This preface contains:
Changes in Oracle Database Vault 19c
The following are changes in Oracle Database Vault Administrator's Guide for Oracle Database 19c.
Command Rule Support for Unified Audit Policies
You now can create Oracle Database Vault command rules for unified audit policies.
You can now use command rules to enable and disable individual unified audit policies. This enhancement provides fine-grain control over how each policy is managed, instead of having to manage all the unified audit policies in the same way through a single command rule. For example, an HR auditor can have control over his or her HR unified audit policy, but not the CRM unified audit policy. This new feature extends the
NOAUDIT use for command rules, but when you specify unified audit policy for the command rule, you must specify
AUDIT POLICY or
Database Vault Operations Control for Infrastructure Database Administrators
In a multitenant database, you now can use Oracle Database Vault to block common users (infrastructure DBAs, for example) from accessing local data in pluggable databases (PDBs) in autonomous, regular Cloud, or on-premises environments.
This enhancement prevents common users from accessing local data that resides on a PDB. It enables you to store sensitive data for your business applications and allow operations to manage the database infrastructure without having to access sensitive customer data.
Privilege Analysis Documentation Moved to Oracle Database Security Guide
The documentation for privilege analysis has moved from Oracle Database Vault Administrator’s Guide to Oracle Database Security Guide.
See Oracle Database Licensing Information User Manual for privilege analysis licensing information.
Changes in Oracle Database Vault 18c
The following are changes in Oracle Database Vault Administrator's Guide for Oracle Database 18c.
Enhancements to Oracle Database Vault Simulation Mode
Oracle Database Vault has had a number of changes to simulation mode for this release.
Simulation mode now captures all mandatory realm violations from a SQL statement.
Simulation mode can capture the full call stack information.
The default trusted path context factors are now available as separate columns instead of being concatenated together.
Capturing all mandatory realm violations from a SQL statement enables you to see all changes that you may need to make. Otherwise, the first mandatory realm violation may mask other violations that would not be noticed until the original fix is completed and another regression test is run. This enhancement enables faster regression test and application certification.
Seeing the full call stack helps you to identify the original SQL statement that has the violation. In many cases, similar SQL statements are called by different parts of the application. This feature helps an application developer to quickly identify exactly which application code triggered the violation.
Context factors are used to build trusted paths for realms and command rules. There are some commonly used factors for trusted paths, so these were extracted from the single string representation in the last release into their own columns. This enhancement makes it much easier to identify the factors to use in trusted path rule sets.
New Factor Functions
Starting with this release, four new factor functions are available.
The factor functions are as follows:
Ability to Grant Data Pump-Database Vault Authorizations to Roles
Starting with this release, you can authorize roles to perform Oracle Data Pump operations in an Oracle Database Vault environment.
In previous releases, you only could grant this authorization to individual users. This enhancement enables administrators to easily manage users through roles for this type of authorization.
Oracle Database Vault Support for Oracle Database Replay
In this release, you now can perform Oracle Database Replay operations in an Oracle Database Vault environment.
The following functionality supports this feature:
Data dictionary views: