Index

A  C  D  E  F  G  I  J  M  N  O  P  R  S  T  U  V  W  X  

---

A

• access control entry (ACE)
  • about 1.2.5
  • definition 4.3.1
• access control lists (ACL)
  • about 1.2.6
  • directories
    • trace files, using to resolve predicate errors 5.4.3
  • dynamic data realm constraints
    • about 5.4.2
    • ACL evaluation order 5.6.3
  • evaluation order 5.6.3
  • static data realm constraints
    • ACL evaluation order 5.6.3
  • static data realms
    • about 5.4.2
  • user-managed
    • example 5.6.2
• ACE
  • definition 4.3.1
  • evaluation order 4.3.9
• acl
  • troubleshooting D.2.4
• ACL
  • adding ACE 4.3.4
  • binding 4.5
  • changing security class 4.3.4
  • constraining inheritance 4.3.10.2
  • create 4.3.2
  • extending inheritance 4.3.10.1
  • identifiers
    • master-detail tables, retrieving ACL identifiers for 10.4
  • inheritance 4.3.10
    • constraining 4.3.10.2
    • extending 4.3.10.1
  • inheritance|ACL
    • changing parent ACL 4.3.4
  • multilevel authentication 4.3.6
  • removing ACL 4.3.4
  • scope
    • definition 4.2.3
• ACLS
  • See: access control lists
• ACLs and ACEs
  • about 4.3.1
  • creating 4.3.2
• aggregate privilege
  • about 1.2.3
  • benefits 1.2.3
  • definition 4.1.1
• ALL_XDS_ACL_REFRESH view 9.54
• ALL_XDS_ACL_REFSTAT view 9.55
• ALL_XDS_LATEST_ACL_REFSTAT view 9.56
• ALL_XS_ACES view 9.29
• ALL_XS_ACL_PARAMETERS view 9.41
• ALL_XS_ACLS view 9.26
• ALL_XS_APPLIED_POLICIES view 9.46
• ALL_XS_COLUMN_CONSTRAINTS view 9.44
• ALL_XS_IMPLIED_PRIVILEGES view 9.16
• ALL_XS_INHERITED_REALMS view 9.38
• ALL_XS_POLICIES view 9.32
• ALL_XS_PRIVILEGES view 9.13
• ALL_XS_REALM_CONSTRAINTS view 9.35
• ALL_XS_SECURITY_CLASS_DEP view 9.23
• ALL_XS_SECURITY_CLASSES view 9.20
• ALL grant 4.1.1.1
• ALL privilege 4.1.1.1
• anonymous user 7.1
• application integration
  • support for external users and roles 7.1
• application privileges
  • about 1.2.3
  • granting to principles 2.4
• application roles
  • about 1.2.2, 2.2.1
  • creating dynamic role 2.2.2.2, 2.2.3.2
  • creating regular role 2.2.2.1, 2.2.3.1
  • granting database role to an application role 2.4.3
  • granting to another application role 2.4.2
  • granting to existing application user 2.4.1.2
  • granting to new application user 2.4.1.1
  • using effective dates 2.3
  • validating 2.2.3.3
• application sessions
  • about 3.1
  • advantages 3.1.2
  • attaching 3.2.3
  • cookies, setting for 3.2.4
  • creating 3.1.1, 3.2.1, 11.1.4.1
  • creating anonymous application session 3.2.2
  • database session
    • attaching to 11.1.4.2
    • detaching from 11.1.4.18
  • destroying 11.1.4.19
  • event handling 3.2.8
  • global callback events, using 3.2.8
  • namespace
    • creating 11.1.4.5
    • deleting 11.1.4.11
  • namespaces
    • attributes, getting 3.3.4
    • attributes, setting 3.3.3
    • attribute values, getting 11.1.4.8
    • attribute values, setting 11.1.4.7
    • deleting 3.3.6
  • roles
    • disabling for specified session 11.1.4.13
    • enabling for specified session 11.1.4.12
  • roles, disabling from session 3.3.8
  • roles, enabling for session 3.3.7
  • saving 11.1.4.17
  • security context, setting 11.1.4.4
  • session cookie
    • setting 11.1.4.14
  • session state manipulating 3.3
  • switch user 11.1.4.4
  • troubleshooting D.2.1
  • users, assigning to 3.2.5
  • users, creating namespace templates 3.3.1.3
  • users, custom attributes 3.3.5
  • users, destroying 3.2.11
  • users, detaching from 3.2.10
  • users, initializing namespaces 3.3.2.1, 3.3.2.2, 3.3.2.3, 3.3.2.4
  • users, initializing namespaces explicitly 3.3.2.5
  • users, switching to 3.2.6
• application sessions in the database
  • architecture figure 3.1.1
• application user roles
  • application sessions, disabling from 3.3.8
  • application sessions, enabling for 3.3.7
  • disabling for specified session 11.1.4.13
  • enabling for specified session 11.1.4.12
• application users
  • about 1.2.2, 2.1.1
  • application sessions, assigning to 3.2.5
  • application sessions, creating namespace templates 3.3.1.3
  • application sessions, custom attributes 3.3.5
  • application sessions, destroying 3.2.11
  • application sessions, detaching from 3.2.10
  • application sessions, initializing namespaces 3.3.2.1, 3.3.2.2, 3.3.2.3, 3.3.2.4
  • application sessions, initializing namespaces explicitly 3.3.2.5
  • application sessions, switching to 3.2.6
  • compared with database user 1.2.2.1
  • creating 2.1.1.1
    • direct login users 2.1.3.2
  • creating direct login user 2.1.3.1
  • definition 1.2.2
  • general procedure 2.1.1.1
  • modifying 2.1.1.1
  • validating 2.1.6
• application users and roles
  • troubleshooting D.2.2
• applying
  • additional application privileges
    • to a column 5.5
• assigning
  • an application user to an anonymous application session 3.2.5
• attaching
  • an application session 3.2.3
• auditing
  • DBA_XS_AUDIT_POLICY_OPTIONS view 1.6
  • DBA_XS_AUDIT_TRAIL view 1.6
  • DBA_XS_ENB_AUDIT_POLICIES view 1.6
  • in an Oracle Database Real Application Security environment 1.6
  • unified auditing 1.6, 9
• authentication
  • multilevel 4.3.6
  • strong 4.3.6
  • weak 4.3.6

