Index

A B C D E F G H I J L M N O P Q R S T U V W X

A

access control policy
- reports
  - Core Database Vault Audit Report 26.5.5
Access to Sensitive Objects Report 26.6.3.2
accounts
- See: database accounts
Accounts With DBA Roles Report 26.6.5.2
Accounts with SYSDBA/SYSOPER Privilege Report 26.6.3.4
ad hoc tools
- preventing use of 7.8.1
administrators
- DBA operations in Oracle Database Vault 12
ADRCI utility
- Database Vault E.1.6.3
alerts
- Enterprise Manager Cloud Control 12.3.2
ALTER ROLE statement
- monitoring 25.1
ALTER SESSION command rules 6.1.3.2, 16.7
- about 6.1.3.2
ALTER SESSION event command rules
- creating 16.3
- updating 16.11
ALTER SESSION privilege
- enabling trace files E.1.5
- reports, ALTER SYSTEM or ALTER SESSION Report 26.6.5.5
ALTER SESSION statement
- guidelines on managing privileges D.6.6.1
ALTER SYSTEM command rules
- deleting system event command rules 16.8
ALTER SYSTEM event command rules
- creating 16.4
- updating 16.12
ALTER SYSTEM or ALTER SESSION Report 26.6.5.5
ALTER SYSTEM privilege
- reports, ALTER SYSTEM or ALTER SESSION Report 26.6.5.5
ALTER SYSTEM statement
- guidelines on managing privileges D.6.6.1
ALTER USER statement
- monitoring 25.1
ANY System Privileges for Database Accounts Report 26.6.2.4
AUDIT_SYS_OPERATIONS initialization parameter 2.1
AUDIT_TRAIL$ system table
- affected by AUDIT_TRAIL initialization parameter A.3.2
- archiving A.4.2
- format A.3.2
- purging A.4.3
auditing
- about A.1
- archiving Database Vault audit trail A.4.2
  - about A.4.1
- Core Database Audit Report 26.6.8
- DBMS_MACUTL fields 20.1.1
- Oracle Database audit settings A.5
- purging Database Vault audit trail A.4.3
  - about A.4.1
- realms
  - DBMS_MACUTL fields 20.1.1
  - options 4.3
- reports 26.5
- rule sets
  - DBMS_MACUTL fields 20.1.1
  - options 5.4
- secure application roles
  - audit records 8.10
auditing policies
- about A
- audit events
  - about A.3.1
- custom events
  - audit trail A.3.2
- events that are tracked A.3.1
- monitoring changes to 25.1
audit policy change
- monitoring 25.1
AUDIT privilege 26.6.5.10
AUDIT Privileges Report 26.6.5.10
AUDSYS.DV$CONFIGURATION_AUDIT view 24.53
AUDSYS.DV$ENFORCEMENT_AUDIT view 24.54
authentication
- Authentication_Method default factor 7.2
- command rules 6.1.1
- method, finding with DVF.F$AUTHENTICATION_METHOD 17.3.2
- realm procedures 14.1
authorizations
- Oracle Data Pump activities 12.4.1
- realms 4.7
- scheduling database jobs 12.5.1
AUTHORIZE_MAINTENANCE_USER procedure 21.1.13

B

backup accounts 13.4
BECOME USER Report 26.6.5.4
BECOME USER system privilege
- about 26.6.5.4
break-glass accounts
- See: backup accounts
break-glass protocol 12.9.1

C

catalog-based roles 26.6.5.9
CDB_DV_STATUS view 24.2
CDBs
- Database Vault operations control 12.9.1
- functionality in Oracle Database Vault 1.8
- preventing local users from blocking operations 12.10.1
- realms 4.1.3
  - authorizations 4.7
- rule sets 5.2
CDBS
- PDB access by infrastructure DBAs 12.9.1
client identifiers
- function to return 17.3.10
clients
- finding IP address with DVF.F$CLIENT_IP 17.3.3
code groups
- retrieving value with DBMS_MACUTL functions 20.2
Command Rule Audit Report 26.5.2
Command Rule Configuration Issues Report 26.4.1
command rules 6.1.1, 6.3, 6.4
- See also: rule sets
- about 6.1.1
- creating 6.4
- data dictionary view 6.11
- data masking 12.14.4
- default command rules 6.2
- deleting 6.6
- editing 6.4
- functions
  - DBMS_MACUTL (utility) 20
- guidelines 6.9
- how command rules work 6.7
- modifying 6.5
- objects
  - name 6.4
  - owner 6.4
- performance effect 6.10
- procedures
  - DBMS_MACADM (configuration) 16
- process flow 6.7
- propagating configuration to other databases 12.3.1
- reports 6.11
- rule sets
  - selecting 6.4
  - used with 6.1.1
- simulation mode 10.1
- troubleshooting
  - with auditing report 26.5.2
- tutorial 6.8
- views 6.11, 24.5
- with PDBs 6.1.2
common objects, preventing local users from blocking operations
- about 12.10.1
common objects, preventing local users from blocking operations of
- procedure for 12.10.2
common objects, restricting local user access to
- DBMS_MACADM.ALLOW_COMMON_OPERATION procedure 21.1.3
- finding status of 24.44
compliance
- Oracle Database Vault addressing 1.4
computer name
- finding with DVF.F$MACHINE 17.3.17
- Machine default factor 7.2
configuration
- monitoring changes 25.1
- views
  - AUDSYS.DV$CONFIGURATION_AUDIT 24.53
  - DVSYS.DV$CONFIGURATION_AUDIT 24.41
  - DVSYS.DV$ENFORCEMENT_AUDIT 24.42
configuration and enablement
- multitenant, about 3.2.1
CONFIGURE_DV procedure
- about 21.2
- configuring and enabling Database Vault with 3.2.3, 3.2.4
configuring and enabling Oracle Database Vault 3.1
CONNECT command rules
- about 6.1.3.1
- example 6.1.3.1
CONNECT events, controlling with command rules 6.1.1
core database
- troubleshooting with Core Database Vault Audit Report 26.5.5
Core Database Audit Report 26.6.8
Core Database Vault Audit Trail Report 26.5.5
CPU_PER_SESSION resource profile 26.6.6.2
CREATE ANY JOB privilege D.6.3
CREATE ANY JOB statement
- guidelines on managing privileges D.6.3
CREATE EXTERNAL JOB privilege D.6.4
CREATE JOB privilege D.6.3
CREATE JOB statement
- guidelines on managing privileges D.6.3
CREATE ROLE statement
- monitoring 25.1
CREATE USER statement
- monitoring 25.1
CTXSYS schema realm protection 4.2.4

