the DVSYS
and DVF
schema accounts.
For example:
SELECT * FROM DBA_DV_DICTIONARY_ACCTS;
Output similar to the following appears:
STATE ------- ENABLED
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Describes whether users can log directly into the
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.8 DBA_DV_FACTOR View
The DBA_DV_FACTOR
data dictionary view lists the existing factors in the current database instance.
For example:
SELECT NAME, GET_EXPR FROM DBA_DV_FACTOR WHERE NAME = 'Session_User';
Output similar to the following appears:
NAME GET_EXPR ------------- --------------------------------------------- Session_User UPPER(SYS_CONTEXT('USERENV', 'SESSION_USER'))
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the factor. See Default Factors for a list of default factors. |
|
|
|
Description of the factor. |
|
|
|
Category of the factor, which is used to classify the purpose of the factor. |
|
|
|
Rule set used to control the identify of the factor. |
|
|
|
PL/SQL expression that retrieves the identity of a factor. |
|
|
|
PL/SQL expression used to validate the identify of the factor. It returns a Boolean value. |
|
|
|
Determines the identity of a factor, based on the expression listed in the
|
|
|
|
Provides a text description for the corresponding value in the
|
|
|
|
Determines the labeling the factor:
|
|
|
|
Provides a text description for the corresponding value in the
|
|
|
|
Determines how the factor is evaluated when the user logs on:
|
|
|
|
Provides a text description for the corresponding value in the
|
|
|
|
Option for auditing the factor if you want to generate a custom Oracle Database Vault audit record. Possible values are:
|
|
|
|
Options for reporting factor errors:
|
|
|
|
Provides a text description for the corresponding value in the
|
|
|
|
The ID number of the factor, which is automatically generated when the factor is created |
|
|
|
Indicates whether the factor is a default (that is, Oracle-supplied) factor or a user-created factor. Possible values are:
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.9 DBA_DV_FACTOR_TYPE View
The DBA_DV_FACTOR_TYPE
data dictionary view lists the names and descriptions of factor types used in the system.
For example:
SELECT * FROM DBA_DV_FACTOR_TYPE WHERE NAME = 'Time';
Output similar to the following appears:
NAME DESCRIPTION --------- ---------------------------------------------------------------------- Time Time-based factor
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the factor type. |
|
|
|
Description of the factor type. |
Parent topic: Oracle Database Vault Data Dictionary Views
25.10 DBA_DV_FACTOR_LINK View
The DBA_DV_FACTOR_LINK
data dictionary view shows the relationships of each factor whose identity is determined by the association of child factors.
This view contains one entry for each parent factor and child factor. You can use this view to resolve the relationships from the factor links to identity maps.
For example:
SELECT PARENT_FACTOR_NAME, CHILD_FACTOR_NAME FROM DBA_DV_FACTOR_LINK;
Output similar to the following appears:
PARENT_FACTOR_NAME CHILD_FACTOR_NAME ------------------------------ ------------------------------ Domain Database_Instance Domain Database_IP Domain Database_Hostname
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the parent factor |
|
|
|
Name of the child factor of the parent factor |
|
|
|
Indicates whether the child factor that is linked to the parent factor contributes to the label of the parent factor in an Oracle Label Security integration. Possible values are:
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.11 DBA_DV_IDENTITY View
The DBA_DV_IDENTITY
data dictionary view lists the identities for each factor.
For example:
SELECT * FROM DBA_DV_IDENTITY WHERE VALUE = 'GLOBAL SHARED';
Output similar to the following appears, assuming you have created only one factor identity:
FACTOR_NAME VALUE TRUST_LEVEL ---------------- -------------- ------------ Identification_Type GLOBAL SHARED 1
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the factor. |
|
|
|
Value of the factor. |
|
|
|
Number that indicates the magnitude of trust relative to other identities for the same factor. |
Parent topic: Oracle Database Vault Data Dictionary Views
25.12 DBA_DV_IDENTITY_MAP View
The DBA_DV_IDENTITY_MAP
data dictionary view lists the mappings for each factor identity.
The view includes mapping factors that are identified by other factors to combinations of parent-child factor links. For each factor, the maps are joined by the OR
operation, and for different factors, the maps are joined by the AND
operation.
You can use this view to resolve the identity for factors that are identified by other factors (for example, a domain) or for factors that have continuous domains (for example, Age or Temperature).
For example:
SELECT FACTOR_NAME, IDENTITY_VALUE FROM DBA_DV_IDENTITY_MAP;
Output similar to the following appears:
FACTOR_NAME IDENTITY_VALUE ---------------- -------------------- Sector2_Program Accounting-Sensitive
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Factor the identity map is for. |
|
|
|
Value the factor assumes if the identity map evaluates to |
|
|
|
Descriptive name of the operation in the |
|
|
|
Relational operator for the identity map (for example, <, >, =, and so on). |
|
|
|
Left operand for the relational operator; refers to the low value you enter. |
|
|
|
Right operand for the relational operator; refers to the high value you enter. |
|
|
|
The parent factor link to which the map is related. |
|
|
|
The child factor link to which the map is related. |
|
|
|
Indicates whether the child factor being linked to the parent factor contributes to the label of the parent factor in an Oracle Label Security integration. Possible values are:
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.13 DBA_DV_JOB_AUTH View
The DBA_DV_JOB_AUTH
data dictionary view lists the authorizations for using Oracle Scheduler in an Oracle Database Vault environment.
For example:
SELECT * FROM DBA_DV_JOB_AUTH WHERE GRANTEE = 'PRESTON';
Output similar to the following appears:
GRANTEE SCHEMA ------- ------ PRESTON OE
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the user who has been granted Oracle Scheduler authorization |
|
|
|
Name of the schema on which the user |
Parent topic: Oracle Database Vault Data Dictionary Views
25.14 DBA_DV_MAC_POLICY View
The DBA_DV_MAC_POLICY
data dictionary view lists the Oracle Label Security policies defined for use with Oracle Database Vault.
For example:
SELECT POLICY_NAME, ALGORITHM_CODE, ALGORITHM_MEANING FROM DBA_DV_MAC_POLICY;
Output similar to the following appears:
POLICY_NAME ALGORITHM_CODE ALGORITHM_MEANING --------------- ----------------- -------------------------------- ACCESS_DATA LUI Minimum Level/Union/Intersection
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the policy. |
|
|
|
Merge algorithm code used for the policy. See Table 20-2 for a listing of algorithm codes. |
|
|
|
Provides a text description for the corresponding value in the |
|
|
|
Label specified for initialization errors, to be set when a configuration error or run-time error occurs during session initialization. |
Parent topic: Oracle Database Vault Data Dictionary Views
25.15 DBA_DV_MAC_POLICY_FACTOR View
The DBA_DV_MAC_POLICY
data dictionary view lists the factors that are associated with Oracle Label Security policies.
You can use this view to determine what factors contribute to the maximum session label for each policy using the DBA_DV_MAC_POLICY
view.
For example:
SELECT * FROM DBA_DV_MAC_POLICY_FACTOR;
Output similar to the following appears:
FACTOR_NAME MAC_POLICY_NAME -------------- ------------------ App_Host_Name Access Locations
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the factor |
|
|
|
Name of the Oracle Label Security policy associated with this facto |
Parent topic: Oracle Database Vault Data Dictionary Views
25.16 DBA_DV_MAINTENANCE_AUTH View
The DBA_DV_MAINTENANCE_AUTH
data dictionary view provides information about the configuration of Oracle Database Vault authorizations to use Information Life Management (ILM) features.
For example:
SELECT GRANTEE, ACTION STATE FROM DBA_DV_MAINTENANCE_AUTH;
Output similar to the following appears:
GRANTEE ACTION ------------------------- -------- PSMITH ILM
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the grantee |
|
|
|
Schema name or |
|
|
|
Object name or |
|
|
|
Object type |
|
|
|
Maintenance action |
Parent topic: Oracle Database Vault Data Dictionary Views
25.17 DBA_DV_ORADEBUG View
The DBA_DV_ORADEBUG
data dictionary view indicates whether users can use the ORADEBUG
utility in an Oracle Database Vault environment.
For example:
SELECT * FROM DBA_DV_ORADEBUG;
Output similar to the following appears:
STATE -------- DISABLED
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Describes whether the
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.18 DBA_DV_PATCH_ADMIN_AUDIT View
The DBA_DV_PATCH_ADMIN_AUDIT
data dictionary view indicates if auditing has been enabled or disabled for the user who has been granted the DV_ADMIN_PATCH
role.
The DBMS_MACADM.ENABLE_DV_PATCH_ADMIN_AUDIT
procedure enables this type of auditing.
For example:
SELECT * FROM DBA_DV_PATCH_ADMIN_AUDIT;
Output similar to the following appears:
STATE -------- DISABLED
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Describes whether auditing has been enabled or disabled for the
|
25.19 DBA_DV_POLICY View
The DBA_DV_POLICY
data dictionary view lists the Oracle Database Vault policies that were created in the current database instance.
For example:
SELECT POLICY_NAME, STATE FROM DBA_DV_POLICY WHERE STATE = 'ENABLED';
Output similar to the following appears:
POLICY_NAME STATE ---------------------------------- ------- Oracle Account Management Controls ENABLED Oracle System Protection Controls ENABLED
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Names of the Oracle Database Vault policies that have been created. See Default Oracle Database Vault Policiesfor a listing of default policies. |
|
|
|
Description of the policy that was created |
|
|
|
Specifies whether the policy is enabled. Possible values are:
|
|
|
|
Is a system-generated ID that was assigned to the policy when the policy was created |
|
|
|
Indicates whether the policy is a default Oracle Database Vault policy |
Parent topic: Oracle Database Vault Data Dictionary Views
25.20 DBA_DV_POLICY_LABEL View
The DBA_DV_POLICY_LABEL
data dictionary view lists the Oracle Label Security label for each factor identifier in the DBA_DV_IDENTITY
view for each policy.
For example:
SELECT * FROM DBA_DV_POLICY_LABEL;
Output similar to the following appears:
IDENTITY_VALUE FACTOR_NAME POLICY_NAME LABEL ---------------- -------------- ---------------- --------- App_Host_Name Sect2_Fin_Apps Access Locations Sensitive
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the factor identifier. |
|
|
|
Name of the factor associated with the factor identifier. |
|
|
|
Name of the Oracle Label Security policy associated with this factor. |
|
|
|
Name of the Oracle Label Security label associated with the policy. |
Parent topic: Oracle Database Vault Data Dictionary Views
25.21 DBA_DV_POLICY_OBJECT View
The DBA_DV_POLICY_OBJECT
data dictionary view lists information about the objects that are protected by Oracle Database Vault policies in the current database instance.