---

C

• callback event handler procedure
  • creating 3.2.7
• checking
  • ACLs for a privilege 4.3.5
• checking security attribute
  • using getSecurityAttribute method
    • SecurityAttribute returns value ENABLED B.2.1
    • SecurityAttribute returns value NONE B.2.1
    • SecurityAttribute returns value UNKNOWN B.2.1
• checking user authorization indicator
  • using getAuthorizationIndicator method
    • AuthorizationIndicator returns value NONE B.2.2
    • AuthorizationIndicator returns value UNAUTHORIZED B.2.2
    • AuthorizationIndicator returns value UNKNOWN B.2.2
• COLUMN_AUTH_INDICATOR function 10.1
• column authorization
  • JDBCI interface B.2
  • OCI interface B.1
• column-level security 5.5
• configuring
  • an application role 2.2.3
  • application roles 2.2
  • application users 2.1
  • application user switch
    • proxying an application user 2.1.5
  • global callback event handlers
    • for an application session 3.2.8
• constraining ACL inheritance
  • definition 4.3.10.2
• cookies
  • application sessions, setting for 3.2.4
• create views
  • using BEQUEATH clause 5.9
• creating
  • ACLs and ACEs 4.3.2
  • anonymous application session 3.2.2
  • application sessions 3.2.1
  • application user accounts 2.1.1.1
  • application users 2.1.1.1
  • custom attributes
    • in application session 3.3.5
  • direct login user 2.1.3.1
  • dynamic application role 2.2.2.2, 2.2.3.2
  • namespaces
    • using namespace templates 3.3.1
  • namespace templates 3.3.1.3
  • regular application role 2.2.2.1, 2.2.3.1
  • security class 4.2.2
  • simple application user account 2.1.2