D

Database Account Default Password Report 26.6.7.1
database accounts
- backup DV_OWNER and DV_ACCTMGR 13.4
- configuring Database Vault accounts as enterprise users 11.1.3
- counting privileges of 26.6.4.1
- DBSNMP
  - granted DV_MONITOR role 13.2.10
- DVSYS 13.3.2
- LBACSYS 13.3.2
- monitoring 25.1
- reports
  - Accounts With DBA Roles Report 26.6.5.2
  - ALTER SYSTEM or ALTER SESSION Report 26.6.5.5
  - ANY System Privileges for Database Accounts Report 26.6.2.4
  - AUDIT Privileges Report 26.6.5.10
  - BECOME USER Report 26.6.5.4
  - Database Account Default Password Report 26.6.7.1
  - Database Account Status Report 26.6.7.2
  - Database Accounts With Catalog Roles Report 26.6.5.9
  - Direct and Indirect System Privileges By Database Account Report 26.6.2.2
  - Direct Object Privileges Report 26.6.1.3
  - Direct System Privileges By Database Account Report 26.6.2.1
  - Hierarchical System Privileges by Database Account Report 26.6.2.3
  - Object Access By PUBLIC Report 26.6.1.1
  - Object Access Not By PUBLIC Report 26.6.1.2
  - OS Security Vulnerability Privileges 26.6.5.11
  - Password History Access Report 26.6.5.6
  - Privileges Distribution By Grantee, Owner, Privilege Report 26.6.4.3
  - Privileges Distribution By Grantee, Owner Report 26.6.4.2
  - Privileges Distribution By Grantee Report 26.6.4.1
  - Roles/Accounts That Have a Given Role Report 26.6.5.8
  - Security Policy Exemption Report 26.6.5.3
  - WITH ADMIN Privilege Grants Report 26.6.5.1
  - WITH GRANT Privileges Report 26.6.5.7
- solution for lockouts B.1
- suggested 13.3.3
Database Account Status Report 26.6.7.2
Database Accounts With Catalog Roles Report 26.6.5.9
database administrative operations 12
database domains, Database_Domain default factor 7.2
database links
- function to return information about 17.3.11
database objects 13.1
- See also: objects
- Oracle Database Vault 13
- reports
  - Object Dependencies Report 26.6.1.4
database options, installing B.1
database roles
- about 13.2.1
- counting privileges of 26.6.4.1
- default Oracle Database Vault 13.2.1
- DV_ACCTMGR
  - about 13.2.4
- DV_ADMIN 13.2.5
- DV_AUDIT_CLEANUP 13.2.6
- DV_DATAPUMP_NETWORK_LINK 13.2.7
- DV_GOLDENGATE_ADMIN 13.2.8
- DV_GOLDENGATE_REDO_ACCESS 13.2.9
- DV_MONITOR 13.2.10
- DV_OWNER 13.2.11
- DV_PATCH_ADMIN 13.2.12
- DV_POLICY_OWNER 13.2.13
- DV_SECANALYST 13.2.14
- DV_XSTREAM_ADMIN 13.2.15
- enabled, determining with ROLE_IS_ENABLED 17.2.7
- granting Database Vault roles to users 13.2.3
- monitoring 25.1
- Oracle Database Vault, default 13.2.1
- reports
  - Accounts With DBA Roles Report 26.6.5.2
  - ALTER SYSTEM or ALTER SESSION Report 26.6.5.5
  - AUDIT Privileges Report 26.6.5.10
  - BECOME USER Report 26.6.5.4
  - Database Accounts With Catalog Roles Report 26.6.5.9
  - OS Security Vulnerability Privileges 26.6.5.11
  - Privileges Distribution By Grantee Report 26.6.4.1
  - Roles/Accounts That Have a Given Role Report 26.6.5.8
  - Security Policy Exemption Report 26.6.5.3
  - WITH ADMIN Privilege Grants Report 26.6.5.1
- separation of duty enforcement 2.3
databases
- defined with factors 7.1
- domain, Domain default factor 7.2
- event monitoring E.1.1
- grouped schemas
  - See realms 4.1.1
- host names, Database_Hostname default factor 7.2
- instance, retrieving information with functions 17.1
- instances
  - Database_Instance default factor 7.2
  - names, finding with DVF.F$DATABASE_INSTANCE 17.3.6
  - number, finding with DV_INSTANCE_NUM 15.2.3
- IP addresses
  - Database_IP default factor 7.2
  - retrieving with DVF.F$DATABASE_IP 17.3.7
- monitoring events E.1.1
- names
  - Database_Name default factor 7.2
  - retrieving with DV_DATABASE_NAME 15.2.4
  - retrieving with DVF.F$DATABASE_NAME 17.3.8
- parameters
  - Security Related Database Parameters Report 26.6.6.1
- roles that do not exist 26.4.7
- schema creation, finding with DVF.F$IDENTIFICATION_TYPE 17.3.14
- schema creation, Identification_Type default factor 7.2
- user name, Session_User default factor 7.2
database sessions 7.4.2
- controlling with Allow Sessions default rule set 5.3
- factor evaluation 7.7.1
- session user name, Proxy_User default factor 7.2
Database Vault
- See: Oracle Database Vault
- MACADM procedure for deleting operations exception 21.1.18
Database Vault Account Management realm 4.2.2
Database Vault command rule protections 6.1.1
Database Vault operations control
- adding users and packages to exception list, how works 12.9.2
- adding users and packages to exception list, procedure 12.9.4
- deleting users and packages from exception list 12.9.5
- disabling 12.9.6
- enabling 12.9.3
- MACADM procedure enabling operations control 21.1.24
- MACADM procedure for adding operations exception 21.1.1
- MACADM procedure for disabling operations control 21.1.19
Database Vault realm protection 4.1.1
Database Vault realm protections 4.1.1
data definition language (DDL)
- statement
  - controlling with command rules 6.1.1
Data Definition Language (DDL) statements
- Database Vault authorization
  - DBA_DV_DDL_AUTH view 24.9
  - granting 21.1.11
  - revoking 21.1.36
Data Dictionary realm
- data masking 12.14.2
data manipulation language (DML)
- statement
  - checking with DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED function 20.2
  - controlling with command rules 6.1.1
data masking
- about 12.14.1
- adding users to realms for 12.14.3
- creating command rule for 12.14.4
- errors that can appear 12.14.1
data Oracle Database Vault recognizes
- See: factors
DBA_DV_APP_EXCEPTION view 24.3
DBA_DV_CODE view 24.4
DBA_DV_COMMAND_RULE view 6.11, 24.5
DBA_DV_DATAPUMP_AUTH view 24.6
DBA_DV_DBCAPTURE_AUTH view 24.7
DBA_DV_DBREPLAY_AUTH view 24.8
DBA_DV_DDL_AUTH view 24.9
DBA_DV_DICTIONARY_ACCTS view 24.10
DBA_DV_FACTOR_LINK 24.13
DBA_DV_FACTOR_LINK view 24.13
DBA_DV_FACTOR_TYPE view 24.12
DBA_DV_FACTOR view 24.11
DBA_DV_IDENTITY_MAP view 24.15
DBA_DV_IDENTITY view 24.14
DBA_DV_JOB_AUTH view 24.16
DBA_DV_MAC_POLICY_FACTOR view 24.18
DBA_DV_MAC_POLICY view 24.17
DBA_DV_MAINTENANCE_AUTH view 24.19
DBA_DV_ORADEBUG view 24.20
DBA_DV_PATCH_ADMIN_AUDIT view 24.21
DBA_DV_POLICY_LABEL view 24.23
DBA_DV_POLICY_OBJECT view 24.24
DBA_DV_POLICY_OWNER view 24.25
DBA_DV_POLICY view 24.22
DBA_DV_PREPROCESSOR_AUTH view 24.26
DBA_DV_PROXY_AUTH view 24.27
DBA_DV_PUB_PRIVS view 24.28
DBA_DV_REALM_AUTH view 24.30
DBA_DV_REALM_OBJECT view 24.31
DBA_DV_REALM view 24.29
DBA_DV_ROLE view 24.32
DBA_DV_RULE_SET_RULE view 24.35
DBA_DV_RULE_SET view 24.34
DBA_DV_RULE view 24.33
DBA_DV_SIMULATION_LOG view 24.36
DBA_DV_STATUS view 24.37
DBA_DV_TTS_AUTH view 24.38
DBA_DV_USER_PRIVS_ALL view 24.40
DBA_DV_USER_PRIVS view 24.39
DBA_USERS_WITH_DEFPWD data dictionary view
- access to in Oracle Database Vault 2.4
DBA role
- impact of Oracle Database Vault installation 2.4
DBMS_FILE_TRANSFER package, guidelines on managing D.6.2.1
DBMS_MACADM.ADD_APP_EXCEPTION procedure 21.1.1
DBMS_MACADM.ADD_AUTH_TO_REALM procedure 14.1
DBMS_MACADM.ADD_CMD_RULE_TO_POLICY procedure 22.1, 22.5
DBMS_MACADM.ADD_FACTOR_LINK procedure 17.1.1
DBMS_MACADM.ADD_NLS_DATA
- procedure C.1
DBMS_MACADM.ADD_NLS_DATA procedure 21.1.2
DBMS_MACADM.ADD_OBJECT_TO_REALM procedure 14.2
DBMS_MACADM.ADD_OWNER_TO_POLICY procedure 22.2
DBMS_MACADM.ADD_POLICY_FACTOR procedure 17.1.2
DBMS_MACADM.ADD_REALM_TO_POLICY procedure 22.3
DBMS_MACADM.ADD_RULE_TO_RULE_SET procedure 15.1.1
DBMS_MACADM.ALLOW_COMMON_OPERATION procedure 21.1.3
DBMS_MACADM.AUTH_DATAPUMP_CREATE_USER procedure 21.1.5
DBMS_MACADM.AUTH_DATAPUMP_GRANT_ROLE procedure 21.1.6
DBMS_MACADM.AUTH_DATAPUMP_GRANT_SYSPRIV procedure 21.1.7
DBMS_MACADM.AUTH_DATAPUMP_GRANT procedure 21.1.4
DBMS_MACADM.AUTHORIZE_DATAPUMP_USER procedure 21.1.8, 21.1.33
DBMS_MACADM.AUTHORIZE_DBCAPTURE procedure 21.1.9
DBMS_MACADM.AUTHORIZE_DBREPLAY procedure 21.1.10
DBMS_MACADM.AUTHORIZE_DDL procedure 21.1.11
DBMS_MACADM.AUTHORIZE_DIAGNOSTIC_ADMIN procedure 21.1.12
DBMS_MACADM.AUTHORIZE_PREPROCESSOR procedure 21.1.14
DBMS_MACADM.AUTHORIZE_PROXY_USER procedure 21.1.15
DBMS_MACADM.AUTHORIZE_SCHEDULER_USER procedure 21.1.16
DBMS_MACADM.AUTHORIZE_TTS_USER procedure 21.1.17
DBMS_MACADM.CHANGE_IDENTITY_FACTOR procedure 17.1.3
DBMS_MACADM.CHANGE_IDENTITY_VALUE procedure 17.1.4
DBMS_MACADM.CREATE_COMMAND_RULE procedure 16.1
DBMS_MACADM.CREATE_CONNECT_COMMAND_RULE procedure 16.2
DBMS_MACADM.CREATE_DOMAIN_IDENTITY procedure 17.1.5
DBMS_MACADM.CREATE_FACTOR_TYPE procedure 17.1.7
DBMS_MACADM.CREATE_FACTOR procedure 17.1.6
DBMS_MACADM.CREATE_IDENTITY_MAP procedure 17.1.9
DBMS_MACADM.CREATE_IDENTITY procedure 17.1.8
DBMS_MACADM.CREATE_MAC_POLICY procedure 19.1
DBMS_MACADM.CREATE_POLICY_LABEL procedure 19.2
DBMS_MACADM.CREATE_POLICY procedure 22.4
DBMS_MACADM.CREATE_REALM procedure 14.3
DBMS_MACADM.CREATE_ROLE procedure 18.1.1
DBMS_MACADM.CREATE_RULE_SET procedure 15.1.3
DBMS_MACADM.CREATE_RULE procedure 15.1.2
DBMS_MACADM.CREATE_SESSION_EVENT_CMD_RULE procedure 16.3
DBMS_MACADM.CREATE_SYSTEM_EVENT_CMD_RULE procedure 16.4
DBMS_MACADM.DELETE_APP_EXCEPTION procedure 21.1.18
DBMS_MACADM.DELETE_AUTH_FROM_REALM procedure 14.4
DBMS_MACADM.DELETE_COMMAND_RULE procedure 16.5
DBMS_MACADM.DELETE_CONNECT_COMMAND_RULE procedure 16.6
DBMS_MACADM.DELETE_FACTOR_LINK procedure 17.1.11
DBMS_MACADM.DELETE_FACTOR_TYPE procedure 17.1.12