For example:
SELECT POLICY_NAME, OBJECT_TYPE FROM DBA_DV_POLICY_OBJECT WHERE POLICY_NAME LIKE '%Protection Controls';
Output similar to the following appears:
POLICY_NAME OBJECT_TYPE ---------------------------------- ------------ Oracle System Protection Controls REALM
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Names of the Oracle Database Vault policies that have been created. See Default Oracle Database Vault Policies for a listing of default policies. |
|
|
|
Type of object that is being protected, such as |
|
|
|
Name of the command rules that are protected by Database Vault policies |
|
|
|
Names of object owners that are associated with Database Vault policies |
|
|
|
Names of objects that are associated with Database Vault policies |
|
|
|
A clause from either the For a full list of possible clause values, see the following topics: |
|
|
|
A parameter from the |
|
|
|
An event that the |
|
|
|
A component of the |
|
|
|
An action of the |
|
|
|
For a multitenant environment, indicates if the policy objects are local or common. Possible values are:
|
|
|
|
Shows the inheritance status of the policy object, when the
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.22 DBA_DV_POLICY_OWNER View
The DBA_DV_POLICY_OWNER
data dictionary view lists the owners of Oracle Database Vault policies that were created in the current database instance.
For example:
SELECT * FROM DBA_DV_POLICY_OWNER;
Output similar to the following appears:
POLICY_OWNER POLICY_OWNER ---------------------------------- ------------ Oracle System Protection Controls PSMITH
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Names of the Oracle Database Vault policies that have been created. See Default Oracle Database Vault Policies for a listing of default policies. |
|
|
|
Names of users who have own Database Vault policies |
Parent topic: Oracle Database Vault Data Dictionary Views
25.23 DBA_DV_PROXY_AUTH View
The DBA_DV_PROXY_AUTH
data dictionary view lists the proxy users and schemas that were specified by the DBMS_MACADM.AUTHORIZE_PROXY_USER
procedure.
This procedure grants a proxy user authorization to proxy other user accounts.
For example:
SELECT * FROM DBA_DV_DDL_AUTH WHERE GRANTEE = 'PRESTON';
Output similar to the following appears:
GRANTEE SCHEMA ------- ------ PRESTON DKENT
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the proxy user |
|
|
|
Name of the schema that is proxied by the |
25.24 DBA_DV_PUB_PRIVS View
The DBA_DV_PUB_PRIVS
data dictionary view lists data reflected in the Oracle Database Vault privilege management reports used in Oracle Database Vault Administrator.
See also Privilege Management - Summary Reports.
For example:
SELECT USERNAME, ACCESS_TYPE FROM DBA_DV_PUB_PRIVS WHERE USERNAME = 'OE';
Output similar to the following appears:
USERNAME ACCESS_TYPE ----------- ----------------- OE PUBLIC
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Database schema in the current database instance. |
|
|
|
Access type granted to the user listed in the |
|
|
|
Privilege granted to the user listed in the |
|
|
|
Owner of the database schema to which the |
|
|
|
Name of the object within the schema listed in the |
Parent topic: Oracle Database Vault Data Dictionary Views
25.25 DBA_DV_REALM View
The DBA_DV_REALM
data dictionary view lists the realms created in the current database instance.
For example:
SELECT NAME, AUDIT_OPTIONS, ENABLED, COMMON FROM DBA_DV_REALM WHERE AUDIT_OPTIONS = '1';
Output similar to the following appears:
NAME AUDIT_OPTIONS ENABLED COMMON ----------------------------- ---------------- -------- ------ Performance Statistics Realm 1 Y NO
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Names of the realms created. SeeDefault Realms for a listing of default realms. |
|
|
|
Description of the realm created. |
|
|
|
Specifies whether auditing is enabled. Possible values are:
|
|
|
|
Type of realm: whether it is a regular realm or a mandatory realm. See |
|
|
|
For a multitenant environment, indicates whether the realm is local or common. Possible values are:
|
|
|
|
Shows the inheritance status of the realm, when the
COMMON column output is YES . Values are as follows:
|
|
|
|
Possible values are as follows:
|
|
|
|
The ID number of the realm, which is automatically generated when the realm is created |
|
|
|
Indicates whether the realm is a default (that is, Oracle-supplied) realm or a user-created command rule. Possible values are:
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.26 DBA_DV_REALM_AUTH View
The DBA_DV_REALM_AUTH
data dictionary view lists database user account or role authorization (GRANTEE
) who can access realm objects.
See About Realm Authorization for more information.
For example:
SELECT REALM_NAME, GRANTEE, AUTH_RULE_SET_NAME FROM DBA_DV_REALM_AUTH;
Output similar to the following appears:
REALM_NAME GRANTEE AUTH_RULE_SET_NAME ---------------------------- --------- --------------------- Performance Statistics Realm SYSADM Check Conf Access
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the realm. |
|
|
|
For a multitenant environment, indicates whether the realm is local or common. Possible values are:
|
|
|
|
Shows the inheritance status of the realm, when the
COMMON column output is YES . Values are as follows:
|
|
|
|
User or role name to authorize as owner or participant. |
|
|
|
Rule set to check before authorizing. If the rule set evaluates to |
|
|
|
Type of realm authorization: either |
|
|
|
For a multitenant environment, indicates whether the authorization to the common realm is local or common. Possible values are:
|
|
|
|
Shows the inheritance status of the realm authorization, when the
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.27 DBA_DV_REALM_OBJECT View
The DBA_DV_REALM_OBJECT
data dictionary view lists the database schemas, or subsets of schemas, that are secured by the realms.
See About Realm-Secured Objects for more information.
For example:
SELECT REALM_NAME, OWNER, OBJECT_NAME, COMMON_REALM FROM DBA_DV_REALM_OBJECT;
Output similar to the following appears:
REALM_NAME OWNER OBJECT_NAME COMMON_REALM ---------------------------- -------- ----------- ------------ Performance Statistics Realm OE ORDERS NO
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the realm. |
|
|
|
Indicates whether this realm is a common realm or a local realm. Possible values are:
|
|
|
|
Shows the inheritance status of the realm when the
COMMON column output is YES . Values are as follows:
|
|
|
|
Database schema owner who owns the object. |
|
|
|
Name of the object the realm protects. |
|
|
|
Type of object the realm protects, such as a database table, view, index, or role. |
Parent topic: Oracle Database Vault Data Dictionary Views
25.28 DBA_DV_ROLE View
The DBA_DV_ROLE
data dictionary view lists the Oracle Database Vault secure application roles used in privilege management.