---

D

• database role
  • about 1.2.2
• database user
  • about 1.2.2
  • compared with application user 1.2.2.1
• data realm constraints
  • affect on database tables 5.6.2
  • membership methods 5.4.1
  • membership rule (WHERE predicate)
    • about 5.4.1
  • membership rules
    • session variables, guideline for 5.4.1
  • parameterized
    • about 5.4.1
  • types defined by WHERE predicates 5.4.1
• data realms 5.4.2
  • See also: dynamic data realms, static data realms
  • about 5.1
  • definition 4.4.1
  • structure 5.4.1
• data security
  • about 5.1
  • ACLs 4.4
  • automatic refreshment for static ACL 11.5.3.1
  • troubleshooting D.2.5
  • with Oracle Database Real Application Security 1.2.1
• data security documents
  • example 5.3
  • privileges
    • security checks, how handled 5.8.1
  • privileges, column-level security 5.5
• DataSecurity module 4.4.1
• data security policy
  • tables
    • enabling 11.4.3.13
    • removing from 11.4.3.12
• data security privileges
  • alter refreshment for static ACL 11.3.4.2, 11.5.3.2
  • automatic refreshment for static ACL 11.3.4.1
• DBA_XDS_ACL_REFRESH view 9.57
• DBA_XDS_ACL_REFSTAT view 9.58
• DBA_XDS_LATEST_ACL_REFSTAT view 9.59
• DBA_XS_ACES view 4.3.1, 4.3.11, 9.27
• DBA_XS_ACL_PARAMETERS view 9.39
• DBA_XS_ACLS view 4.3.11, 9.24
• DBA_XS_ACTIVE_SESSIONS view 9.49
• DBA_XS_APPLIED_POLICIES view 9.45
• DBA_XS_AUDIT_POLICY_OPTIONS view 1.6, 9
• DBA_XS_AUDIT_TRAIL view 1.6, 9
• DBA_XS_COLUMN_CONSTRAINTS view 9.42
• DBA_XS_DYNAMIC_ROLES view 9.8
• DBA_XS_ENB_AUDIT_POLICIES view 1.6, 9
• DBA_XS_EXTERNAL_PRINICIPALS view 9.3
• DBA_XS_IMPLIED_PRIVILEGES view 9.14
• DBA_XS_INHERITED_REALMS view 9.36
• DBA_XS_MODIFIED_POLICIES view 9.47
• DBA_XS_NS_TEMPLATE_ATTRIBUTES view 9.53
• DBA_XS_NS_TEMPLATES view 9.52
• DBA_XS_OBJECTS view 9.1
• DBA_XS_POLICIES view 9.30
• DBA_XS_PRINICIPALS view 9.2
• DBA_XS_PRIVILEGE_GRANTS view 9.17
• DBA_XS_PRIVILEGES view 4.3.12, 9.11
• DBA_XS_PROXY_ROLES view 9.9
• DBA_XS_REALM_CONSTRAINTS view 9.33
• DBA_XS_ROLE_GRANTS view 9.10
• DBA_XS_ROLES view 9.7
• DBA_XS_SECURITY_CLASS_DEP view 4.3.12, 9.21
• DBA_XS_SECURITY_CLASSES view 4.3.12, 9.18
• DBA_XS_SESSION_NS_ATTRIBUTES view 9.51
• DBA_XS_SESSION_ROLES view 9.50
• DBA_XS_SESSIONS view 9.48
• DBA_XS_USERS view 9.4
• DBMS_XS_SESSIONS PL/SQL package
  • about 11.1
  • ADD_GLOBAL_CALLBACK 11.1.4.20
  • ASSIGN_USER 3.3.2.3
  • ATTACH_SESSION 3.3.2.2
  • constants 11.1.2
  • CREATE_ATTRIBUTE 3.3.5
  • CREATE_NAMESPACE 3.3.2.5
  • CREATE_SESSION 3.3.2.1
  • DELETE_GLOBAL_CALLBACK 3.2.8, 11.1.4.22
  • DELETE_NAMESPACE 3.3.6
  • DESTROY_SESSION 3.2.11
  • DETACH_SESSION 3.2.10
  • DISABLE_ROLE 3.3.8
  • ENABLE_GLOBAL_CALLBACK 11.1.4.21
  • ENABLE_ROLE 3.3.7
  • GET_ATTRIBUTE 3.3.4
  • object types, constructor functions 11.1.3
  • SAVE_SESSION 3.2.9
  • security model 11.1.1
  • SET_ATTRIBUTE 3.3.3
  • SWITCH_USER 2.1.5, 3.3.2.4
• default security class
  • definition 4.2.3
• defining a basic data security policy
  • implementation tasks 5.10.1
    • disable a data security policy for a table 5.10.1.6
  • use case 5.10
• deleting
  • namespaces
    • in application session 3.3.6
• destroying
  • application session 3.2.11
• detaching
  • application session
    • from a traditional database session 3.2.10
• determining
  • invoker’s rights use for nested program units
    • using BEQUEATH clause when creating views 5.9
  • the invoking application user
    • using SQL functions 5.9.1
• direct application user accounts
  • setting password verifiers 2.1.3.3
• disabling
  • application roles
    • for an application session 3.3.8
• displaying secure column values
  • using SQL*Plus SET SECUREDCOL command 5.8.2
• dynamic application role 2.2.2.2
• dynamic application roles
  • predefined 2.2.4
• dynamic data realm constraints
  • about 5.4.2
  • ACL evaluation order 5.6.3

---

E

• enabling
  • application roles
    • for application session 3.3.7
• event-based tracing
  • about D.1.5
  • components D.2
• event handlers 11.1.4.20
  • See also: global callback events
• examples
  • JDBC
    • security attributes, checking B.2.3
    • user authorization, checking B.2.3
  • OCI return codes B.1.1
  • Real Application Security policy on master-detail related tables 5.7.3
• exception dumps D.3
• exception state dumps D.1.4
• extending ACL inheritance
  • definition 4.3.10.1
• external roles 7.1
• external users 7.1
  • namespaces for 7.2.1
  • session modes 7.1
    • secure mode 7.1
    • trusted mode 7.1
• external users and external roles
  • createSession method 7.2.2
  • for application integration 7.1
  • session APIs for 7.2

---

F

• firewall 4.3.6
  • authentication 4.3.10.2
• foreign_key
  • specifies foreign key of detail table 5.7.2

---

G

• getting
  • session attributes
    • in application session 3.3.4
• global callback events
  • about 3.2.8
  • adding 11.1.4.20
  • deleting 11.1.4.22
  • enable or disable 11.1.4.21
• granting
  • application privileges to principles 2.4
  • application role
    • to existing application user 2.4.1.2
    • to new application role 2.4.2
    • to new application user 2.4.1.1
  • database role
    • to an application role 2.4.3

---

I

• inheritance
  • master-detail related tables 5.7.1
• inheritedFrom element, components 5.7.2
• initializing
  • namaspace
    • when session is attached 3.3.2.2
  • namespace 3.3.2.3
    • application user is switched in application session 3.3.2.4
    • when session is created 3.3.2.1
  • namespaces
    • explicitly 3.3.2.5
• in-memory tracing D.1.6