DBMS_MACADM.DELETE_FACTOR procedure 17.1.10
DBMS_MACADM.DELETE_IDENTITY_MAP procedure 17.1.14
DBMS_MACADM.DELETE_IDENTITY procedure 17.1.13
DBMS_MACADM.DELETE_MAC_POLICY_CASCADE procedure 19.3
DBMS_MACADM.DELETE_OBJECT_FROM_REALM procedure 14.5
DBMS_MACADM.DELETE_OWNER_FROM_POLICY procedure 22.6
DBMS_MACADM.DELETE_POLICY_FACTOR procedure 19.4
DBMS_MACADM.DELETE_POLICY_LABEL procedure 19.5
DBMS_MACADM.DELETE_REALM_CASCADE procedure 14.7
DBMS_MACADM.DELETE_REALM_FROM_POLICY procedure 22.7
DBMS_MACADM.DELETE_REALM procedure 14.6
DBMS_MACADM.DELETE_ROLE procedure 18.1.2
DBMS_MACADM.DELETE_RULE_FROM_RULE_SET procedure 15.1.5
DBMS_MACADM.DELETE_RULE_SET procedure 15.1.6
DBMS_MACADM.DELETE_RULE procedure 15.1.4
DBMS_MACADM.DELETE_SESSION_EVENT_CMD_RULE procedure 16.7
DBMS_MACADM.DELETE_SYSTEM_EVENT_CMD_RULE procedure 16.8
DBMS_MACADM.DISABLE_APP_PROTECTION procedure 21.1.19
DBMS_MACADM.DISABLE_DV_DICTIONARY_ACCTS procedure 21.1.21
DBMS_MACADM.DISABLE_DV_PATCH_ADMIN_AUDIT procedure 21.1.22
DBMS_MACADM.DISABLE_DV procedure 21.1.20
DBMS_MACADM.DISABLE_ORADEBUG procedure 21.1.23
DBMS_MACADM.DROP_DOMAIN_IDENTITY procedure 17.1.15
DBMS_MACADM.DROP_POLICY procedure 22.8
DBMS_MACADM.ENABLE_DV_DICTIONARY_ACCTS procedure 21.1.26
DBMS_MACADM.ENABLE_DV procedure
- about 21.1.25
- configuring and enabling Database Vault with 3.2.2, 3.2.3, 3.2.4
DBMS_MACADM.ENABLE_ORADEBUG procedure 21.1.28
DBMS_MACADM.ENSABLE_DV_PATCH_ADMIN_AUDIT procedure 21.1.27
DBMS_MACADM.GET_INSTANCE_INFO function 17.1.17
DBMS_MACADM.GET_SESSION_INFO function 17.1.16
DBMS_MACADM.RENAME_FACTOR_TYPE procedure 17.1.19
DBMS_MACADM.RENAME_FACTOR procedure 17.1.18
DBMS_MACADM.RENAME_POLICY procedure 22.9
DBMS_MACADM.RENAME_REALM procedure 14.8
DBMS_MACADM.RENAME_ROLE procedure 18.1.3
DBMS_MACADM.RENAME_RULE_SET procedure 15.1.8
DBMS_MACADM.RENAME_RULE procedure 15.1.7
DBMS_MACADM.UNAUTH_DATAPUMP_CREATE_USER procedure 21.1.29
DBMS_MACADM.UNAUTH_DATAPUMP_GRANT_ROLE procedure 21.1.31
DBMS_MACADM.UNAUTH_DATAPUMP_GRANT_SYSPRIV procedure 21.1.32
DBMS_MACADM.UNAUTH_DATAPUMP_GRANT procedure 21.1.30
DBMS_MACADM.UNAUTHORIZE_DBCAPTURE procedure 21.1.34
DBMS_MACADM.UNAUTHORIZE_DBREPLAY procedure 21.1.35
DBMS_MACADM.UNAUTHORIZE_DDL procedure 21.1.36
DBMS_MACADM.UNAUTHORIZE_DIAGNOSTIC_ADMIN procedure 21.1.37
DBMS_MACADM.UNAUTHORIZE_PREPROCESSOR procedure 21.1.39
DBMS_MACADM.UNAUTHORIZE_PROXY_USER procedure 21.1.40
DBMS_MACADM.UNAUTHORIZE_SCHEDULER_USER procedure 21.1.41
DBMS_MACADM.UNAUTHORIZE_TTS_USER procedure 21.1.42
DBMS_MACADM.UPDATE_COMMAND_RULE procedure 16.9
DBMS_MACADM.UPDATE_CONNECT_COMMAND_RULE procedure 16.10
DBMS_MACADM.UPDATE_FACTOR_TYPE procedure 17.1.21
DBMS_MACADM.UPDATE_FACTOR procedure 17.1.20
DBMS_MACADM.UPDATE_IDENTITY procedure 17.1.22
DBMS_MACADM.UPDATE_MAC_POLICY procedure 19.6
DBMS_MACADM.UPDATE_POLICY_DESCRIPTION procedure 22.10
DBMS_MACADM.UPDATE_POLICY_STATE procedure 22.11
DBMS_MACADM.UPDATE_REALM_AUTH procedure 14.10
DBMS_MACADM.UPDATE_REALM procedure 14.9
DBMS_MACADM.UPDATE_ROLE procedure 18.1.4
DBMS_MACADM.UPDATE_RULE_SET procedure 15.1.10
DBMS_MACADM.UPDATE_RULE procedure 15.1.9
DBMS_MACADM.UPDATE_SESSION_EVENT_CMD_RULE procedure 16.11
DBMS_MACADM.UPDATE_SYSTEM_EVENT_CMD_RULE procedure 16.12
DBMS_MACADM package
- about 23.1
- command rule procedures, listed 16
- factor procedures, listed 17.1
- Oracle Label Security policy procedures, listed 19
- realm procedures, listed 14
- rule set procedures, listed 15.1
- secure application role procedures, listed 18.1
DBMS_MACADM PL/SQL package contents 23.1
DBMS_MACSEC_ROLES.CAN_SET_ROLE function 18.2.1
DBMS_MACSEC_ROLES.SET_ROLE procedure 18.2.2
DBMS_MACSEC_ROLES package
- about 18.2
- functions, listed 18.2
DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED procedure 20.2.1
DBMS_MACUTL.GET_CODE_VALUE function 20.2.2
DBMS_MACUTL.GET_DAY function 20.2.6
DBMS_MACUTL.GET_HOUR function 20.2.5
DBMS_MACUTL.GET_MINUTE function 20.2.4
DBMS_MACUTL.GET_MONTH function 20.2.7
DBMS_MACUTL.GET_SECOND function 20.2.3
DBMS_MACUTL.GET_YEAR function 20.2.8
DBMS_MACUTL.IS_ALPHA function 20.2.9
DBMS_MACUTL.IS_DIGIT function 20.2.10
DBMS_MACUTL.IS_DVSYS_OWNER function 20.2.11
DBMS_MACUTL.IS_OLS_INSTALLED_VARCHAR function 20.2.13
DBMS_MACUTL.IS_OLS_INSTALLED function 20.2.12
DBMS_MACUTL.ROLE_GRANTED_ENABLED_VARCHAR function 20.2.14
DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function 20.2.15
DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function 20.2.17
DBMS_MACUTL.USER_HAS_ROLE function 20.2.16
DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function 20.2.18
DBMS_MACUTL package
- about 20
- constants (fields)
  - examples 20.1.2
  - listed 20.1.1
- procedures and functions, listed 20.2
DBMS_MACUTL PL/SQL package contents 23.3
DBSNMP schema realm protection 4.2.3
DBSNMP user account
- granted DV_MONITOR role 13.2.10
DDL operations
- DV_PATCH_ADMIN impact 12.2.2
- performing in Oracle Database Vault 12.2
- removal of default ('%', '%') 12.2.4
- restrictions 12.2.1
- upgrades impact 12.2.3
deinstallation B
DELETE_CATALOG_ROLE role 26.6.5.9
deleting event command rules 16.7
Denial of Service (DoS) attacks
- reports
  - System Resource Limits Report 26.6.6.3
  - Tablespace Quotas Report 26.6.9.6
diagnostic view and table queries
- MACADM procedure for authorization 21.1.12
- MACADM procedure for revoking authorization 21.1.37
Direct and Indirect System Privileges By Database Account Report 26.6.2.2
Direct Object Privileges Report 26.6.1.3
direct system privileges 26.6.2.3
Direct System Privileges By Database Account Report 26.6.2.1
disabling system features with Disabled default rule set 5.3
domains
- defined with factors 7.1
- finding database domain with DVF.F$DATABASE_DOMAIN 17.3.4
- finding with DVF.F$DOMAIN 17.3.9
DROP ROLE statement
- monitoring 25.1
DROP USER statement
- monitoring 25.1
dual key connection, dual key security
- See: two-person integrity (TPI)
DV_ACCTMGR role E.4.2
- about 13.2.4
- backup account 13.4
- creating profile to protect user granted this role 3.2.6
- Database Vault disabled 13.2.4
- GRANT and REVOKE operations affected by 13.2.4
- privileges associated with 13.2.4
- realm protection 4.2.2
- system privileges of 13.2.2
DV_ADMIN role
- about 13.2.5
- changing password for user granted DV_ADMIN 13.2.5
- Database Vault disabled 13.2.5, 13.2.11
- GRANT and REVOKE operations affected by 13.2.5
- privileges associated with 13.2.5
DV_AUDIT_CLEANUP role
- about 13.2.6
- Database Vault disabled 13.2.6, 13.2.10, 13.2.14
- GRANT and REVOKE operations affected by 13.2.6
- privileges associated with 13.2.6
- system privileges of 13.2.2
DV_DATAPUMP_NETWORK_LINK role
- about 13.2.7
- Database Vault disabled 13.2.7
- GRANT and REVOKE operations affected by 13.2.7
- privileges associated with 13.2.7
DV_GOLDENDATE_REDO role
- privileges associated with 13.2.9
DV_GOLDENDGATE_ADMIN role
- Database Vault disabled 13.2.8
DV_GOLDENGATE_ADMIN role 13.2.8
- GRANT and REVOKE operations affected by 13.2.8
- privileges associated with 13.2.8
DV_GOLDENGATE_REDO_ACCESS role 13.2.9
- Database Vault disabled 13.2.9
- GRANT and REVOKE operations affected by 13.2.9
DV_MONITOR role
- about 13.2.10
- Database Vault disabled 13.2.10
- GRANT and REVOKE operations affected by 13.2.10
- privileges associated with 13.2.10
- system privileges of 13.2.2
DV_OWNER role E.4.1
- about 13.2.11
- backup account 13.4
- changing password for user granted DV_OWNER 13.2.11
- creating profile to protect user granted this role 3.2.6
- Database Vault disabled 13.2.11
- GRANT and REVOKE operations affected by 13.2.11
- privileges associated with 13.2.11
- system privileges of 13.2.2
DV_PATCH_ADMIN role 13.2.12
- Database Vault disabled 13.2.12
- DDL operations impact 12.2.2
- GRANT and REVOKE operations affected by 13.2.12
- privileges associated with 13.2.12
- SYS user 12.17
DV_POLICY_OWNER role
- about 13.2.13
- GRANT and REVOKE operations affected by 13.2.13
- privileges associated with 13.2.13
- system privileges of 13.2.2
DV_SECANALYST role
- about 13.2.14
- Database Vault disabled 13.2.14
- GRANT and REVOKE operations affected by 13.2.14
- privileges associated with 13.2.14
- system privileges of 13.2.2
DV_XSTREAM_ADMIN role 13.2.15
- Database Vault disabled 13.2.15
- GRANT and REVOKE operations affected by 13.2.15
- privileges associated with 13.2.15
DVF account
- auditing policy A.5
- database accounts 13.3.2
DVF PL/SQL interface contents 23.5
DVF schema 17.3
- about 13.1.2
- auditing policy A.5
- DBA_DV_DICTIONARY_ACCTS view 24.10
- PDBs 13.1.2
- protecting 21.1.21
- realm protection 4.2.1
DVSYS.DBA_DV_COMMON_OPERATION_STATUS view 24.44
DVSYS.DBA_DV_FACTOR_LINK view 24.13
DVSYS.DV$CONFIGURATION_AUDIT view 24.41
DVSYS.DV$ENFORCEMENT_AUDIT view 24.42
DVSYS.DV$REALM view 24.43
DVSYS.POLICY_OWNER_POLICY view 24.46
DVSYS.POLICY_OWNER_REALM_AUTH view 24.48
DVSYS.POLICY_OWNER_REALM_OBJECT view 24.49
DVSYS.POLICY_OWNER_REALM view 24.47
DVSYS.POLICY_OWNER_RULE_SET_RULE view 24.52
DVSYS.POLICY_OWNER_RULE_SET view 24.51
DVSYS.POLICY_OWNER_RULE view 24.50
DVSYS account 13.3.2
DVSYS schema
- about 13.1.1
- auditing policy A.5
- CDBs 1.8
- DBA_DV_DICTIONARY_ACCTS view 24.10
- DV_OWNER role 13.2.11
- DV_POLICY_OWNER role 13.2.13
- PDBs 13.1.1, 13.2.1
- protecting 21.1.21
- realm protection 4.2.1