For example:
SELECT ROLE, RULE_NAME FROM DBA_DV_ROLE;
Output similar to the following appears:
ROLE RULE_NAME ------------------ -------------------- Sector2_APP_MGR Check App2 Access Sector2_APP_DBA Check App2 Access
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the secure application role. |
|
|
|
Name of the rule set associated with the secure application role. |
|
|
|
Indicates whether the secure application role is enabled. Possible values are:
|
|
|
|
The ID number of the command rule, which is automatically generated when the command rule is created |
|
|
|
Indicates whether the command rule is a default (that is, Oracle-supplied) command rule or a user-created command rule. Possible values are:
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.29 DBA_DV_RULE View
The DBA_DV_RULE
data dictionary view lists the rules that have been defined.
For example:
SELECT NAME, RULE_EXPR FROM DBA_DV_RULE WHERE NAME = 'Maintenance Window';
Output similar to the following appears:
NAME RULE_EXP ------------------- ---------------------------------------------- Maintenance Window TO_CHAR(SYSDATE,'HH24') BETWEEN '10' AND '12'
To find the rule sets that use specific rules, query the DBA_DV_RULE_SET_RULE
view.
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the rule. |
|
|
|
PL/SQL expression for the rule. |
|
|
|
For a multitenant environment, indicates whether the rule is local or common. Possible values are:
|
|
|
|
Shows the inheritance status of the rule, when the
COMMON column output is YES . Values are as follows:
|
|
|
|
The ID number of the rule, which is automatically generated when the rule is created |
|
|
|
Indicates whether the rule is a default (that is, Oracle-supplied) rule or a user-created rule. Possible values are:
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.30 DBA_DV_RULE_SET View
The DBA_DV_RULE_SET
data dictionary view lists the rules sets that have been created.
For example:
SELECT RULE_SET_NAME, HANDLER_OPTIONS, HANDLER FROM DBA_DV_RULE_SET WHERE RULE_SET_NAME = 'Maintenance Period';
Output similar to the following appears:
RULE_SET_NAME HANDLER_OPTIONS HANDLER ------------------- ---------------- ---------------------- Maintenance Period 1 dbavowner.email_alert
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the rule set. |
|
|
|
Description of the rule set. |
|
|
|
Indicates whether the rule set has been enabled. |
|
|
|
For rules sets that contain multiple rules, determines how many rules are evaluated. Possible values are:
|
|
|
|
Indicates when auditing is used. Possible values are:
|
|
|
|
Determines when an audit record is created for the rule set. Possible values are:
|
|
|
|
Error message for failure that is associated with the fail code listed in the |
|
|
|
The error message number associated with the message listed in the |
|
|
|
Determines how error handling is used. Possible values are:
|
|
|
|
Name of the PL/SQL function or procedure that defines the custom event handler logic. |
|
|
|
Indicates how often the rule set is evaluated during a user session. Possible values are:
|
|
|
|
For a multitenant environment, indicates whether the rule set is local or common. Possible values are:
|
|
|
|
Shows the inheritance status of the rule set, when the
COMMON column output is YES . Values are as follows:
|
|
|
|
The ID number of the rule set, which is automatically generated when the rule set is created |
|
|
|
Indicates whether the rule set is a default (that is, Oracle-supplied) rule set or a user-created rule set. Possible values are:
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.31 DBA_DV_RULE_SET_RULE View
The DBA_DV_RULE_SET_RULE
data dictionary view lists rules that are associated with existing rule sets.
For example:
SELECT RULE_SET_NAME, RULE_NAME, RULE_EXPR FROM DBA_DV_RULE_SET_RULE WHERE RULE_NAME = 'Is Security Officer';
Output similar to the following appears:
RULE_SET_NAME RULE_NAME RULE_EXP ---------------------------- ------------------ --------------------------------- Can Grant VPD Administration Is Security Owner DBMS_MACUTL.USER_HAS_ROLE_VARCHAR ('DV_OWNER', dvsys.dv_login_user) = 'Y'
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the rule set that contains the rule. |
|
|
|
Name of the rule. |
|
|
|
PL/SQL expression that defines the rule listed in the |
|
|
Indicates whether the rule is enabled or disabled. |
|
|
|
|
The order in which rules are used within the rule set. Does not apply to this release. |
|
|
|
For a multitenant environment, indicates whether the rule is local or common. Possible values are:
|
|
|
|
Shows the inheritance status of the rule, when the
COMMON column output is YES . Values are as follows:
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.32 DBA_DV_STATUS View
The DBA_DV_STATUS
data dictionary view shows the status of Oracle Database Vault being enabled and configured.
For example:
SELECT * FROM DBA_DV_STATUS;
Output similar to the following appears:
NAME STATUS -------------------- ------ DV_CONFIGURE_STATUS TRUE DV_ENABLE_STATUS TRUE
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Shows either of the following settings:
|
|
|
|
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.33 DBA_DV_SIMULATION_LOG View
The DBA_DV_SIMULATION_LOG
data dictionary view captures simulation log information for realms and command rules that have had simulation mode enabled.