---

J

• Java environment
  • aborting a session 7.2.5
  • assigning a user to a session 7.2.4
  • assigning or switching an application user 6.2.3
  • attaching an application session 7.2.3
    • external role behavior 7.2.3
  • attachng an application session 6.2.2
  • authenticating users using Java APIs 6.3
  • authorizing application users using ACLs 6.4
  • changing the middle-tier cache size 6.1.3
    • clearing the cache 6.1.3.6
    • getting the maximum cache idle time 6.1.3.3
    • getting the maximum cache size 6.1.3.4
    • removing entries from the cache 6.1.3.5
    • removing entries from the cache, getting the high watermark for cache 6.1.3.5.2
    • removing entries from the cache, getting the low watermark for cache 6.1.3.5.3
    • removing entries from the cache, setting the watermark 6.1.3.5.1
    • setting the maximum cache size 6.1.3.2
    • setting the middle-tier cache idle time 6.1.3.1
  • checking if application role is enabled 6.2.4.3
  • constructing an ACL identifier 6.4.1
  • creating an application session 7.2.2
  • creating a session namespace attribute 6.2.5.4.1
  • creating a user session 6.2.1
  • creating namespaces 6.2.5.1
  • deleting namespaces 6.2.5.2
  • deleting session namespace attributes 6.2.5.4.6
  • destroying an application session 6.2.9
  • detaching an application session 6.2.8
  • disabling application roles 6.2.4.2
  • enabling and disabling application roles 6.2.4
  • enabling application roles 6.2.4.1
  • getting a session namespace attribute 6.2.5.4.3
  • getting data privileges associated with a specific ACL 6.4.3
  • getting the application user ID for the session 6.2.7.2
  • getting the Oracle connection associated with the session 6.2.7.1
  • getting the session cookie 6.2.7.5
  • getting the session ID for the session 6.2.7.3
  • getting the string representation of the session 6.2.7.4
  • implicitly creating namespaces 6.2.5.3
  • initializing the middle tier 6.1
    • mid-tier configuration mode 6.1.1
    • privileges for the session manager 6.1.2
    • roles for the session manager 6.1.2
    • using getSessionManager method 6.1.2
  • listing session namespace attributes 6.2.5.4.4
  • performing namespace operations as session manager 6.2.6
  • performing namespace operations as session user 6.2.5
  • resetting session namespace attributes 6.2.5.4.5
  • saving a session 7.2.5
  • setting a session namespace attribute 6.2.5.4.2
  • setting session cookie as session manager 6.2.7.7
  • setting session inactivity timeout as session manager 6.2.7.6
  • using namespace attributes 6.2.5.4
  • using the checkAcl method 6.4.2
• JDBC
  • column authorization, interface for B.2

---

M

• master detail data realm
  • foreign_key
    • specifies foreign key of detail table 5.7.2
  • parentObjectName element
    • specifies name of master table 5.7.2
  • parentSchemaName element
    • specifies name of schema containing master table 5.7.2
  • primary_key
    • specifies primary key from master table 5.7.2
  • when element
    • specifies a predicate for detail table 5.7.2
• master-detail tables
  • ACL
    • identifiers, retrieving 10.4
  • inheritedFrom element, components 5.7.2
  • Real Application Security policies
    • about 5.7.1
    • creating for 5.7.3
• Materialized View 5.4.2
• membership rules (WHERE predicate) in data realm constraints
  • about 5.4.1
• membership rules in data realm constraints
  • session variables, guideline for 5.4.1
• modifying
  • application users 2.1.1.1
• multilevel authentication 4.3.6
  • definition 4.3.6
  • using 4.3.6

---

N

• namespaces
  • application sessions
    • attributes, getting 3.3.4
    • attributes, setting 3.3.3
    • creating 11.1.4.5
    • deleting 3.3.6, 11.1.4.11
  • attributes
    • creating 11.1.4.6
    • deleting 11.1.4.10
    • resetting 11.1.4.9
  • attribute values
    • getting 11.1.4.8
    • setting 11.1.4.7

---

O

• OCI parameter handle attribute
  • OCI_ATTR_XDS_POLICY_STATUS B.1.4
    • OCI_XDS_POLICY_ENABLED value B.1.4
    • OCI_XDS_POLICY_NONE value B.1.4
    • OCI_XDS_POLICY_UNKNOWN value B.1.4
• OCI return codes
  • ORA-24530
    • column value is unauthorized to the user B.1.1
  • ORA-24531
    • column value authorization is unknown B.1.1
  • ORA-24536
    • column authorization unknown B.1.1
• ORA_CHECK_ACL function 10.3, D.1.3
• ORA_CHECK_PRIVILEGE function 10.5
• ORA_GET_ACLIDS function
  • See: ORA_GET_ACLIDS function
• ORA_INVOKING_USER function
  • returns name of current database user 5.9.1
• ORA_INVOKING_USERID function
  • returns ID of current database user 5.9.1
• ORA_INVOKING_XS_USER_GUID function
  • returns ID of current Real Application Security application user 5.9.1
• ORA_INVOKING_XS_USER function
  • returns name of current Real Application Security application user 5.9.1
• ORA-24530
  • column value is unauthorized to the user
    • OCI return code B.1.1
• ORA-24531
  • column value authorization is unknown
    • OCI return code B.1.1
• ORA-24536
  • column authorization unknown
    • OCI return code B.1.1
• ORA-28113((colon)) policy predicate has error message 5.4.3
• oracle.jdbc.OracleResultSetMetaData interface
  • getAuthorizationIndicator method
    • about B.2.2
    • example B.2.3
  • getSecurityAttribute method
    • about B.2.1
    • example B.2.3
• Oracle Call Interface (OCI)
  • column authorization, interface for B.1
• Oracle Database Real Application Security
  • about data security 1.2.1
  • access control entry (ACE) 1.2.5
  • access control list (ACL) 1.2.6
  • advantages of 1.1.2
  • aggregate privilege 1.2.3
  • application privileges 1.2.3
  • application session concepts 1.3
  • architecture 1.1.3
  • data security concepts 1.2
  • data security policy 1.2.7
  • flow of design and development 1.4
  • principals
    • users and roles 1.2.2
  • security classes 1.2.4
  • security components of 1.1.3
  • use case scenario example policy 1.5
    • component requirements 1.5.2
    • description and security requirements 1.5.1
    • implementation overview 1.5.2
  • what is 1.1
• Oracle Label Security
  • context established during attach session 2.1.3.4
  • context established in application session 3.2.3
  • context established in named user’s application session 3.2.5
  • context switches to target_user session 3.2.6
• Oracle Virtual Private Database (VPD)
  • extended for Real Application Security 5.1