E

ENABLE_APP_PROTECTION procedure 21.1.24
enabling system features with Enabled default rule set 5.3
encrypted information 26.6.9.5
enterprise identities, Enterprise_Identity default factor 7.2
Enterprise Manager
- See: Oracle Enterprise Manager
enterprise user security
- configuring Database Vault accounts for 11.1.3
Enterprise User Security, integrating with Oracle Database Vault
- configuring 11.1.2
event handler
- rule sets 5.4
example 6.1.3.2
examples 7.7.4
- See also: tutorials
- DBMS_MACUTL constants 20.1.2
- realms 4.12
- separation of duty matrix D.1.3
- trace files E.1.7, E.1.8, E.1.9
EXECUTE_CATALOG_ROLE role 26.6.5.9
- impact of Oracle Database Vault installation 2.4
Execute Privileges to Strong SYS Packages Report 26.6.3.1
EXEMPT ACCESS POLICY system privilege 26.6.5.3
exporting data
- See: Oracle Data Pump

F

Factor Audit Report 26.5.3
Factor Configuration Issues Report 26.4.4
factor identities
- modifying 7.4.7
factors
- about 7.1
- assignment
  - disabled rule set 26.4.4
  - incomplete rule set 26.4.4
- assignment operation 26.5.3
- audit events, custom A.3.1
- child factors
  - Factor Configuration Issues Report 26.4.4
  - mapping 7.4.6.1
- creating 7.3
- data dictionary views 7.11
- DBA_DV_FACTOR view 24.11
- DBA_DV_SIMULATION_LOG view 24.36
- DBMS_MACUTL constants, example of 20.1.4
- default factors 7.2
- deleting 7.6
- domain, finding with DVF.F$DOMAIN 17.3.9
- evaluation operation 26.5.3
- factor-identity pair mapping 7.4.6.2
- functionality 7.7
- functions
  - DBMS_MACUTL (utility) 20
  - DBMS_MACUTL constants (fields) 20.1.1
- guidelines 7.9
- identifying using child factors 7.4.6.1
- identities
  - about 7.4.1, 7.4.2
  - adding to factor 7.4
  - configuring 7.4.5
  - creating 7.4.5
  - database session 7.4.2
  - data dictionary views 7.11
  - deleting 7.4.8
  - enterprise-wide users 17.3.9
  - how factor identities work 7.4.2
  - mapping, about 7.4.6.1
  - mapping, procedure 7.4.6.2
  - reports 7.11
  - setting dynamically 17.2.2
  - trust levels 7.4.2, 7.4.5
  - with Oracle Label Security 7.4.2
- identity maps, deleting 7.4.6.3
- initialization, command rules 6.1.1
- invalid audit options 26.4.4
- label 26.4.4
- modifying 7.5
- Oracle Virtual Private Database, attaching factors to 11.3
- performance effect 7.10
- procedures
  - DBMS_MACADM (configuration) 17.1
- process flow 7.7
- reports 7.11
- retrieving 7.7.3
- retrieving with GET_FACTOR 17.2.3
- setting 7.7.4
- setting with SET_FACTOR 17.2.2
- troubleshooting
  - auditing report 26.5.3
  - configuration problems E.3
  - tips E.2
- values (identities) 7.1
- views
  - DBA_DV_FACTOR_LINK 24.13
  - DBA_DV_FACTOR_TYPE 24.12
  - DBA_DV_IDENTITY 24.14
  - DBA_DV_IDENTITY_MAP 24.15
  - DBA_DV_MAC_POLICY_FACTOR 24.18
- ways to assign 7.4.2
Factor Without Identities Report 26.4.5
FLASHBACK TABLE SQL statement 4.1.1
functions
- command rules
  - DBMS_MACUTL (utility) 20
- DVSYS schema enabling 17.2
- factors
  - DBMS_MACUTL (utility) 20
- Oracle Label Security policy
  - DBMS_MACADM (configuration) 19
- realms
  - DBMS_MACUTL (utility) 20
- rule sets
  - DBMS_MACADM (configuration) 15.1
  - DBMS_MACUTL (utility) 20
  - PL/SQL functions for inspecting SQL 15.2
- secure application roles
  - DBMS_MACADM (configuration) 18.1
  - DBMS_MACSEC_ROLES (configuration) 18.2
  - DBMS_MACUTL (utility) 20

G

general security reports 26.6
GRANT statement
- monitoring 25.1
guidelines
- ALTER SESSION privilege D.6.6.1
- ALTER SYSTEM privilege D.6.6.1
- backup DV_OWNER and DV_ACCTMGR accounts 13.4
- command rules 6.9
- CREATE ANY JOB privilege D.6.3
- CREATE EXTERNAL JOB privilege D.6.4
- CREATE JOB privilege D.6.3
- DBMS_FILE_TRANSFER package D.6.2.1
- factors 7.9
- general security D
- LogMiner packages D.6.5
- operating system access D.2.4
- Oracle software owner D.4.2
- performance effect 7.10
- realms 4.14
- root access D.2.4
- root user access D.4.1
- rule sets 5.10
- secure application roles 8.2
- SYSDBA access D.4.3
- SYSDBA privilege, limiting D.2.3
- SYSOPER access D.4.4
- SYSTEM schema and application tables D.2.2
- SYSTEM user account D.2.1
- trusted accounts and roles D.3
- using Database Vault in a production environment D.5
- UTL_FILE package D.6.2.1

H

hackers
- See: security attacks
Hierarchical System Privileges by Database Account Report 26.6.2.3
host names
- finding with DVF.F$DATABASE_HOSTNAME 17.3.5

I

identities
- See: factors, identities
Identity Configuration Issues Report 26.4.6
IDLE_TIME resource profile 26.6.6.2
IMP_FULL_DATABASE role
- impact of Oracle Database Vault installation 2.4
importing data
- See: Oracle Data Pump
incomplete rule set 26.4.4
- role enablement 26.4.7
Information Lifecycle Management 4.1.1
- authorizations, about 12.6.1
- granting users authorization for 12.6.2
- revoking authorization from users 12.6.3
initialization parameters
- Allow System Parameters default rule set 5.3
- modified after installation 2.1
- modified by Oracle Database Vault 2.1
- reports 26.6.6
insider threats
- See: intruders
installations
- Database Vault and Label Security in a multitenant environment 3.2.7
- security considerations D.6
intruders
- See: security attacks
- compromising privileged accounts 1.5
IP addresses
- Client_IP default factor 7.2
- defined with factors 7.1

J

Java Policy Grants Report 26.6.9.1
jobs, scheduling
- See: Oracle Scheduler

L

labels 7.4.4
- See also: Oracle Label Security
- about 7.4.4
Label Security Integration Audit Report 26.5.4
languages
- adding to Oracle Database Vault C.1
- finding with DVF.F$LANG 17.3.15
- finding with DVF.F$LANGUAGE 17.3.16
- name
  - Lang default factor 7.2
  - Language default factor 7.2
LBACSYS account 13.3.2
- See also: Oracle Label Security
- about 13.3.2
- auditing policy A.5
LBACSYS schema
- auditing policy A.5
- realm protection 4.2.1
locked out accounts, solution for B.1
log files
- Database Vault log files A.3.2
logging on
- reports, Core Database Audit Report 26.6.8
LogMiner packages
- guidelines D.6.5