For example:
SELECT USERNAME, COMMAND FROM DBA_DV_SIMULATION_LOG WHERE REALM = 'HR Realm';
Output similar to the following appears:
USERNAME COMMAND ------------- --------------------------------------------- PSMITH SELECT
Related Views
-
DBA_DV_REALM View for information about simulation mode settings for realms
-
DBA_DV_COMMAND_RULE View for information about simulation mode settings for command rules
-
DBA_DV_POLICY View for information about simulation mode settings in Oracle Database Vault policies
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the user whose information is being tracked |
|
|
|
Command rule being tracked For a listing of existing command rules, query the |
|
|
|
Type of violation. See Table 25-2 for more information. |
|
|
|
Realm being tracked. For a listing of existing realms, query the |
|
|
|
For command rules, the database schema to which the command rule applied |
|
|
|
For command rules, the database object that the command rule protects |
|
|
|
For command rules, the type of object that is being protected |
|
|
|
Rule set being tracked; it is associated with a command rule For a listing of existing rule sets, query the |
|
|
|
The Oracle Database |
|
|
|
SQL text that the simulation mode captures |
|
|
|
An XML document that contains all of the factor identifiers for the current session at the point when the audit event was triggered |
|
|
|
Time stamp of user action, in UTC (Coordinated Universal Time) time zone |
VIOLATION_TYPE Code Values
Table 25-2 lists the VIOLATION_TYPE
code values for the DBA_DV_SIMULATION_LOG
view.
Table 25-2 DBA_DV_SIMULATION_LOG VIOLATION_TYPE Code Values
Code | Meaning |
---|---|
|
Realm violation |
|
Command rule violation |
|
Oracle Data Pump authorization violation |
|
Simulation violation |
|
Oracle Scheduler authorization violation |
|
DDL authorization violation |
|
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.34 DBA_DV_TTS_AUTH View
The DBA_DV_TTS_AUTH
data dictionary view lists users who have been granted authorization through the DBMS_MACADM.AUTHORIZE_TTS_USER
procedure to perform Oracle Data Pump transportable operations.
See Using Oracle Data Pump with Oracle Database Vault for more information.
For example:
SELECT * FROM DBA_DV_TTS_AUTH;
Output similar to the following appears:
GRANTEE TSNAME -------- -------- DB_MGR HR_TS
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the user who has been granted transportable tablespace authorization |
|
|
|
Name of the transportable tablespace to which the |
Parent topic: Oracle Database Vault Data Dictionary Views
25.35 DBA_DV_USER_PRIVS View
The DBA_DV_USER_PRIVS
data dictionary view lists the privileges for a database user account excluding privileges granted through the PUBLIC
role.
For example:
SELECT USERNAME, ACCESS_TYPE, PRIVILEGE FROM DBA_DV_USER_PRIVS;
Output similar to the following appears:
USERNAME ACCESS_TYPE PRIVILEGE --------- -------------------- ------------ DVSYS DV_PUBLIC EXECUTE DVOWNER DV_ADMIN SELECT SYS SELECT_CATALOG_ROLE SELECT ...
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the database schema account in which privileges have been defined. |
|
|
|
Role the database user account listed in the |
|
|
|
Privilege granted to the user listed in the |
|
|
|
Name of the database user account. |
|
|
|
Name of the PL/SQL function or procedure used to define privileges. |
Parent topic: Oracle Database Vault Data Dictionary Views
25.36 DBA_DV_USER_PRIVS_ALL View
The DBA_DV_USER_PRIVS_ALL
data dictionary view lists the privileges for a database account including privileges granted through PUBLIC
.
For example:
SELECT USERNAME, ACCESS_TYPE, PRIVILEGE FROM DBA_DV_USER_PRIVS;
Output similar to the following appears:
USERNAME ACCESS_TYPE PRIVILEGE ------------------- ------------ ----------------- BEA_DVACCTMGR CONNECT CREATE_SESSION LEO_DVOWNER DIRECT CREATE PROCEDURE ...
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the database schema account in which privileges have been defined. |
|
|
|
Role the database user account listed in the |
|
|
|
Privilege granted to the user listed in the |
|
|
|
Name of the database user account. |
|
|
|
Name of the PL/SQL function or procedure used to define privileges. |
Parent topic: Oracle Database Vault Data Dictionary Views
25.37 DVSYS.DV$CONFIGURATION_AUDIT View
The DVSYS.DV$CONFIGURATION_AUDIT
data dictionary view captures DVSYS.AUDIT_TRAIL$
table audit trail records.
It includes records that are related to successful and failed configuration changes made to realms, rules, rule sets, factors, and other Oracle Database Vault policy configuration activities.