---

P

• parameterized ACL 4.4.2
• parameterized data realm constraints
  • about 5.4.1
• parentObjectName element
  • specifies name of master table 5.7.2
• parentSchemaName element
  • specifies name of schema containing master table 5.7.2
• password verifiers
  • direct application user accounts 2.1.3.3
• PL/SQL functions
  • COLUMN_AUTH_INDICATOR 10.1
  • XS_SYS_CONTEXT 10.2
• pluggable databases
  • Oracle Real Application Security support for 1.7
• predefined objects
  • ACLs
    • NS_UNRESTRICTED_ACL A.5
    • SESSIONACL A.5
    • SYSTEMACL A.5
  • database roles
    • PROVISIONER A.2.3
    • XS_CACHE_ADMIN A.2.3
    • XS_NAMESPACE_ADMIN A.2.3
    • XS_SESSION_ADMIN A.2.3
  • dynamic application roles 2.2.4
    • DBMS_AUTH A.2.2
    • DBMS_PASSWD A.2.2
    • EXTERNAL_DBMS_AUTH A.2.2
    • MIDTIER_AUTH A.2.2
    • XSAUTHENTICATED A.2.2
    • XSSWITCH A.2.2
  • namespaces
    • XS$GLOBAL_VAR A.3
    • XS$SESSION A.3
  • regular application roles
    • XSBYPASS A.2.1
    • XSCACHEADMIN A.2.1
    • XSCONNECT A.2.1
    • XSDISPATCHER A.2.1
    • XSNAMESPACEADMIN A.2.1
    • XSPROVISIONER A.2.1
    • XSPUBLIC A.2.1
    • XSSESSIONADMIN A.2.1
  • security classes
    • DML A.4
    • NSTEMPLATE_SC A.4
    • SESSION A.4
    • SYSTEM A.4
  • users
    • XSGUEST A.1
• primary_key
  • specifies primary key from master table 5.7.2
• principals
  • about 1.2.2
• privileges
  • about application 1.2.3
  • check 4.3.5
  • constrain 4.3.10.2
  • data security documents
    • columns, applying additional to 5.5
    • security checks, how handled 5.8.1

---

R

• regular application role 2.2.2.1
• roles 1.2.2, 2.2.1
  • See also: application roles
  • dynamic
    • assigning to user 11.1.4.3
    • removing from user 11.1.4.3

---

S

• scope, ACL
  • definition 4.2.3
• security class
  • about 1.2.4
  • adding parent|security class
    • inheritance 4.2.6
  • configuration 4.2
  • create 4.2.2
  • definition 4.2.1
  • inheritance 4.2.2
  • inheritance|security class
    • adding privileges 4.2.6
    • deleting 4.2.6
    • description string 4.2.6
    • removing implied privileges 4.2.6
    • removing parent 4.2.6
    • removing privileges 4.2.6
  • manipulating 4.2.6
  • troubleshooting D.2.3
• session 3
  • See also: application sessions
  • application 3
  • IDs
    • authentication time, updating 11.1.4.15
    • time-out values, setting 11.1.4.16
  • statistics D.4
• Session
  • isRoleEnabled 6.2.4.3
  • setCookie 6.2.7.7
  • setInactivityTimeout 6.2.7.6
• session cookie
  • application sessions
    • setting 11.1.4.14
• SessionNamespace
  • deleteAttribute 6.2.5.4.6
  • toString 6.2.5.3
• session privilege scoping through ACL 3.5
• session service
  • application configuration of the session filter 8.5
  • authorization (checkACL) 8.2
  • check privilege API 8.7.4
  • deployment 8.4
  • domain configuration 8.6
    • automatic 8.6.3
    • manual 8.6.2
    • prerequisites 8.6.1
  • namespace APIs 8.7.3
  • namespace operations 8.2
  • Oracle Platform Security Service (OPSS) 8
  • privilege elevation 8.2
  • privilege elevation API 8.7.2
  • Real Application Security servlet filter 8.2
  • session APIs 8.2, 8.7.1
  • session filter 8.3
  • session filter operation 8.3.1
  • supports JavaEE web application
    • using OPSS as application security provider 8
• SET SECUREDCOL command
  • SQL*Plus
    • displaying secure column values 5.8.2
• setting
  • a cookie for an application session 3.2.4
  • password verifiers 2.1.3.3
  • session attributes
    • in application session 3.3.3
• SQL functions
  • ORA_CHECK_ACL 10.3, D.1.3
  • ORA_CHECK_PRIVILEGE 10.5
  • ORA_INVOKING_USER
    • returns name of current datanase user 5.9.1
  • ORA_INVOKING_USERID
    • returns ID of current database user 5.9.1
  • ORA_INVOKING_XS_USER
    • returns name of current Real Application Security application user 5.9.1
  • ORA_INVOKING_XS_USER_GUID
    • returns ID of current Real Application Security application user 5.9.1
  • TO_ACLID 10.6
• SQL operators
  • ORA_CHECK_ACL
    • checking ACLs for a privilege 4.3.5
• static data realms
  • about 5.4.2
  • constraints
    • ACL evaluation order 5.6.3
• statistics in troubleshooting D.1.7
• switching
  • application users
    • in current application session 3.2.6
• SYS_GET_ACLIDS function
  • See: ORA_GET_ACLIDS function
• system-constraining ACL
  • about 4.3.6
  • definition 4.3.6

