access control entry (ACE)
An entry in the access control list that grants or denies access to a given principal. One or more ACEs are listed within an access control list (ACL), in which the ordering of the ACEs is relevant.
access control list (ACL)
A list of access control entries that determines which principals have access to a given resource or resources. In Oracle Database Real Application Security, you use ACLs to define user privileges.
A privilege that contains other privileges. When an aggregate privilege has been granted or denied, then all of its child privileges are granted or denied as well.
A role that can only be granted to a application user or to another application role.
A user session that contains information pertinent only to the application. Unlike traditional "heavyweight" database sessions, an application session does not hold its own database resources such as transactions and cursors.
A user account that does not own a schema and can create a application session through the middle tier to the database.
An access control list that has been associated with a dynamic data realm constraint.
dynamic application role
A role that is enabled only under certain conditions, for example, when a user has logged on using SSL, or during a specified period.
dynamic data realm constraint
The mechanism by which user access to an applications functionality is controlled. For example, for Oracle Database Real Application Security, use the
checkPrivilege() method to check the privilege on the ACL for a row to determine if a specific privilege on one or more given ACLs is associated with that row. See About the Check Privilege API for more information.
globally unique identifier (GUID)
The external ID that applications can use to manage the user's session information. This identifier is not guaranteed to be unique across all tiers, but the number of unique keys that comprises it is so large that the chances of it being duplicated are small. See also unique identifier (UID).
A traditional database role.
A traditional database user account that owns a schema.
A container consisting of attribute-value pairs that reflects the state of the application session.
A single relational table row that is part of an data realm. It is identified by its primary key value.
A hashed version of a clear text password, which is then encoded as a BASE64 encoded string.
A named collection of privileges that can be associated with an ACL.
An access control list that has been associated with a static data realm constraint.
static data realm constraint
unique identifier (UID)
A unique internal identifier that Oracle Database uses to track the user or role. It is used to manage the user's session information across the database enterprise. See also globally unique identifier (GUID).