M

managing user accounts and profiles
- Can Maintain Accounts/Profiles default rule set 5.3
managing user accounts and profiles on own account, Can Maintain Own Accounts default rule set 5.3
mandatory realms
- about 4.1.2
mapping identities 7.4.6.2
MDDATA schema realm protection 4.2.4
MDSYS schema realm protection 4.2.4
modules
- function to return information about 17.3.12
monitoring
- activities 25
multitenant container databases
- See: CDBs

N

naming conventions
- realms 4.3
- rules 5.5.3
- rule sets 5.4
network protocol
- finding with DVF.F$NETWORK_PROTOCOL 17.3.18
network protocol, Network_Protocol default factor 7.2
NOAUDIT statement
- monitoring 25.1
Non-Owner Object Trigger Report 26.6.9.7
nonsystem database accounts 26.6.1.3

O

Object Access By PUBLIC Report 26.6.1.1
Object Access Not By PUBLIC Report 26.6.1.2
Object Dependencies Report 26.6.1.4
object owners
- nonexistent 26.4.1
- reports
  - Command Rule Configuration Issues Report 26.4.1
object privilege reports 26.6.1
objects 24.31
- See also: database objects
- command rule objects
  - name 6.4
  - owner 6.4
  - processing 6.7
- dynamic SQL use 26.6.9.3
- mandatory realms 4.1.2
- monitoring 25.1
- object names
  - finding with DV_DICT_OBJ_NAME 15.2.7
- object owners
  - finding with DV_DICT_OBJ_OWNER 15.2.6
- realms
  - object name 4.3
  - object owner 4.3
  - object type 4.3
  - procedures for registering 14.2
- reports
  - Access to Sensitive Objects Report 26.6.3.2
  - Accounts with SYSDBA/SYSOPER Privilege Report 26.6.3.4
  - Direct Object Privileges Report 26.6.1.3
  - Execute Privileges to Strong SYS Packages Report 26.6.3.1
  - Non-Owner Object Trigger Report 26.6.9.7
  - Object Access By PUBLIC Report 26.6.1.1
  - Object Access Not By PUBLIC Report 26.6.1.2
  - Object Dependencies Report 26.6.1.4
  - Objects Dependent on Dynamic SQL Report 26.6.9.3
  - OS Directory Objects Report 26.6.9.2
  - privilege 26.6.1
  - Public Execute Privilege To SYS PL/SQL Procedures Report 26.6.3.3
  - sensitive 26.6.3
  - System Privileges By Privilege Report 26.6.2.5
- restricting user access to using mandatory realms 4.1.2
- types
  - finding with DV_DICT_OBJ_TYPE 15.2.5
- views, DBA_DV_REALM_OBJECT 24.31
Objects Dependent on Dynamic SQL Report 26.6.9.3
object types
- supported for Database Vault realm protection 4.1.4
OEM
- See: Oracle Enterprise Manager (OEM)
OEM_MONITOR schema realm protection 4.2.3
OLS
- See: Oracle Label Security
operating system access
- guideline for using with Database Vault D.2.4
operating systems
- reports
  - OS Directory Objects Report 26.6.9.2
  - OS Security Vulnerability Privileges Report 26.6.5.11
- vulnerabilities 26.6.5.11
ORA_DV_AUDPOL2 predefined unified audit policy A.1
ORA_DV_AUDPOL predefined unified audit policy A.1
ORA-00942 error 8.8.7
ORA-01301 error 12.14.1
ORA-06512 error 20.2.1
ORA-47305 error 8.8.7
ORA-47400 error 12.14.1
ORA-47401 error 4.10.2.1, 12.14.1
ORA-47408 error 12.14.1
ORA-47409 error 12.14.1
ORA-47500 error 21.2
ORA-47503 error 3.2.3, 3.2.4
ORA-47920 error 20.2.1
Oracle APEX, integrating with Oracle Database Vault 11.7
- about 11.7.1
- authorizing APEX schema 11.7.3
- authorizing Oracle Scheduler 11.7.4
- DDL tasks 11.7.5
- installing or upgrading Oracle APEX 11.7.2
- maintenance tasks 11.7.6
- protected objects 11.7.8
- proxy users for ORDS 11.7.7
- troubleshooting 11.7.9
Oracle Database Replay
- authorizations, about 12.7.1
- Database Vault authorization
  - granting for workload captures 21.1.9
  - granting for workload replays 21.1.10
  - revoking for workload captures 21.1.34
  - revoking for workload replays 21.1.35
- granting users authorization for workload capture operations 12.7.2.1
- granting users authorization for workload replay operations 12.7.2.2
- revoking workload capture authorization from users 12.7.3.1
- revoking workload replay authorization from users 12.7.3.2
Oracle Database Vault
- about 1.1.1
- components 1.3, 1.3.1
- configuring and enabling
  - using DBCA 3.1
- disabling
  - procedures for B
  - reasons for B.1
- enabling
  - procedures for B
- integrating with other Oracle products 11
- Oracle Database installation, affect on 2
- post-installation procedures C
- privileges to use 1.2
- reinstalling C.3
- roles
  - system privileges of 13.2.2
- uninstalling C.2
Oracle Database Vault accounts
- created during registration 13.3.1
Oracle Database Vault Administrator (DVA)
- logging on from Oracle Enterprise Manager Cloud Control 3.4
Oracle Database Vault Administrator pages 1.3.5
Oracle Database Vault configuration and enablement
- common users to manage specific PDBs 3.2.3
- common user to manage CDB root 3.2.2
- local users to manage specific PDBs 3.2.4
Oracle Database Vault configuring and enabling
- about 3.1
Oracle Database Vault operations control
- about 12.9.1
Oracle Database Vault policies
- about 9.1.1
- creating 9.3
- data dictionary views 9.6
- default 9.2
- deleting 9.5
- in multitenant environment 9.1.2
- modifying 9.4
Oracle Database Vault realm 4.2.1
Oracle Database Vault registration
- creating profile to protect DV_OWNER and DV_ACCTMGR users 3.2.6
- verifying configuration and enablement 3.3
Oracle Data Guard
- disabaling Oracle Database Vault 11.5.4
- how auditing is affected after intergration with Database Vault 11.5.3
- integrating Database Vault with 11.5
Oracle Data Pump
- archiving the Oracle Database Vault audit trail with A.4.2
- authorizing transportable tablespace operations for Database Vault 12.4.3.3
- DBA_DV_DATAPUMP_AUTH view 24.6
- DBA_DV_TTS_AUTH view 24.38
- DBMS_MACADM.AUTH_DATAPUMP_CREATE_USER procedure 21.1.5
- DBMS_MACADM.AUTH_DATAPUMP_GRANT_ROLE procedure 21.1.6
- DBMS_MACADM.AUTH_DATAPUMP_GRANT_SYSPRIV procedure 21.1.7
- DBMS_MACADM.AUTH_DATAPUMP_GRANT procedure 21.1.4
- DBMS_MACADM.AUTHORIZE_TTS_USER 21.1.17
- DBMS_MACADM.UNAUTH_DATAPUMP_CREATE_USER procedure 21.1.29
- DBMS_MACADM.UNAUTH_DATAPUMP_GRANT_ROLE procedure 21.1.31
- DBMS_MACADM.UNAUTH_DATAPUMP_GRANT_SYSPRIV procedure 21.1.32
- DBMS_MACADM.UNAUTH_DATAPUMP_GRANT procedure 21.1.30
- DBMS_MACADM.UNAUTHORIZE_TTS_USER 21.1.42
- granting authorization to use with Database Vault 12.4.2.3
- guidelines before performing an export or import 12.4.4
- levels of authorization required
  - Oracle Data Pump only 12.4.2.2
  - transportable tablespaces 12.4.3.2
- MACADM procedure for authorization 21.1.8
- realm protection 4.2.5
- revoking standard authorization 12.4.2.4
- revoking transportable tablespace authorization 12.4.3.4
- using with Oracle Database Vault 12.4.1
Oracle Default Component Protection Realm 4.2.6
Oracle Default Schema Protection Realm 4.2.4
Oracle Enterprise Manager
- DBSNMP account
  - granted DV_MONITOR role 13.2.10
- using Oracle Database Vault with 12.3
Oracle Enterprise Manager Cloud Control
- monitoring Database Vault for attempted violations 13.2.10
- propagating Database Vault configurations to other databases 12.3.1
- starting Oracle Database Vault from 3.4
Oracle Enterprise Manager realm 4.2.3
Oracle Enterprise User Security, integrating with Oracle Database Vault 11.1
Oracle Flashback Technology 4.1.1, 6.1.1
Oracle GoldenGate
- Database Vault role used for
  - DV_GOLDENGATE_ADMIN 13.2.8
  - DV_GOLDENGATE_REDO_ACCESS 13.2.9
- in an Oracle Database Vault environment 12.13
Oracle Internet Directory, registering with DBCA 11.6
Oracle Internet Directory Distinguished Name, Proxy_Enterprise_Identity default factor 7.2
Oracle Label Security
- using OLS_LABEL_DOMINATES function in rule expressions 15.1.2
Oracle Label Security (OLS) 13.3.2
- See also: LBACSYS account
- audit events, custom A.3.1
- checking if installed using DBMS_MACUTL functions 20.2
- data dictionary views 11.4.5
- functions
  - DBMS_MACUTL (utility) 20.1.1
- how Database Vault integrates with 11.4.1
- initialization, command rules 6.1.1
- integration with Oracle Database Vault
  - example 11.4.4.1
  - Label Security Integration Audit Report 26.5.4
  - procedure 11.4.3.1
  - requirements 11.4.2
- labels
  - about 7.4.4
  - determining with GET_FACTOR_LABEL 17.2.4
  - invalid label identities 26.4.6
- policies
  - accounts that bypass 26.6.5.3
  - monitoring policy changes 25.1
  - nonexistent 26.4.4
- procedures
  - DBMS_MACADM (configuration) 19
- reports 11.4.5
- views
  - DBA_DV_MAC_POLICY 24.17
  - DBA_DV_MAC_POLICY_FACTOR 24.18
  - DBA_DV_POLICY_LABEL 24.23
Oracle OLAP realm protection 4.2.4
Oracle Real Application Clusters
- configuring and enabling Database Vault on Oracle RAC nodes 3.2.5
- multiple factor identities 7.4.2
- uninstalling Oracle Database Vault from C.2
Oracle Recovery Manager (RMAN)
- in an Oracle Database Vault environment 12.11
Oracle Scheduler
- DBA_DV_JOB_AUTH view 24.16
- granting Oracle Database Vault authorization 12.5.2
- realm protection 4.2.5
- revoking Oracle Database Vault authorization 12.5.3
- SCHEDULER_ADMIN role, impact of Oracle Database Vault installation 2.4
- using with Oracle Database Vault 12.5.1
Oracle software owner, guidelines on managing D.4.2
Oracle Spatial realm protection 4.2.4
Oracle System Privilege and Role Management Realm 4.2.5
Oracle Text realm protection 4.2.4
Oracle Virtual Private Database (VPD)
- accounts that bypass 26.6.5.3
- factors, attaching to 11.3
- GRANT EXECUTE privileges with Grant VPD Administration default rule set 5.3
- using Database Vault factors with Oracle Label Security 11.4.4.1
ORADEBUG utility
- about 12.16
- DBA_DV_ORADEBUG view 24.20
- PL/SQL procedure for disabling in Database Vault 21.1.23
- PL/SQL procedure for enabling in Database Vault 21.1.28
- using with Database Vault 12.16
OS_ROLES initialization parameter 2.1
OS Directory Objects Report 26.6.9.2
OS Security Vulnerability Privileges Report 26.6.5.11
OUTLN schema realm protection 4.2.6