---

T

• tables
  • data security policy
    • enabling 11.4.3.13
    • removing from 11.4.3.12
  • master-detail tables, Real Application Security policies
    • about 5.7.1
    • creating for 5.7.3
• time-out values
  • session
    • IDs, setting for 11.1.4.16
• TO_ACLID function 10.6
• trace files
  • acl D.2.4
  • application roles D.2.2
  • application sessions D.2.1
  • application users D.2.2
  • data security D.2.5
  • policy predicate errors 5.4.3
  • Real Application Security components D.2
  • security classes D.2.3
• tracing
  • event and in-memory D.1.6
• traditional security model
  • manging application users
    • disadvantages of 1.1.1
• troubleshooting
  • acl D.2.4
  • application principals D.2.2
  • application sessions D.2.1
  • data security D.2.5
  • event-based tracing
    • about D.1.5
    • components D.2
  • exception dumps D.3
  • exception state dumps D.1.4
  • in-memory tracing D.1.6
  • Real Application Security diagnostics D.1
  • security classes D.2.3
  • session statistics D.4
  • statistics D.1.7
  • using the ORA_CHECK_ACL function D.1.3
  • using the ORA_GET_ACLIDS function D.1.2
  • using validation APIs D.1.1

---

U

• use case scenario example policy
  • human resources administration of employee information 1.5
    • component requirements 1.5.2
    • description and security requirements 1.5.1
    • implementation overview 1.5.2
  • Java implementation 6.5
    • authorizing with middle-tier API 6.5
    • main method 6.5
    • performing cleanup operations 6.5
    • running a query on the database 6.5
    • setting up connection 6.5
    • setting up session 6.5
• USER_XDS_ACL_REFRESH view 9.60
• USER_XDS_ACL_REFSTAT view 9.61
• USER_XDS_LATEST_ACL_REFSTAT view 9.62
• USER_XS_ACES view 9.28
• USER_XS_ACL_PARAMETERS view 9.40
• USER_XS_ACLS view 9.25
• USER_XS_COLUMN_CONSTRAINTS view 9.43
• USER_XS_IMPLIED_PRIVILEGES view 9.15
• USER_XS_INHERITED_REALMS view 9.37
• USER_XS_PASSWORD_LIMITS view 9.6
• USER_XS_POLICIES view 9.31
• USER_XS_PRIVILEGES view 9.12
• USER_XS_REALM_CONSTRAINTS view 9.34
• USER_XS_SECURITY_CLASS_DEP view 9.22
• USER_XS_SECURITY_CLASSES view 9.19
• USER_XS_USERS view 9.5
• users 2.1.1.1
  • See also: application users
• user sessions 3
  • See also: application sessions
• using
  • constraining application privilege 4.3.10.2
  • effective dates with application roles 2.3
  • multilevel authentication 4.3.6
  • ORA_CHECK_ACL SQL operator 4.3.5
  • SQL functions
    • to determine the invoking application user 5.9.1
  • XS_DIAG.VALIDATE_PRINCIPAL function 2.1.6, 2.2.3.3

