Table of Contents
- List of Examples
- List of Figures
- List of Tables
- Title and Copyright Information
- Preface
- Changes in This Release for Oracle Database Real Application Security Administrator's and Developer's Guide
-
1
Introducing Oracle Database Real Application Security
- What Is Oracle Database Real Application Security?
- Data Security Concepts Used in Real Application Security
- Application Session Concepts Used in Application Security
- Flow of Design and Development
- Scenario: Security Human Resources (HR) Demonstration of Employee Information
- About Auditing in an Oracle Database Real Application Security Environment
- Support for Pluggable Databases
-
2
Configuring Application Users and Application Roles
- About Configuring Application Users
- About Configuring Application Roles
- Effective Dates for Application Users and Application Roles
- About Granting Application Privileges to Principals
-
3
Configuring Application Sessions
- About Application Sessions
-
About Creating and Maintaining Application Sessions
- Creating an Application Session
- Creating an Anonymous Application Session
- Attaching an Application Session to a Traditional Database Session
- Setting a Cookie for an Application Session
- Assigning an Application User to an Anonymous Application Session
- Switching a Current Application User to Another Application User in the Current Application Session
- About Creating a Global Callback Event Handler Procedure
- Configuring Global Callback Event Handlers for an Application Session
- Saving an Application Session
- Detaching an Application Session from a Traditional Database Session
- Destroying an Application Session
-
About Manipulating the Application Session State
- About Using Namespace Templates to Create Namespaces
-
Initializing a Namespace in an Application Session
- Initializing a Namespace When the Session Is Created
- Initializing a Namespace When the Session Is Attached
- Initializing a Namespace When a Named Application User Is Assigned to an Anonymous Application Session
- Initializing a Namespace When the Application User Is Switched in an Application Session
- Initializing a Namespace Explicitly
- Setting Session Attributes in an Application Session
- Getting Session Attributes in an Application Session
- Creating Custom Attributes in an Application Session
- Deleting a Namespace in an Application Session
- Enabling Application Roles for a Session
- Disabling Application Roles for a Session
- About Administrative APIs for External Users and Roles
- About Real Application Security Session Privilege Scoping Through ACL
-
4
Configuring Application Privileges and Access Control Lists
- About Application Privileges
- About Configuring Security Classes
-
About Configuring Access Control Lists
- About ACLs and ACEs
- Creating ACLs and ACEs
- About Validating Access Control Lists
- Updating Access Control Lists
- About Checking ACLs for a Privilege
- About Using Multilevel Authentication
- Principal Types
- Access Resolution Results
- ACE Evaluation Order
- ACL Inheritance
- About ACL Catalog Views
- About Security Class Catalog Views
- Data Security
- ACL Binding
-
5
Configuring Data Security
- About Data Security
- About Validating the Data Security Policy
- Understanding the Structure of the Data Security Policy
- About Designing Data Realms
- Applying Additional Application Privileges to a Column
- About Enabling Data Security Policy for a Database Table or View
- About Creating Real Application Security Policies on Master-Detail Related Tables
- About Managing Application Privileges for Data Security Policies
