Table of Contents
- List of Tables
- Title and Copyright Information
- Preface
-
Changes in This Release for Oracle Database Security Guide
-
Changes in Oracle Database Security 19c
- Signature-Based Security for LOB Locators
- Default User Accounts Now Schema Only
- Privilege Analysis Documentation Moved to Oracle Database Security Guide
- Ability to Grant or Revoke Administrative Privileges to and from Schema-Only Accounts
- Automatic Support for Both SASL and Non-SASL Active Directory Connections
- Support for Oracle Native Encryption and SSL Authentication for Different Users Concurrently
- Support for Host Name-Based Partial DN Matching for Matching for Server Certificates
- Ability to Audit Only Top-Level SQL Statements
- Improved Read Performance for the Unified Audit Trial
- SYSLOG Destination for Common Unified Audit Policies
- PDB_GUID as Audit Record Field Name for SYSLOG and the Windows Event Viewer
-
Updates to Oracle Database Security 19c
- Gradual Database Password Rollover for Applications
- Ability to Use Multiple Kerberos Principals with a Single Database Client
- Updated Support for Micro Edition Suite (MES) for FIPS 140.2
- Support for DBMS_CRYPTO Asymmetric Key Operations
- SYSLOG Destination for Common Unified Audit Policies
- Security Update for Native Encryption
-
Changes in Oracle Database Security 19c
- 1 Introduction to Oracle Database Security
-
Part I Managing User Authentication and Authorization
-
2
Managing Security for Oracle Database Users
- 2.1 About User Security
-
2.2
Creating User Accounts
- 2.2.1 About Common Users and Local Users
- 2.2.2 Who Can Create User Accounts?
- 2.2.3 Creating a New User Account That Has Minimum Database Privileges
- 2.2.4 Restrictions on Creating the User Name for a New Account
- 2.2.5 Assignment of User Passwords
- 2.2.6 Default Tablespace for the User
- 2.2.7 Tablespace Quotas for a User
- 2.2.8 Temporary Tablespaces for the User
- 2.2.9 Profiles for the User
- 2.2.10 Creation of a Common User or a Local User
- 2.2.11 Creating a Default Role for the User
- 2.3 Altering User Accounts
- 2.4 Configuring User Resource Limits
- 2.5 Dropping User Accounts
- 2.6 Predefined Schema User Accounts Provided by Oracle Database
- 2.7 Database User and Profile Data Dictionary Views
-
3
Configuring Authentication
- 3.1 About Authentication
-
3.2
Configuring Password Protection
- 3.2.1 What Are the Oracle Database Built-in Password Protections?
- 3.2.2 Minimum Requirements for Passwords
- 3.2.3 Creating a Password by Using the IDENTIFIED BY Clause
-
3.2.4
Using a Password Management Policy
- 3.2.4.1 About Managing Passwords
- 3.2.4.2 Finding User Accounts That Have Default Passwords
- 3.2.4.3 Password Settings in the Default Profile
- 3.2.4.4 Using the ALTER PROFILE Statement to Set Profile Limits
- 3.2.4.5 Disabling and Enabling the Default Password Security Settings
- 3.2.4.6 Automatically Locking Inactive Database User Accounts
- 3.2.4.7 Automatically Locking User Accounts After Failed Logins
- 3.2.4.8 Example: Locking an Account with the CREATE PROFILE Statement
- 3.2.4.9 Explicitly Locking a User Account
- 3.2.4.10 Controlling the User Ability to Reuse Previous Passwords
- 3.2.4.11 About Controlling Password Aging and Expiration
- 3.2.4.12 Using the CREATE PROFILE or ALTER PROFILE Statement to Set a Password Lifetime
- 3.2.4.13 Checking the Status of a User Account
- 3.2.4.14 Password Change Life Cycle
- 3.2.4.15 PASSWORD_LIFE_TIME Profile Parameter Low Value
-
3.2.5
Managing Gradual Database Password Rollover for Applications
- 3.2.5.1 About Managing Gradual Database Password Rollover for Applications
- 3.2.5.2 Password Change Life Cycle During a Gradual Database Password Rollover
- 3.2.5.3 Enabling the Gradual Database Password Rollover
- 3.2.5.4 Changing a Password to Begin the Gradual Database Password Rollover Period
- 3.2.5.5 Changing a Password During the Gradual Database Password Rollover Period
- 3.2.5.6 Ending the Password Rollover Period
- 3.2.5.7 Database Behavior During the Gradual Password Rollover Period
- 3.2.5.8 Database Server Behavior After the Password Rollover Period Ends
- 3.2.5.9 Finding Users Who Still Use Their Old Passwords
-
3.2.6
Managing the Complexity of Passwords
- 3.2.6.1 About Password Complexity Verification
- 3.2.6.2 How Oracle Database Checks the Complexity of Passwords
- 3.2.6.3 Who Can Use the Password Complexity Functions?