---

V

• V$XS_SESSION_NS_ATTRIBUTES view 9.63
• V$XS_SESSION_ROLES view 9.64
• validating
  • ACLs 4.3.3, 11.6.2.3
  • application roles 2.2.3.3
  • application users 2.1.6
  • data security policy 5.2, 11.6.2.4
  • namespaces 11.6.2.5
  • principals 11.6.2.1
  • security classes 4.2.5, 11.6.2.2
  • workspace objects 11.6.2.6
• views 9
  • ALL_XDS_ACL_REFRESH 9.54
  • ALL_XDS_ACL_REFSTAT 9.55
  • ALL_XDS_LATEST_ACL_REFSTAT 9.56
  • ALL_XS_ACES 9.29
  • ALL_XS_ACL_PARAMETERS 9.41
  • ALL_XS_ACLS 9.26
  • ALL_XS_APPLIED_POLICIES 9.46
  • ALL_XS_COLUMN_CONSTRAINTS 9.44
  • ALL_XS_IMPLIED_PRIVILEGES 9.16
  • ALL_XS_INHERITED_REALMS 9.38
  • ALL_XS_POLICIES 9.32
  • ALL_XS_PRIVILEGES 9.13
  • ALL_XS_REALM_CONSTRAINTS 9.35
  • ALL_XS_SECURITY_CLASS_DEP 9.23
  • ALL_XS_SECURITY_CLASSES 9.20
  • DBA_XDS_ACL_REFRESH 9.57
  • DBA_XDS_ACL_REFSTAT 9.58
  • DBA_XDS_LATEST_ACL_REFSTAT 9.59
  • DBA_XS_ACES 9.27
  • DBA_XS_ACL_PARAMETERS 9.39
  • DBA_XS_ACLS 9.24
  • DBA_XS_ACTIVE_SESSIONS 9.49
  • DBA_XS_APPLIED_POLICIES 9.45
  • DBA_XS_COLUMN_CONSTRAINTS 9.42
  • DBA_XS_DYNAMIC_ROLES 9.8
  • DBA_XS_EXTERNAL_PRINCIPALS 9.3
  • DBA_XS_IMPLIED_PRIVILEGES 9.14
  • DBA_XS_INHERITED_REALMS 9.36
  • DBA_XS_MODIFIED_POLICIES 9.47
  • DBA_XS_NS_TEMPLATE_ATTRIBUTES 9.53
  • DBA_XS_NS_TEMPLATES 9.52
  • DBA_XS_OBJECTS 9.1
  • DBA_XS_POLICIES 9.30
  • DBA_XS_PRINCIPALS 9.2
  • DBA_XS_PRIVILEGE_GRANTS 9.17
  • DBA_XS_PRIVILEGES 9.11
  • DBA_XS_PROXY_ROLES 9.9
  • DBA_XS_REALM_CONSTRAINTS 9.33
  • DBA_XS_ROLE_GRANTS 9.10
  • DBA_XS_ROLES 9.7
  • DBA_XS_SECURITY_CLASS_DEP 9.21
  • DBA_XS_SECURITY_CLASSES 9.18
  • DBA_XS_SESSION_NS_ATTRIBUTES 9.51
  • DBA_XS_SESSION_ROLES 9.50
  • DBA_XS_SESSIONS 9.48
  • DBA_XS_USERS 9.4
  • privileges in data security documents 5.8.1
  • USER_XDS_ACL_REFRESH 9.60
  • USER_XDS_ACL_REFSTAT 9.61
  • USER_XDS_LATEST_ACL_REFSTAT 9.62
  • USER_XS_ACES 9.28
  • USER_XS_ACL_PARAMETERS 9.40
  • USER_XS_ACLS 9.25
  • USER_XS_COLUMN_CONSTRAINTS 9.43
  • USER_XS_IMPLIED_PRIVILEGES 9.15
  • USER_XS_INHERITED_REALMS 9.37
  • USER_XS_PASSWORD_LIMITS 9.6
  • USER_XS_POLICIES 9.31
  • USER_XS_PRIVILEGES 9.12
  • USER_XS_REALM_CONSTRAINTS 9.34
  • USER_XS_SECURITY_CLASS_DEP 9.22
  • USER_XS_SECURITY_CLASSES 9.19
  • USER_XS_USERS 9.5
  • V$XS_SESSION_NS_ATTRIBUTES 9.63
  • V$XS_SESSION_ROLES 9.64