For example:
SELECT USERNAME, ACTION_NAME FROM DVSYS.DV$CONFIGURATION_AUDIT WHERE USERNAME = 'PSMITH';
Output similar to the following appears:
USERNAME ACTION_NAME ---------- --------------------- PSMITH Realm Creation Audit PSMITH Rule Set Update Audit
Related View
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Numeric identifier for the audit record |
|
|
|
Operating system login user name of the user whose actions were audited |
|
|
|
Name of the database user whose actions were audited |
|
|
|
Client computer name |
|
|
|
Identifier for the user's terminal |
|
|
|
Date and time of creation of the audit trail entry (in the local database session time zone) |
|
|
|
Creator of the object affected by the action, always |
|
|
|
Name of the object affected by the action. Expected values are:
|
|
|
|
Numeric action type code. The corresponding name of the action type is in the |
|
|
|
Name of the action type corresponding to the numeric code in the |
|
|
|
The unique identifier of the record in the table specified under |
|
|
|
The unique name or natural key of the record in the table specified under |
|
|
|
The SQL text of the command procedure that was executed that resulted in the audit event being triggered |
|
|
|
The labels for all audit options specified in the record that resulted in the audit event being triggered. For example, a factor set operation that is supposed to audit on get failure and get |
|
|
|
The unique identifier of the rule set that was executing and caused the audit event to trigger |
|
|
|
The unique name of the rule set that was executing and caused the audit event to trigger |
|
|
|
Not used |
|
|
|
Not used |
|
|
|
An XML document that contains all of the factor identifiers for the current session at the point when the audit event was triggered |
|
|
|
Text comment on the audit trail entry, providing more information about the statement audited |
|
|
|
Numeric identifier for each Oracle session |
|
|
|
Same as the value in the |
|
|
|
Numeric identifier for the statement invoked that caused the audit event to be generated. This is empty for most Oracle Database Vault events. |
|
|
|
Oracle error code generated by the action. The error code for a statement or procedure invoked that caused the audit event to be generated. This is empty for most Oracle Database Vault events. |
|
|
|
Time stamp of creation of the audit trail entry (time stamp of user login for entries) in UTC (Coordinated Universal Time) time zone |
|
|
|
Proxy session serial number, if an enterprise user has logged in through the proxy mechanism |
|
|
|
Global user identifier for the user, if the user has logged in as an enterprise user |
|
|
|
Instance number as specified by the |
|
|
|
Operating system process identifier of the Oracle process |
|
|
|
Database login user name of the user whose actions were audited |
|
|
|
Date on which the action occurred, based on the |
|
|
|
Same as |
|
|
|
Same as |
|
|
|
User ID of users who have been granted Database Vault-protected roles, realm authorization, command-rule authorization, job scheduler authorization, or Oracle Data Pump authorizations |
|
|
|
Indicates whether the configuration was enabled |
Table 25-3 describes the possible values for the ACTION
column of the DVSYS.DV$CONFIGURATION_AUDIT
view.
Table 25-3 DVSYS.DV$CONFIGURATION_AUDIT View ACTION Values
Action Type Code | Action Name |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.38 DVSYS.DV$ENFORCEMENT_AUDIT View
The DVSYS.DV$ENFORCEMENT_AUDIT
data dictionary view provides information about enforcement-related audits from the DVSYS.AUDIT_TRAIL$
table.
It captures user violations on command rules, realms, and factors.
For example:
SELECT USERNAME, ACTION_COMMMAND FROM DVSYS.DV$ENFORCEMENT_AUDIT WHERE OWNER = 'HR';
Output similar to the following appears:
USERNAME ACTION_COMMMAND ----------- ------------------------------ PSMITH CREATE_REALM
Related View
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Numeric identifier for the audit record |
|
|
|
Operating system login user name of the user whose actions were audited |
|
|
|
Name of the database user whose actions were audited |
|
|
|
Client computer name |
|
|
|
Identifier for the user's terminal |
|
|
|
Date and time of creation of the audit trail entry (in the local database session time zone) |
|
|
|
Creator of the object affected by the action, always |
|
|
|
Name of the object affected by the action. Expected values are:
|
|
|
|
Numeric action type code. The corresponding name of the action type is in the |
|
|
|
Name of the action type corresponding to the numeric code in the |
|
|
|
The unique identifier of the record in the table specified under |
|
|
|
The unique name or natural key of the record in the table specified under |
|
|
|
The SQL text of the command procedure that was executed that resulted in the audit event being triggered |
|
|
|
The labels for all audit options specified in the record that resulted in the audit event being triggered. For example, a factor set operation that is supposed to audit on get failure and get |
|
|
|
The unique identifier of the rule set that was executing and caused the audit event to trigger |
|
|
|
The unique name of the rule set that was executing and caused the audit event to trigger |
|
|
|
Not used |
|
|
|
Not used |
|
|
|
An XML document that contains all of the factor identifiers for the current session at the point when the audit event was triggered |
|
|
|
Text comment on the audit trail entry, providing more information about the statement audited |
|
|
|
Numeric identifier for each Oracle session |
|
|
|
Same as the value in the |
|
|
|
Numeric identifier for the statement invoked that caused the audit event to be generated. This is empty for most Oracle Database Vault events. |
|
|
|
Oracle error code generated by the action. The error code for a statement or procedure invoked that caused the audit event to be generated. This is empty for most Oracle Database Vault events. |
|
|
|
Time stamp of creation of the audit trail entry (time stamp of user login for entries) in UTC (Coordinated Universal Time) time zone |
|
|
|
Proxy session serial number, if an enterprise user has logged in through the proxy mechanism |
|
|
|
Global user identifier for the user, if the user has logged in as an enterprise user |
|
|
|
Instance number as specified by the |
|
|
|
Operating system process identifier of the Oracle process |
|
|
|
Database login user name of the user whose actions were audited |
|
|
|
Date on which the action occurred, based on the |
|
|
|
Same as |
|
|
|
Same as |
The following table describes the possible values for the ACTION
column of the DVSYS.DV$ENFORCEMENT_AUDIT
view.
Table 25-4 DVSYS.DV$ENFORCEMENT_AUDIT View ACTION Values
Action Type Code | Action Name |
---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.39 DVSYS.DV$REALM View
The DVSYS.DV$REALM
data dictionary view describes settings that were used to create Oracle Database Vault realms, such as which audit options have been assigned or whether the realm is a mandatory realm.
This view also indicates information such as who created and updated the realm, and when the realm was created and updated.