P

parameters
- modified after installation 2.1
- reports
  - Security Related Database Parameters Report 26.6.6.1
Password History Access Report 26.6.5.6
passwords
- forgotten, solution for B.1
- reports 26.6.7
  - Database Account Default Password Report 26.6.7.1
  - Password History Access Report 26.6.5.6
  - Username/Password Tables Report 26.6.9.5
- resetting for DV_ACCTMGR user E.4.2
- resetting for DV_OWNER user E.4.1
patches
- auditing DV_PATCH_ADMIN user 13.2.12
- DBMS_MACADM.DISABLE_DV_PATCH_ADMIN_AUDIT procedure 21.1.22
- DBMS_MACADM.ENSABLE_DV_PATCH_ADMIN_AUDIT procedure 21.1.27
- DV_PATCH_ADMIN requirement for 13.2.12
- security consideration D.6
- two-person integrity used for 5.9.1
patch operations in Database Vault environment 12.17
PDBs
- command rules in 6.1.2
- disabling tracing
  - all database sessions E.1.10.3
  - current database session E.1.10.3
- DVF schema 13.1.2
- DVSYS schema 13.1.1, 13.2.1
- enabling tracing
  - all database sessions E.1.5.3
  - current database session E.1.5.1
- plugging Database Vault-enabled PDB to CDB 12.15
performance effect
- command rules 6.10
- realms 4.15
- reports
  - Resource Profiles Report 26.6.6.2
  - System Resource Limits Report 26.6.6.3
- rule sets 5.11
- secure application roles 8.9
- static evaluation for rule sets 5.11
performance tools
- Automatic Workload Repository (AWR)
  - command rules 6.10
  - factors 7.10
  - Oracle Enterprise Manager
    - performance tools 4.15
  - performance tools
    - Cloud Control, realms 4.15
    - Oracle Enterprise Manager
      - realms 4.15
  - realms 4.15
  - rule sets 5.11
  - secure application roles 8.9
- Oracle Enterprise Manager
  - command rules 6.10
  - factors 7.10
  - performance tools
    - Oracle Enterprise Manager Cloud Control
      - command rules 6.10
  - rule sets 5.11
  - secure application roles 8.9
- Oracle Enterprise Manager Cloud Control
  - factors 7.10
  - rule sets 5.11
  - secure application roles 8.9
- TKPROF utility
  - command rules 6.10
  - factors 7.10
  - realms 4.15
  - rule sets 5.11
  - secure application roles 8.9
PL/SQL
- packages
  - unwrapped bodies 26.6.9.4
  - Unwrapped PL/SQL Package Bodies Report 26.6.9.4
PL/SQL factor functions 17.3
pluggable databases
- See: PDBs
policies
- See: Oracle Database Vault policies
POLICY_OWNER_COMMAND_RULE view 24.45
policy changes, monitoring 25.1
post-installation procedures C
preprocessor programs
- about executing in Database Vault environment 12.8.1
- authorizing users in Database Vault environment 12.8.2
- Database Vault authorization
  - granting 21.1.14
  - revoking 21.1.39
- revoking authorization from Database Vault users 12.8.3
privileges
- checking with DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function 20.2
- existing users and roles, Database Vault affect on 2.4
- least privilege principle
  - violations to 26.6.9.1
- monitoring
  - GRANT statement 25.1
  - REVOKE statement 25.1
- Oracle Database Vault restricting 2.2
- prevented from existing users and roles 2.5
- reports
  - Accounts With DBA Roles Report 26.6.5.2
  - ALTER SYSTEM or ALTER SESSION Report 26.6.5.5
  - ANY System Privileges for Database Accounts Report 26.6.2.4
  - AUDIT Privileges Report 26.6.5.10
  - Database Accounts With Catalog Roles Report 26.6.5.9
  - Direct and Indirect System Privileges By Database Account Report 26.6.2.2
  - Direct System Privileges By Database Account Report 26.6.2.1
  - Hierarchical System Privileges By Database Account Report 26.6.2.3
  - listed 26.6.4
  - OS Directory Objects Report 26.6.9.2
  - Privileges Distribution By Grantee, Owner, Privilege Report 26.6.4.3
  - Privileges Distribution By Grantee, Owner Report 26.6.4.2
  - Privileges Distribution By Grantee Report 26.6.4.1
  - WITH GRANT Privileges Report 26.6.5.7
- restricting access using mandatory realms 4.1.2
- roles
  - checking with DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function 20.2
- system
  - checking with DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function 20.2
- views
  - DBA_DV_PUB_PRIVS 24.28
  - DBA_DV_USER_PRIVS 24.39
  - DBA_DV_USER_PRIVS_ALL 24.40
Privileges Distribution By Grantee, Owner, Privilege Report 26.6.4.3
Privileges Distribution By Grantee, Owner Report 26.6.4.2
Privileges Distribution By Grantee Report 26.6.4.1
privileges using external password 26.6.3.4
problems, diagnosing E.1.1
procedures
- command rules
  - .DBMS_MACADM (configuration) 16
- factors
  - DBMS_MACADM (configuration) 17.1
- realms
  - DBMS_MACADM (configuration) 14
production environments
- guidelines for securing D.5
profiles 26.6.6
proxy user authorization
- Database Vault authorization
  - DBA_DV_PROXY_AUTH view 24.27
  - granting 21.1.15
  - revoking 21.1.40
proxy users
- function to return name of 17.3.20
PUBLIC access to realms 4.9
Public Execute Privilege To SYS PL/SQL Procedures Report 26.6.3.3
PUBLIC user account
- impact of Oracle Database Vault installation 2.4