---

W

• when element
  • specifies a predicate for detail table 5.7.2

---

X

• XS_ACL PL/SQL package
  • about 11.2
  • ADD_ACL_PARAMETER 11.2.4.6
  • APPEND_ACES 4.3.4, 11.2.4.2
  • constants 11.2.2
  • CREATE_ACL 11.2.4.1
  • DELETE_ACL 11.2.4.9
  • object types, constructor functions 11.2.3
  • REMOVE_ACES 4.3.4, 11.2.4.3
  • REMOVE_ACL_PARAMETERS 11.2.4.7
  • security model 11.2.1
  • SET_DESCRIPTION 11.2.4.8
  • SET_PARENT_ACL 4.3.4, 4.3.10.1, 4.3.10.2, 11.2.4.5
  • SET_SECURITY_CLASS 4.3.4, 11.2.4.4
• XS_ADMIN_UTIL PL/SQL package
  • about 11.3
  • constants 11.3.2
  • GRANT_SYSTEM_PRIVILEGE 11.3.4.1
  • object types 11.3.3
  • REVOKE_SYSTEM_PRIVILEGE 11.3.4.2
  • security model 11.3.1
• XS_DATA_SECURITY_UTIL PL/SQL package
  • about 11.5
  • ALTER_STATIC_ACL_REFRESH Procedure 11.5.3.2
  • constants 11.5.2
  • SCHEDULE_STATIC_ACL_REFRESH Procedure 11.5.3.1
  • security model 11.5.1
• XS_DATA_SECURITY PL/SQL package
  • about 11.4
  • ADD_COLUMN_CONSTRAINTS Procedure 11.4.3.4
  • APPEND_REALM_CONSTRAINTS Procedure 11.4.3.2
  • APPLY_OBJECT_POLICY 5.6.2
  • APPLY_OBJECT_POLICY Procedure 11.4.3.13
  • CREATE_ACL_PARAMETER Procedure 11.4.3.6
  • CREATE_POLICY Procedure 11.4.3.1
  • DELETE_ACL_PARAMETER Procedure 11.4.3.7
  • DELETE_POLICY Procedure 11.4.3.9
  • DISABLE_OBJECT_POLICY Procedure 11.4.3.11
  • ENABLE_OBJECT_POLICY
    • affect on database tables 5.6.2
  • ENABLE_OBJECT_POLICY Procedure 11.4.3.10
  • object types, constructor functions 11.4.2
  • REMOVE_COLUMN_CONSTRAINTS Procedure 11.4.3.5
  • REMOVE_OBJECT_POLICY Procedure 11.4.3.12
  • REMOVE_REALM_CONSTRAINTS Procedure 11.4.3.3
  • security model 11.4.1
  • SET_DESCRIPTION Procedure 11.4.3.8
• XS_DIAG PL/SQL package
  • about 11.6
  • security model 11.6.1
  • VALIDATE_ACL 4.3.3
  • VALIDATE_ACL Function 11.6.2.3
  • VALIDATE_DATA_SECURITY 5.2
  • VALIDATE_DATA_SECURITY Function 11.6.2.4
  • VALIDATE_PRINCIPAL 2.1.6, 2.2.3.3
  • VALIDATE_PRINCIPAL Function 11.6.2.1
  • VALIDATE_SECURITY_CLASS 4.2.5
  • VALIDATE_SECURITY_CLASS Function 11.6.2.2
  • VALIDATE_WORKSPACE Function 11.6.2.6
• XS_DIAG PL/SQL PL/SQL package
  • VALIDATE_NAMESPACE_TEMPLATE Function 11.6.2.5
• XS_NAMESPACE PL/SQL package
  • about 11.7
  • ADD_ATTRIBUTES Procedure 11.7.4.2
  • constants 11.7.2
  • CREATE_TEMPLATE 3.3.1.3
  • CREATE_TEMPLATE Procedure 11.7.4.1
  • DELETE_TEMPLATE 11.7.4.6
  • object types, constructor functions 11.7.3
  • REMOVE_ATTRIBUTES Procedure 11.7.4.3
  • security model 11.7.1
  • SET_DESCRIPTION Procedure 11.7.4.5
  • SET_HANDLER Procedure 11.7.4.4
• XS_PRINCIPAL PL/SQL package
  • about 11.8
  • ADD_PROXY_TO_DBUSER Procedure 11.8.4.8
  • ADD_PROXY_USER 2.1.5
  • ADD_PROXY_USER Procedure 11.8.4.6
  • constants 11.8.2
  • CREATE_DYNAMIC_ROLE 2.2.3.2
  • CREATE_DYNAMIC_ROLE Procedure 11.8.4.3
  • CREATE_ROLE 2.2.3.1
  • CREATE_ROLE Procedure 11.8.4.2
  • CREATE_USER 2.1.3.2, 2.3
  • CREATE_USER Procedure 11.8.4.1
  • DELETE_PRINCIPAL Procedure 11.8.4.23
  • ENABLE_BY_DEFAULT Procedure 11.8.4.13
  • ENABLE_ROLES_BY_DEFAULT Procedure 11.8.4.14
  • GRANT_ROLES 2.4.1.2, 2.4.2
  • GRANT_ROLES Procedure 11.8.4.4
  • object types, constructor functions 11.8.3
  • REMOVE_PROXY_FROM_DBUSER Procedure 11.8.4.9
  • REMOVE_PROXY_USERS Procedure 11.8.4.7
  • REVOKE_ROLES Procedure 11.8.4.5
  • security model 11.8.1
  • SET_ACL Procedure 11.8.4.17
  • SET_DESCRIPTION Procedure 11.8.4.22
  • SET_DYNAMIC_ROLE_DURATION Procedure 11.8.4.11
  • SET_DYNAMIC_ROLE_SCOPE Procedure 11.8.4.12
  • SET_EFFECTIVE_DATES Procedure 11.8.4.10
  • SET_GUID Procedure 11.8.4.16
  • SET_PASSWORD 2.1.3.2
  • SET_PASSWORD Procedure 11.8.4.20
  • SET_PROFILE 2.1.3.2
  • SET_PROFILE Procedure 11.8.4.18
  • SET_USER_SCHEMA Procedure 11.8.4.15
  • SET_USER_STATUS Procedure 11.8.4.19
  • SET_VERIFIER 2.1.3.3
  • SET_VERIFIER Procedure 11.8.4.21
• XS_SECURITY_CLASS PL/SQL package
  • about 11.9
  • ADD_IMPLIED_PRIVILEGES 4.1.1, 4.2.6
  • ADD_IMPLIED_PRIVILEGES Procedure 11.9.2.6
  • ADD_PARENTS 4.2.6
  • ADD_PARENTS Procedure 11.9.2.2
  • ADD_PRIVILEGES 4.1.1, 4.2.6
  • ADD_PRIVILEGES Procedure 11.9.2.4
  • CREATE_SECURITY_CLASS Procedure 11.9.2.1
  • DELETE_SECURITY_CLASS 4.2.6
  • DELETE_SECURITY_CLASS Procedure 11.9.2.9
  • REMOVE_IMPLIED_PRIVILEGES 4.2.6
  • REMOVE_IMPLIED_PRIVILEGES Procedure 11.9.2.7
  • REMOVE_PARENTS 4.2.6
  • REMOVE_PARENTS Procedure 11.9.2.3
  • REMOVE_PRIVILEGES 4.2.6
  • REMOVE_PRIVILEGES Procedure 11.9.2.5
  • security model 11.9.1
  • SET_DESCRIPTION 4.2.6
  • SET_DESCRIPTION Procedure 11.9.2.8
• XS_SYS_CONTEXT function 10.2
• XSSessionManager
  • clearCache 6.1.3.6
  • createAnonymousSession 6.2.1
  • createSession 6.2.1
  • getLowWaterMark 6.1.3.5.3