For example:
SELECT NAME, CREATED_BY, TYPE FROM DVSYS.DV$REALM WHERE NAME LIKE 'Statistics';
Output similar to the following appears:
NAME CREATED_BY TYPE ---------------------------- ---------- ----- Performance Statistics Realm JGODFREY 2
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
ID number of the realm |
|
|
|
Name of the realm |
|
|
|
Description of the realm |
|
|
|
Audit options set for the realm. See |
|
|
|
Type of realm: whether it is a regular realm or a mandatory realm. See |
|
|
|
For a multitenant environment, indicates whether the realm is local or common. Possible values are:
|
|
|
|
Shows the inheritance status of the realm, when the
COMMON column output is YES . Values are as follows:
|
|
|
|
Whether the realm has been enabled. See |
|
|
|
Version of Oracle Database Vault in which the realm was created |
|
|
|
User who created the realm |
|
|
|
Date on which the realm was created. |
|
|
|
User who last updated the realm |
|
|
|
Date on which the realm was last updated |
Parent topic: Oracle Database Vault Data Dictionary Views
25.40 DVSYS.POLICY_OWNER_COMMAND_RULE View
The DVSYS.POLICY_OWNER_COMMAND_RULE
data dictionary view enables users who have been granted the DV_POLICY_OWNER
role to find information about the command rules that have been associated with Database Vault policies.
Examples of information that users can find include the command rule name, its associated rule set, and whether it is enabled. Only users who have been granted the DV_POLICY_OWNER
role can query this view.
For example:
SELECT COMMAND, OBJECT_OWNER, OBJECT_NAME FROM DVSYS.POLICY_OWNER_COMMAND_RULE;
Output similar to the following appears:
COMMAND OBJECT_OWNER OBJECT_NAME ------------- ------------- ------------ SELECT HR EMPLOYEES
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the command rule. For a list of default command rules, see Default Command Rules. |
|
|
|
A clause from either the For a full list of possible clause values, see the following topics: |
|
|
|
A parameter from the |
|
|
|
An event that the |
|
|
|
A component of the |
|
|
|
An action of the |
|
|
|
Name of the rule set associated with this command rule. |
|
|
|
The owner of the object that the command rule affects. |
|
|
|
The name of the database object the command rule affects (for example, a database table). |
|
|
|
|
|
|
|
Obsolete column |
|
|
|
The ID number of the command rule, which is automatically generated when the command rule is created |
|
|
|
Indicates whether the command rule is a default (that is, Oracle-supplied) command rule or a user-created command rule. Possible values are:
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.41 DVSYS.POLICY_OWNER_POLICY View
The DVSYS.POLICY_OWNER_POLICY
data dictionary view enables users who have been granted the DV_POLICY_OWNER
role to find information such as the names, descriptions, and states of existing policies in the current database instance, including policies created by other policy owners.
The columns of the DVSYS.POLICY_OWNER_POLICY
view are the same as those in DBA_DV_POLICY
. Only users who have been granted the DV_POLICY_OWNER
role can query this view.
For example:
SELECT POLICY_NAME, STATE FROM DVSYS.POLICY_OWNER_POLICY WHERE STATE != 'ENABLED';
Output similar to the following appears:
POLICY_NAME STATE ---------------------------------- -------- HR.EMPLOYEES_pol ENABLED
Related View
Parent topic: Oracle Database Vault Data Dictionary Views
25.42 DVSYS.POLICY_OWNER_REALM View
The POLICY_OWNER_REALM
data dictionary view enables users who have been granted the DV_POLICY_OWNER
role to find information about the realms that have been associated with Database Vault policies.
Examples of information that users can find include the realm name, audit options, type, whether it is inherited, and if it is enabled. Only users who have been granted the DV_POLICY_OWNER
role can query this view.
For example:
SELECT NAME, ENABLED FROM DVSYS.POLICY_OWNER_REALM;
Output similar to the following appears:
NAME ENABLED -------------------------- -------- HR.EMPLOYEES_realm S
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Names of the realms that have been associated with Database Vault policies. See DBA_DV_REALM View for a full listing of realms. |
|
|
|
Description of the realm |
|
|
|
Audit options set for the realm. See |
|
|
|
Type of realm: whether it is a regular realm or a mandatory realm. See |
|
|
|
For a multitenant environment, indicates whether the realm is local or common. Possible values are:
|
|
|
|
Shows the inheritance status of the realm, when the
COMMON column output is YES . Values are as follows:
|
|
|
|
Indicates the enablement status of the realm. Possible values are:
|
|
|
|
The ID number of the realm, which is automatically generated when the realm is created |
|
|
|
Indicates whether the realm is a default (that is, Oracle-supplied) realm or a user-created realm. Possible values are:
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.43 DVSYS.POLICY_OWNER_REALM_AUTH View
The DVSYS.POLICY_OWNER_REALM_AUTH
data dictionary view enables users who have been granted the DV_POLICY_OWNER
role to find information about the authorization that was granted to realms that have been associated with Database Vault policies.
Examples of the information that users can find are the realm name, grantee, and associated rule set. Only users who have been granted the DV_POLICY_OWNER
role can query this view.
For example:
SELECT REALM_NAME, INHERITED_REALM FROM DVSYS.POLICY_OWNER_REALM_AUTH;
Output similar to the following appears:
REALM_NAME INHERITED -------------------------- -------- HR.EMPLOYEES_realm NO
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Names of the realms that have been associated with Database Vault policies. See DBA_DV_REALM View for a full listing of realms. |
|
|
|
For a multitenant environment, indicates whether the realm is local or common. |
|
|
|
Shows the inheritance status of the realm, when the
COMMON column output is YES . Values are as follows:
|
|
|
|
User or role name to authorize as owner or participant. |
|
|
|
Rule set to check before authorizing. If the rule set evaluates to |
|
|
|
Type of realm authorization: either |
|
|
|
For a multitenant environment, indicates whether the user who is authorized for this realm is local or common. Possible values are:
|
|
|
|
Possible values are:
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.44 DVSYS.POLICY_OWNER_REALM_OBJECT View
The DVSYS.POLICY_OWNER_REALM_OBJECT
data dictionary view enables users to find information about the objects that have been added to realms that are associated with Database Vault policies, such as. Only users who have been granted the DV_POLICY_OWNER
role can query this view.
Examples of information that users can find include the realm name, grantee, and associated rule set.
For example:
SELECT REALM_NAME, OWNER, OBJECT_NAME, OBJECT_TYPE FROM DVSYS.POLICY_OWNER_REALM_OBJECT;
Output similar to the following appears:
REALM_NAME OWNER OBJECT_NAME OBJECT_TYPE ------------------ ------ ----------- ----------- HR.EMPLOYEES_realm HR EMPLOYEES TABLE
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Names of the realms that have been associated with Database Vault policies. See DBA_DV_REALM View for a full listing of realms. |
|
|
|
For a multitenant environment, indicates whether the realm is local or common. |
|
|
|
Shows the inheritance status of the realm, when the
COMMON column output is YES . Values are as follows:
|
|
|
|
Database schema owner who owns the object. |
|
|
|
Name of the object the realm protects. |
|
|
|
Type of object the realm protects, such as a database table, view, index, or role. |
Parent topic: Oracle Database Vault Data Dictionary Views
25.45 DVSYS.POLICY_OWNER_RULE View
The DVSYS.POLICY_OWNER_RULE
data dictionary view enables users who have been granted the DV_POLICY_OWNER
role to find information about the rules that have been associated with rule sets in Database Vault policies, such as the rule name and its expression. Only users who have been granted the DV_POLICY_OWNER
role can query this view.
For example:
SELECT NAME, RULE_EXPR FROM DVSYS.POLICY_OWNER_RULE WHERE NAME = 'True';
Output similar to the following appears:
NAME RULE_EXPR ---------- -------- True 1=1
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the rule. |
|
|
|
PL/SQL expression for the rule. |
|
|
|
For a multitenant environment, indicates whether the rule is local or common. Possible values are:
|
|
|
|
Shows the inheritance status of the rule, when the
COMMON column output is YES . Values are as follows:
|
|
|
|
The ID number of the rule, which is automatically generated when the rule is created |
|
|
|
Indicates whether the rule is a default (that is, Oracle-supplied) rule or a user-created rule. Possible values are:
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.46 DVSYS.POLICY_OWNER_RULE_SET View
The DVSYS.POLICY_OWNER_RULE_SET
data dictionary view enables users who have been granted the DV_POLICY_OWNER
role to find information about the rule sets that have been associated with Database Vault policies.
Examples of information that users can find include the rule set name, its handler information, and whether it is enabled. Only users who have been granted the DV_POLICY_OWNER
role can query this view.
For example:
SELECT RULE_SET_NAME, ENABLED FROM DVSYS.POLICY_OWNER_RULE_SET;
Output similar to the following appears:
RULE_SET_NAME ENABLED -------------- -------- Allow Sessions Y
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the rule set. |
|
|
|
Description of the rule set. |
|
|
|
Indicates whether the rule set has been enabled. |
|
|
|
For rules sets that contain multiple rules, determines how many rules are evaluated. Possible values are:
|
|
|
|
Indicates when auditing is used. Possible values are:
|
|
|
|
Determines when an audit record is created for the rule set. Possible values are:
|
|
|
|
Error message for failure that is associated with the fail code listed in the |
|
|
|
The error message number associated with the message listed in the |
|
|
|
Determines how error handling is used. Possible values are:
|
|
|
|
Name of the PL/SQL function or procedure that defines the custom event handler logic. |
|
|
|
Indicates how often the rule set is evaluated during a user session. Possible values are:
|
|
|
|
The ID number of the rule set, which is automatically generated when the rule set is created |
|
|
|
Indicates whether the rule set is a default (that is, Oracle-supplied) rule set or a user-created rule set. Possible values are:
|
Parent topic: Oracle Database Vault Data Dictionary Views
25.47 DVSYS.POLICY_OWNER_RULE_SET_RULE View
The DVSYS.POLICY_OWNER_RULE_SET_RULE
data dictionary view enables users who have been granted the DV_POLICY_OWNER
role to find information about the rule sets that contain rules used in Database Vault policies.
Examples of information that users can find include the rule set name and whether it is enabled. Only users who have been granted the DV_POLICY_OWNER
role can query this view.
For example:
SELECT ENABLED FROM DVSYS.POLICY_OWNER_RULE_SET_RULE WHERE RULE_SET_NAME = 'Can Maintain Own Account';
Output similar to the following appears:
ENABLED ---------- Y
Related Views
Column | Datatype | Null | Description |
---|---|---|---|
|
|
|
Name of the rule set that contains the rule. |
|
|
|
Name of the rule. |
|
|
|
PL/SQL expression that defines the rule listed in the |
|
|
Indicates whether the rule is enabled or disabled. |
|
|
|
|
The order in which rules are used within the rule set. Does not apply to this release. |
Parent topic: Oracle Database Vault Data Dictionary Views
25.48 SYS.DV$CONFIGURATION_AUDIT View
The SYS.DV$CONFIGURATION_AUDIT
view is almost the same as the DVSYS.DV$CONFIGURATION_AUDIT
view except that it captures unified audit trail Database Vault audit records.
Related Topics
Parent topic: Oracle Database Vault Data Dictionary Views
25.49 SYS.DV$ENFORCEMENT_AUDIT View
The SYS.DV$ENFORCEMENT_AUDIT
view is almost the same as the DVSYS.DV$ENFORCEMENT_AUDIT
view except that it captures unified audit trail Database Vault audit records.
Related Topics
Parent topic: Oracle Database Vault Data Dictionary Views