Q

quotas
- tablespace 26.6.9.6

R

Realm Audit Report 26.5.1
Realm Authorization Configuration Issues Report 26.4.3
realm authorizations:multitenant environment 4.7
realms 4.3
- See also: rule sets
- about 4.1.1
- adding roles to as grantees 4.14
- audit events, custom A.3.1
- authentication-related procedures 14.1
- authorization
  - enabling access to realm-protected objects 4.11
  - how realm authorizations work 4.10
  - process flow 4.10
  - troubleshooting E.2
- authorizations
  - grantee 4.3
  - rule set 4.3
- authorizations in multitenant environment 4.8
- creating 4.3
- creating names 4.3
- Database Vault Account Management realm 4.2.2
- data dictionary views 4.16
- data masking 12.14.3
- DBMS_MACUTL constants, example of 20.1.2
- default realms
  - listed 4.2
- deleting 4.5
- effect on other Oracle Database Vault components 4.13
- enabling access to realm-protected objects 4.11
- example 4.12
- functions
  - DBMS_MACUTL (utility) 20
  - DBMS_MACUTL constants (fields) 20.1.1
- guidelines 4.14
- how realms work 4.9
- mandatory realms 4.1.2
- modifying 4.4
- multitenant environment
  - about 4.1.3
- naming conventions 4.3
- object-related procedures 14.2
- object types, supported 4.1.4
- Oracle Database Vault realm 4.2.1
- Oracle Default Component Protection Realm 4.2.6
- Oracle Default Schema Protection Realm 4.2.4
- Oracle Enterprise Manager realm 4.2.3
- Oracle System Privilege and Role Management Realm 4.2.5
- performance effect 4.15
- procedures
  - DBMS_MACADM (configuration) 14
- process flow 4.9
- propagating configuration to other databases 12.3.1
- protection after object is dropped 4.14
- PUBLIC access 4.9
- realm authorizations
  - about 4.7
- realm secured objects
  - object name 4.3
  - object owner 4.3
  - object type 4.3
- realm-secured objects 4.6
- reports 4.16
- secured object 26.4.3
- simulation mode 10.1
- territory a realm protects 4.6
- troubleshooting E.2, E.3
- tutorial 3.5.1
- views
  - DBA_DV_CODE 24.4
  - DBA_DV_MAINTENANCE_AUTH 24.19
  - DBA_DV_POLICY 24.22
  - DBA_DV_POLICY_OBJECT 24.24
  - DBA_DV_POLICY_OWNER 24.25
  - DBA_DV_REALM 24.29
  - DBA_DV_REALM_OBJECT 24.31
  - DBS_DV_REALM_AUTH 24.30
  - DVSYS.POLICY_OWNER_COMMAND_RULE 24.45
  - DVSYS.POLICY_OWNER_POLICY 24.46
  - DVSYS.POLICY_OWNER_REALM 24.47
  - DVSYS.POLICY_OWNER_REALM_AUTH 24.48
  - DVSYS.POLICY_OWNER_REALM_OBJECT 24.49
  - DVSYS.POLICY_OWNER_RULE 24.50
  - DVSYS.POLICY_OWNER_RULE_SET 24.51
  - DVSYS.POLICY_OWNER_RULE_SET_RULE 24.52
recovering lost password E.4.1, E.4.2
RECOVERY_CATALOG_OWNER role 26.6.5.9
RECYCLEBIN initialization parameter
- default setting in Oracle Database Vault 2.1
reinstalling Oracle Database Vault C.3
REMOTE_LOGIN_PASSWORDFILE initialization parameter 2.1
reports
- about 26.1
- Access to Sensitive Objects Report 26.6.3.2
- Accounts With DBA Roles Report 26.6.5.2
- Accounts with SYSDBA/SYSOPER Privilege Report 26.6.3.4
- ALTER SYSTEM or ALTER SESSION Report 26.6.5.5
- ANY System Privileges for Database Accounts Report 26.6.2.4
- auditing 26.5
- AUDIT Privileges Report 26.6.5.10
- BECOME USER Report 26.6.5.4
- categories of 26.1
- Command Rule Audit Report 26.5.2
- Command Rule Configuration Issues Report 26.4.1
- Core Database Audit Report 26.6.8
- Core Database Vault Audit Trail Report 26.5.5
- Database Account Default Password Report 26.6.7.1
- Database Account Status Report 26.6.7.2
- Database Accounts With Catalog Roles Report 26.6.5.9
- Direct and Indirect System Privileges By Database Account Report 26.6.2.2
- Direct Object Privileges Report 26.6.1.3
- Direct System Privileges By Database Account Report 26.6.2.1
- Enterprise Manager Cloud Control 12.3.3
- Execute Privileges to Strong SYS Packages Report 26.6.3.1
- Factor Audit Report 26.5.3
- Factor Configuration Issues Report 26.4.4
- Factor Without Identities 26.4.5
- general security 26.6
- Hierarchical System Privileges by Database Account Report 26.6.2.3
- Identity Configuration Issues Report 26.4.6
- Java Policy Grants Report 26.6.9.1
- Label Security Integration Audit Report 26.5.4
- Non-Owner Object Trigger Report 26.6.9.7
- Object Access By PUBLIC Report 26.6.1.1
- Object Access Not By PUBLIC Report 26.6.1.2
- Object Dependencies Report 26.6.1.4
- Objects Dependent on Dynamic SQL Report 26.6.9.3
- OS Directory Objects Report 26.6.9.2
- OS Security Vulnerability Privileges 26.6.5.11
- Password History Access Report 26.6.5.6
- permissions for running 26.2
- privilege management 26.6.4
- Privileges Distribution By Grantee, Owner, Privilege Report 26.6.4.3
- Privileges Distribution By Grantee, Owner Report 26.6.4.2
- Privileges Distribution By Grantee Report 26.6.4.1
- Public Execute Privilege To SYS PL/SQL Procedures Report 26.6.3.3
- Realm Audit Report 26.5.1
- Realm Authorization Configuration Issues Report 26.4.3
- Resource Profiles Report 26.6.6.2
- Roles/Accounts That Have a Given Role Report 26.6.5.8
- Rule Set Configuration Issues Report 26.4.2
- running 26.3
- Secure Application Configuration Issues Report 26.4.7
- Secure Application Role Audit Report 26.5.6
- Security Policy Exemption Report 26.6.5.3
- Security Related Database Parameters 26.6.6.1
- security vulnerability 26.6.9
- System Privileges By Privilege Report 26.6.2.5
- System Resource Limits Report 26.6.6.3
- Tablespace Quotas Report 26.6.9.6
- Unwrapped PL/SQL Package Bodies Report 26.6.9.4
- Username /Password Tables Report 26.6.9.5
- WITH ADMIN Privileges Grants Report 26.6.5.1
- WITH GRANT Privileges Report 26.6.5.7
Resource Profiles Report 26.6.6.2
resources
- reports
  - Resource Profiles Report 26.6.6.2
  - System Resource Limits Report 26.6.6.3
REVOKE statement
- monitoring 25.1
roles 8.1
- See also: secure application roles
- adding to realms as grantees 4.14
- catalog-based 26.6.5.9
- Database Vault default roles 13.2.1
- handling protected roles for named users 12.1.3
- identifying roles not protected by a realm 12.1.2
- identifying roles protected by a realm 12.1.1
- identifying roles protected by realm with SYS authorization 12.1.4
- privileges, checking with DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function 20.2
- role-based system privileges 26.6.2.3
- role enablement in incomplete rule set 26.4.7
Roles/Accounts That Have a Given Role Report 26.6.5.8
root access
- guideline for using with Database Vault D.2.4
- guidelines on managing D.4.1
rules 5.5.1
- See also: rule sets
- about 5.5.1
- creating 5.5.3
- creating names 5.5.3
- data dictionary views 5.13
- default 5.5.2
- default, no longer supported 5.12
- deleting 5.5.6
- deleting from rule set 5.5.6
- existing rules, adding to rule set 5.5.4
- modifying 5.5.5
- naming conventions 5.5.3
- nested within a rule set 5.8.2
- removing from rule set 5.5.6
- reports 5.13
- troubleshooting E.2
- views
  - DBA_DV_RULE 24.33
  - DBA_DV_RULE_SET_RULE 24.35
Rule Set Configuration Issues Report 26.4.2
rule sets 5.1
- See also: command rules, factors, realms, rules, secure application roles
- about 5.1
- adding existing rules 5.5.4
- auditing
  - intruders
    - using rule sets 5.4
- audit options 5.4
- command rules
  - disabled 26.4.1
  - selecting for 6.4
  - used with 6.1.1
- creating 5.4
  - rules in 5.5.3
- creating names 5.4
- data dictionary views 5.13
- DBMS_MACUTL constants, example of 20.1.3
- default, no longer supported 5.12
- default rules 5.5.2
- default rule sets 5.3
- deleting 5.7
  - rules from 5.5.6
- disabled for
  - factor assignment 26.4.4
  - realm authorization 26.4.3
- evaluation of rules 5.5.1
- event handlers 5.4
- events firing, finding with DV_SYSEVENT 15.2.1
- fail code 5.4
- fail message 5.4
- functions
  - DBMS_MACADM (configuration) 15.1
  - DBMS_MACUTL (utility) 20
  - DBMS_MACUTL constants (fields) 20.1.1
  - PL/SQL functions for rule sets 15.2
- guidelines 5.10
- how rule sets work 5.8.1
- incomplete 26.4.1
- modifying 5.6
- multitenant environment
  - about 5.2
- naming conventions 5.4
- nested rules 5.8.2
- performance effect 5.11
- procedures
  - DBMS_MACADM (configuration) 15.1
- process flow 5.8.1
- propagating configuration to other databases 12.3.1
- reports 5.13
- rule sets
  - evaluation options 5.4
- rules that exclude one user 5.8.3
- security attacks
  - tracking
    - with rule set auditing 5.4
- static evaluation 5.10
- troubleshooting E.2, E.3
- views
  - DBA_DV_RULE 24.33
  - DBA_DV_RULE_SET 24.34
  - DBA_DV_RULE_SET_RULE 24.35
rules sets
- audit event, custom A.3.1