- Using BEQUEATH CURRENT_USER Views
- Real Application Security: Putting It All Together
- About Schema Level Real Application Security Policy Administration
-
6
Using Real Application Security in Java Applications
-
About Initializing the Middle Tier
- About Mid-Tier Configuration Mode
- Using the getSessionManager Method
- About Changing the Middle-Tier Cache Setting
-
About Managing Real Application Security Sessions
- Creating a Real Application Security User Session
- Attaching an Application Session
- Assigning or Switching an Application User
- Enabling Real Application Security Application Roles
- About Performing Namespace Operations as Session User
- About Performing Namespace Operations as Session Manager
-
About Performing Miscellaneous Session-Related Activities
- About Getting the Oracle Connection Associated with the Session
- About Getting the Application User ID for the Session
- Getting the Session ID for the Session
- About Getting a String Representation of the Session
- Getting the Session Cookie
- Setting Session Inactivity Timeout as Session Manager
- Setting the Session Cookie as Session Manager
- Detaching an Application Session
- Destroying A Real Application Security Application Session
- Authenticating Application Users Using Java APIs
- About Authorizing Application Users Using ACLs
- Human Resources Administration Use Case: Implementation in Java
-
About Initializing the Middle Tier
- 7 Oracle Fusion Middleware Integration with Real Application Security
-
8
Application Session Service in Oracle Fusion Middleware
- About Real Application Security Concepts
- About Application Session Service in Oracle Fusion Middleware
- About the Application Session Filter
- About Deployment
- About Application Configuration of the Application Session Filter
- Domain Configuration: Setting Up an Application Session Service to Work with OPSS and Oracle Fusion Middleware
- About Application Session APIs
-
Human Resources Demo Use Case: Implementation in Java
- Setting Up the HR Demo Application for External Principals (setup.sql)
- About the Application Session Filter Configuration File (web.xml)
- About the Sample Servlet Application (MyHR.java)
- About the Filter to Set Up the Application Namespace (MyFilter.java)
- About the HR Demo Use Case - User Roles
- About the HR Demo (1) - Logged in as Employee LPOPP
- About the HR Demo (2) - Logged in as HRMGR
- About the HR Demo (3) - Logged in as a Team Manager
-
9
Oracle Database Real Application Security Data Dictionary Views
- DBA_XS_OBJECTS
- DBA_XS_PRINCIPALS
- DBA_XS_EXTERNAL_PRINCIPALS
- DBA_XS_USERS
- USER_XS_USERS
- USER_XS_PASSWORD_LIMITS
- DBA_XS_ROLES
- DBA_XS_DYNAMIC_ROLES
- DBA_XS_PROXY_ROLES
- DBA_XS_ROLE_GRANTS
- DBA_XS_PRIVILEGES
- USER_XS_PRIVILEGES
- ALL_XS_PRIVILEGES
- DBA_XS_IMPLIED_PRIVILEGES
- USER_XS_IMPLIED_PRIVILEGES
- ALL_XS_IMPLIED_PRIVILEGES
- DBA_XS_PRIVILEGE_GRANTS
- DBA_XS_SECURITY_CLASSES
- USER_XS_SECURITY_CLASSES
- ALL_XS_SECURITY_CLASSES
- DBA_XS_SECURITY_CLASS_DEP
- USER_XS_SECURITY_CLASS_DEP
- ALL_XS_SECURITY_CLASS_DEP
- DBA_XS_ACLS
- USER_XS_ACLS
- ALL_XS_ACLS
- DBA_XS_ACES
- USER_XS_ACES
- ALL_XS_ACES
- DBA_XS_POLICIES
- USER_XS_POLICIES
- ALL_XS_POLICIES
- DBA_XS_REALM_CONSTRAINTS
- USER_XS_REALM_CONSTRAINTS
- ALL_XS_REALM_CONSTRAINTS
- DBA_XS_INHERITED_REALMS
- USER_XS_INHERITED_REALMS
- ALL_XS_INHERITED_REALMS
- DBA_XS_ACL_PARAMETERS
- USER_XS_ACL_PARAMETERS
- ALL_XS_ACL_PARAMETERS
- DBA_XS_COLUMN_CONSTRAINTS
- USER_XS_COLUMN_CONSTRAINTS
- ALL_XS_COLUMN_CONSTRAINTS
- DBA_XS_APPLIED_POLICIES
- ALL_XS_APPLIED_POLICIES
- DBA_XS_MODIFIED_POLICIES
- DBA_XS_SESSIONS
- DBA_XS_ACTIVE_SESSIONS
- DBA_XS_SESSION_ROLES
- DBA_XS_SESSION_NS_ATTRIBUTES
- DBA_XS_NS_TEMPLATES
- DBA_XS_NS_TEMPLATE_ATTRIBUTES
- ALL_XDS_ACL_REFRESH
- ALL_XDS_ACL_REFSTAT
- ALL_XDS_LATEST_ACL_REFSTAT
- DBA_XDS_ACL_REFRESH
- DBA_XDS_ACL_REFSTAT
- DBA_XDS_LATEST_ACL_REFSTAT
- USER_XDS_ACL_REFRESH
- USER_XDS_ACL_REFSTAT
- USER_XDS_LATEST_ACL_REFSTAT
- V$XS_SESSION_NS_ATTRIBUTES
- V$XS_SESSION_ROLES
- 10 Oracle Database Real Application Security SQL Functions
-
11
Oracle Database Real Application Security PL/SQL Packages
-
DBMS_XS_SESSIONS Package
- Security Model
- Constants
- Object Types, Constructor Functions, Synonyms, and Grants
-
Summary of DBMS_XS_SESSIONS Subprograms
- CREATE_SESSION Procedure
- ATTACH_SESSION Procedure
- ASSIGN_USER Procedure
- SWITCH_USER Procedure
- CREATE_NAMESPACE Procedure
- CREATE_ATTRIBUTE Procedure
- SET_ATTRIBUTE Procedure
- GET_ATTRIBUTE Procedure
- RESET_ATTRIBUTE Procedure
- DELETE_ATTRIBUTE Procedure
- DELETE_NAMESPACE Procedure
- ENABLE_ROLE Procedure
- DISABLE_ROLE Procedure
- SET_SESSION_COOKIE Procedure
- REAUTH_SESSION Procedure
- SET_INACTIVITY_TIMEOUT Procedure
- SAVE_SESSION Procedure
- DETACH_SESSION Procedure
- DESTROY_SESSION Procedure
- ADD_GLOBAL_CALLBACK Procedure
- ENABLE_GLOBAL_CALLBACK Procedure
- DELETE_GLOBAL_CALLBACK Procedure
- XS_ACL Package
- XS_ADMIN_UTIL Package
-
XS_DATA_SECURITY Package
- Security Model for the XS_DATA_SECURITY Package
- Object Types, Constructor Functions, Synonyms, and Grants
-
Summary of XS_DATA_SECURITY Subprograms
- CREATE_POLICY Procedure
- APPEND_REALM_CONSTRAINTS Procedure
- REMOVE_REALM_CONSTRAINTS Procedure
- ADD_COLUMN_CONSTRAINTS Procedure
- REMOVE_COLUMN_CONSTRAINTS Procedure
- CREATE_ACL_PARAMETER Procedure
- DELETE_ACL_PARAMETER Procedure
- SET_DESCRIPTION Procedure
- DELETE_POLICY Procedure
- ENABLE_OBJECT_POLICY Procedure
- DISABLE_OBJECT_POLICY Procedure
- REMOVE_OBJECT_POLICY Procedure
- APPLY_OBJECT_POLICY Procedure
- XS_DATA_SECURITY_UTIL Package
- XS_DIAG Package
- XS_NAMESPACE Package
-
XS_PRINCIPAL Package
- Security Model
- Constants
- Object Types, Constructor Functions, Synonyms, and Grants
-
Summary of XS_PRINCIPAL Subprograms
- CREATE_USER Procedure
- CREATE_ROLE Procedure
- CREATE_DYNAMIC_ROLE Procedure
- GRANT_ROLES Procedure
- REVOKE_ROLES Procedure
- ADD_PROXY_USER Procedure
- REMOVE_PROXY_USERS Procedure
- ADD_PROXY_TO_DBUSER
- REMOVE_PROXY_FROM_DBUSER Procedure
- SET_EFFECTIVE_DATES Procedure
- SET_DYNAMIC_ROLE_DURATION Procedure
- SET_DYNAMIC_ROLE_SCOPE Procedure
- ENABLE_BY_DEFAULT Procedure
- ENABLE_ROLES_BY_DEFAULT Procedure
- SET_USER_SCHEMA Procedure
- SET_GUID Procedure
- SET_ACL Procedure
- SET_PROFILE Procedure
- SET_USER_STATUS Procedure
- SET_PASSWORD Procedure
- SET_VERIFIER Procedure
- SET_DESCRIPTION Procedure
- DELETE_PRINCIPAL Procedure
- XS_SECURITY_CLASS Package
-
DBMS_XS_SESSIONS Package
-
12
Real Application Security HR Demo
- Overview of the Security HR Demo
- What Each Script Does
- Setting Up the Security HR Demo Components
- Running the Security HR Demo Using Direct Logon
- Running the Security HR Demo Attached to a Real Application Security Session
- Running the Security HR Demo Cleanup Script
- Running the Security HR Demo in the Java Interface
- About Using RASADM to Run the Security HR Demo
- A Predefined Objects in Real Application Security
- B Configuring OCI and JDBC Applications for Column Authorization
- C Real Application Security HR Demo Files
- D Troubleshooting Oracle Database Real Application Security
- Glossary
- Index