S

SCHEDULER_ADMIN role
- impact of Oracle Database Vault installation 2.4
scheduling database jobs
- CREATE EXTERNAL JOB privilege security consideration D.6.4
scheduling jobs
- See: Oracle Scheduler
schemas
- DVF 13.1.2
- DVSYS 13.1.1
Secure Application Configuration Issues Report 26.4.7
secure application role 8.1
Secure Application Role Audit Report 26.5.6
secure application roles 8.1
- See also: roles, rule sets
- audit event, custom A.3.1
- creating 8.3
- data dictionary view 8.10
- DBMS_MACSEC_ROLES.SET_ROLE function 8.3
- deleting 8.6
- enabling Oracle Database roles to work with Oracle Database Vault 8.4
- functionality 8.7
- functions
  - DBMS_MACADM (configuration) 18.1
  - DBMS_MACSEC_ROLES (configuration) 18.2
  - DBMS_MACSEC_ROLES package 18.2
  - DBMS_MACUTL (utility) 20
  - DBMS_MACUTL constants (fields) 20.1.1
- guidelines on managing 8.2
- modifying 8.5
- performance effect 8.9
- procedure
  - DBMS_MACADM (configuration) 18.1
- procedures and functions
  - DBMS_MACUTL (utility) 20.2
- propagating configuration to other databases 12.3.1
- reports 8.10
  - Rule Set Configuration Issues Report 26.4.2
- troubleshooting E.3
- troubleshooting with auditing report 26.5.6
- tutorial 8.8.1
- views
  - DBA_DV_ROLE 24.32
security attacks
- Denial of Service (DoS) attacks
  - finding system resource limits 26.6.6.3
- Denial of Service attacks
  - finding tablespace quotas 26.6.9.6
- eliminating audit trail 26.6.5.10
- monitoring security violations 25.1
- Oracle Database Vault addressing compromised privileged user accounts 1.5
- reports
  - AUDIT Privileges Report 26.6.5.10
  - Objects Dependent on Dynamic SQL Report 26.6.9.3
  - Privileges Distribution By Grantee, Owner Report 26.6.4.2
  - Unwrapped PL/SQL Package Bodies Report 26.6.9.4
- SQL injection attacks 26.6.9.3
security policies, Oracle Database Vault addressing 1.6
Security Policy Exemption Report 26.6.5.3
Security Related Database Parameters Report 26.6.6.1
security violations
- monitoring attempts 25.1
security vulnerabilities
- how Database Vault addresses 1.7
- operating systems 26.6.5.11
- reports 26.6.9
  - Security Related Database Parameters Report 26.6.6.1
- root operating system directory 26.6.9.2
SELECT_CATALOG_ROLE role 26.6.5.9
sensitive objects reports 26.6.3
separation of duty concept
- about D.1.1
- command rules 6.2
- database accounts, suggested 13.3.3
- database roles 2.3
- documenting tasks D.1.4
- example matrix D.1.3
- how Oracle Database Vault addresses 2.3
- realms 1.7
- restricting privileges 2.2
- roles 13.2.1
- tasks in Oracle Database Vault environment D.1.2
session event command rule
- updating 16.11
session event command rules
- creating for events 16.3
- deleting 16.7
sessions
- audit events, custom A.3.1
- DBMS_MACUTL fields 20.1.1
- finding session user with DVF.F$SESSION_USER 17.3.21
- retrieving information with functions 17.1
simulation mode
- about 10.1
- use cases 10.2
simulation mode, realms
- considerations 10.3.1
- use cases
  - adding authorized users to a realm 10.3.6
  - adding new objects to a realm 10.3.4
  - all in simulation mode 10.3.2
  - new realms introduced to existing realms 10.3.3
  - removing authorized users from a realm 10.3.7
  - removing objects from a realm 10.3.5
  - testing new changes to an existing command rule 10.3.9
  - testing new factors with realms 10.3.8
SQL92_SECURITY initialization parameter 2.1
SQL injection attacks, detecting with Object Dependent on Dynamic SQL Report 26.6.9.3
SQL statements
- default command rules that protect 6.2
SQL statements protected by 6.3
SQL text, finding with DV_SQL_TEXT 15.2.8
subfactors
- See: child factors under factors topic
SYSDBA access
- guidelines on managing D.4.3
SYSDBA privilege
- limiting, importance of D.2.3
SYSOPER access
- guidelines on managing D.4.4
system event command rule
- updating 16.12
system event command rules
- creating 16.4
- deleting 16.8
system features
- disabling with Disabled rule set 5.3
- enabling with Enabled rule set 5.3
system privileges
- checking with DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function 20.2
- Oracle Database Vault roles 13.2.2
- reports
  - System Privileges By Privileges Report 26.6.2.5
System Privileges By Privilege Report 26.6.2.5
System Resource Limits Report 26.6.6.3
system root access, guideline on managing D.4.1
SYSTEM schema
- application tables in D.2.2
- realm protection 4.2.6
SYSTEM user account
- guidelines for using with Database Vault D.2.1
SYS user, patch operations 12.17
SYS user account
- adding to realm authorization 4.14
- protecting unified audit trail from A.2

T

tablespace quotas 26.6.9.6
Tablespace Quotas Report 26.6.9.6
time data
- DBMS_MACUTL functions 20.2
trace files
- about E.1.1
trace files, Oracle Database Vault
- about E.1.1
- activities that can be traced E.1.2
- ADRCI utility E.1.6.3
- directory location for trace files E.1.6.1
- disabling for all sessions E.1.10.2
- disabling for current session E.1.10.1
- enabling for all sessions E.1.5.2
- enabling for current session E.1.5.1
- examples
  - highest level on realm violations E.1.9
  - high level authorization E.1.8
  - low level realm violations E.1.7
- finding trace file directory E.1.6.1
- levels of trace events E.1.3
- performance effect E.1.4
- querying
  - ADRCI utility E.1.6.3
  - Linux grep command E.1.6.2
traisimulationning mode
- tutorial 10.4
Transparent Data Encryption, used with Oracle Database Vault 11.2
transportable tablespaces
- authorizing for Oracle Data Pump operations in Database Vault 12.4.3.3
- DBA_DV_TTS_AUTH view 24.38
- DBMS_MACADM.AUTHORIZE_TTS_USER procedure 21.1.17
- DBMS_MACADM.UNAUTHORIZE_TTS_USER procedure 21.1.42
triggers
- different from object owner account 26.6.9.7
- reports, Non-Owner Object Trigger Report 26.6.9.7
troubleshooting
- access security sessions 26.5.5
- auditing reports, using 26.5
- factors E.2
- general diagnostic tips E.2
- locked out accounts B.1
- passwords, forgotten B.1
- realms E.2
- rules E.2
- rule sets E.2
- secure application roles 26.5.6
trusted users
- accounts and roles that should be limited D.4
- default for Oracle Database Vault D.3
trust levels
- about 7.4.3
- determining for identities with GET_TRUST_LEVEL_FOR_IDENTITY 17.2.6
- determining with GET_TRUST_LEVEL 17.2.5
- factor identity 7.4.3
- factors 7.4.5
- for factor and identity requested 17.2.6
- identities 7.4.2
- of current session identity 17.2.5
tutorials 7.7.4
- See also: examples
- access, granting with secure application roles 8.8.1
- ad hoc tool access, preventing 7.8.1
- configuring two-person integrity (TPI) 5.9.1
- Database Vault factors with Virtual Private Database and Oracle Label Security 11.4.4.1
- Oracle Label Security integration with Oracle Database Vault 11.4.4.1
- restricting user activities with command rules 6.8
- schema, protecting with a realm 3.5.1
- simulation mode 10.4
two-man rule security
- See: two-person integrity (TPI)
two-person integrity (TPI)
- about 5.9.1
- configuring with a rule set 5.9.1

U

UNAUTHORIZE_MAINTENANCE_USER procedure 21.1.38
unified auditing
- in Oracle Database Vault A.1
- predefined audit policies A.1
unified audit trail
- how it works with Database Vault A.1
- protecting with a realm A.2
uninstalling Oracle Database Vault C.2
Unwrapped PL/SQL Package Bodies Report 26.6.9.4
upgrades
- DDL operations impact 12.2.3
USER_HISTORY$ table 26.6.5.6
user authorization
- Database Vault authorization for ILM
  - granting 21.1.13
  - revoking 21.1.38
- Database Vault authorization for Information Lifecycle Management
  - granting 21.1.13
  - revoking 21.1.38
Username/Password Tables Report 26.6.9.5
user names
- reports, Username/Password Tables Report 26.6.9.5
users
- enterprise identities, finding with DVF.F$PROXY_ENTERPRISE_IDENTITY 17.3.19
- enterprise-wide identities, finding with DVF.F$ENTERPRISE_IDENTITY 17.3.13
- finding session user with DVF.F$SESSION_USER 17.3.21
- login user name, finding with DV_LOGIN_USER 15.2.2
utility functions
- See: .DBMS_MACUTL package
UTL_FILE object 26.6.1.4
UTL_FILE package, guidelines on managing D.6.2.1

V

views 24.1
- See also: names beginning with DVSYS.DBA_DV
- AUDSYS.DV$CONFIGURATION_AUDIT 24.53
- AUDSYS.DV$ENFORCEMENT_AUDIT 24.54
- CDB_DV_STATUS 24.2
- DBA_DV_APP_EXCEPTION 24.3
- DBA_DV_CODE 24.4
- DBA_DV_COMMAND_RULE 24.5
- DBA_DV_DATAPUMP_AUTH 24.6
- DBA_DV_DBCAPTURE_AUTH 24.7
- DBA_DV_DBREPLAY_AUTH 24.8
- DBA_DV_DDL_AUTH 24.9
- DBA_DV_DICTIONARY_ACCTS 24.10
- DBA_DV_FACTOR 24.11
- DBA_DV_FACTOR_TYPE 24.12
- DBA_DV_IDENTITY 24.14
- DBA_DV_IDENTITY_MAP 24.15
- DBA_DV_JOB_AUTH 24.16
- DBA_DV_MAINTENANCE_AUTH 24.19
- DBA_DV_ORADEBUG 24.20
- DBA_DV_PATCH_ADMIN_AUDIT 24.21
- DBA_DV_POLICY 24.22
- DBA_DV_POLICY_LABEL 24.23
- DBA_DV_POLICY_OBJECT 24.24
- DBA_DV_POLICY_OWNER 24.25
- DBA_DV_PREPROCESSOR_AUTH 24.26
- DBA_DV_PROXY_AUTH 24.27
- DBA_DV_PUB_PRIVS 24.28
- DBA_DV_REALM 24.29
- DBA_DV_REALM_AUTH 24.30
- DBA_DV_REALM_OBJECT 24.31
- DBA_DV_ROLE 24.32
- DBA_DV_RULE_SET 24.34
- DBA_DV_RULE_SET_RULE 24.35
- DBA_DV_SIMULATION_LOG 24.36
- DBA_DV_STATUS 24.37
- DBA_DV_TTS_AUTH 24.38
- DBA_DV_USER_PRIVS 24.39
- DBA_DV_USER_PRIVS_ALL 24.40
- DVSYS.DBA_DV_COMMON_OPERATION_STATUS 24.44
- DVSYS.DV$CONFIGURATION_AUDIT 24.41
- DVSYS.DV$ENFORCEMENT_AUDIT 24.42
- DVSYS.DV$REALM 24.43
- DVSYS.POLICY_OWNER_COMMAND_RULE 24.45
- DVSYS.POLICY_OWNER_POLICY 24.46
- DVSYS.POLICY_OWNER_REALM 24.47
- DVSYS.POLICY_OWNER_REALM_AUTH 24.48
- DVSYS.POLICY_OWNER_REALM_OBJECT 24.49
- DVSYS.POLICY_OWNER_RULE 24.50
- DVSYS.POLICY_OWNER_RULE_SET 24.51
- DVSYS.POLICY_OWNER_RULE_SET_RULE 24.52
VPD
- See: Oracle Virtual Private Database (VPD)

W

WITH ADMIN Privileges Grants Report 26.6.5.1
WITH ADMIN status 26.6.2.1, 26.6.2.2
WITH GRANT clause 26.6.5.7
WITH GRANT Privileges Report 26.6.5.7

X

XStream
- Database Vault role used for 13.2.15
- in an Oracle Database Vault environment 12.12