- 3.2.6.4 verify_function_11G Function Password Requirements
- 3.2.6.5 ora12c_verify_function Password Requirements
- 3.2.6.6 ora12c_strong_verify_function Function Password Requirements
- 3.2.6.7 ora12c_stig_verify_function Password Requirements
- 3.2.6.8 About Customizing Password Complexity Verification
- 3.2.6.9 Enabling Password Complexity Verification
-
3.2.7
Managing Password Case Sensitivity
- 3.2.7.1 SEC_CASE_SENSITIVE_LOGON Parameter and Password Case Sensitivity
- 3.2.7.2 Using the ALTER SYSTEM Statement to Enable Password Case Sensitivity
- 3.2.7.3 Management of Case Sensitivity for Secure Role Passwords
- 3.2.7.4 Management of Password Versions of Users
- 3.2.7.5 Finding and Resetting User Passwords That Use the 10G Password Version
- 3.2.7.6 How Case Sensitivity Affects Password Files
- 3.2.7.7 How Case Sensitivity Affects Passwords Used in Database Link Connections
-
3.2.8
Ensuring Against Password Security Threats by Using the 12C Password Version
- 3.2.8.1 About the 12C Version of the Password Hash
- 3.2.8.2 Oracle Database 12C Password Version Configuration Guidelines
- 3.2.8.3 Configuring Oracle Database to Use the 12C Password Version Exclusively
- 3.2.8.4 How Server and Client Logon Versions Affect Database Links
- 3.2.8.5 Configuring Oracle Database Clients to Use the 12C Password Version Exclusively
-
3.2.9
Managing the Secure External Password Store for Password Credentials
- 3.2.9.1 About the Secure External Password Store
- 3.2.9.2 How Does the External Password Store Work?
- 3.2.9.3 About Configuring Clients to Use the External Password Store
- 3.2.9.4 Configuring a Client to Use the External Password Store
- 3.2.9.5 Example: Sample SQLNET.ORA File with Wallet Parameters Set
- 3.2.9.6 Managing External Password Store Credentials
-
3.2.10
Managing Passwords for Administrative Users
- 3.2.10.1 About Managing Passwords for Administrative Users
- 3.2.10.2 Setting the LOCK and EXPIRED Status of Administrative Users
- 3.2.10.3 Password Profile Settings for Administrative Users
- 3.2.10.4 Last Successful Login Time for Administrative Users
- 3.2.10.5 Management of the Password File of Administrative Users
- 3.2.10.6 Migration of the Password File of Administrative Users
- 3.2.10.7 How the Multitenant Option Affects Password Files for Administrative Users
- 3.2.10.8 Password Complexity Verification Functions for Administrative Users
-
3.3
Authentication of Database Administrators
- 3.3.1 About Authentication of Database Administrators
- 3.3.2 Strong Authentication, Centralized Management for Administrators
- 3.3.3 Authentication of Database Administrators by Using the Operating System
- 3.3.4 Authentication of Database Administrators by Using Their Passwords
- 3.3.5 Risks of Using Password Files for Database Administrator Authentication
- 3.4 Database Authentication of Users
- 3.5 Schema-Only Accounts
- 3.6 Operating System Authentication of Users
- 3.7 Network Authentication of Users
- 3.8 Configuring Operating System Users for a PDB
- 3.9 Global User Authentication and Authorization
-
3.10
Configuring an External Service to Authenticate Users and Passwords
- 3.10.1 About External Authentication
- 3.10.2 Advantages of External Authentication
- 3.10.3 Enabling External Authentication
- 3.10.4 Creating a User Who Is Authenticated Externally
- 3.10.5 Authentication of User Logins By Using the Operating System
- 3.10.6 Authentication of User Logins Using Network Authentication
- 3.11 Multitier Authentication and Authorization
- 3.12 Administration and Security in Clients, Application Servers, and Database Servers
-
3.13
Preserving User Identity in Multitiered Environments
-
3.13.1
Middle Tier Server Use for Proxy Authentication
- 3.13.1.1 About Proxy Authentication
- 3.13.1.2 Advantages of Proxy Authentication
- 3.13.1.3 Who Can Create Proxy User Accounts?
- 3.13.1.4 Guidelines for Creating Proxy User Accounts
- 3.13.1.5 Creating Proxy User Accounts and Authorizing Users to Connect Through Them
- 3.13.1.6 Proxy User Accounts and the Authorization of Users to Connect Through Them
- 3.13.1.7 Using Proxy Authentication with the Secure External Password Store
- 3.13.1.8 How the Identity of the Real User Is Passed with Proxy Authentication
- 3.13.1.9 Limits to the Privileges of the Middle Tier
- 3.13.1.10 Authorizing a Middle Tier to Proxy and Authenticate a User
- 3.13.1.11 Authorizing a Middle Tier to Proxy a User Authenticated by Other Means
- 3.13.1.12 Reauthenticating a User Through the Middle Tier to the Database
- 3.13.1.13 Using Password-Based Proxy Authentication
- 3.13.1.14 Using Proxy Authentication with Enterprise Users
-
3.13.2
Using Client Identifiers to Identify Application Users Unknown to the Database
- 3.13.2.1 About Client Identifiers
- 3.13.2.2 How Client Identifiers Work in Middle Tier Systems
- 3.13.2.3 Use of the CLIENT_IDENTIFIER Attribute to Preserve User Identity
- 3.13.2.4 Use of the CLIENT_IDENTIFIER Independent of Global Application Context
- 3.13.2.5 Setting the CLIENT_IDENTIFIER Independent of Global Application Context
- 3.13.2.6 Use of the DBMS_SESSION PL/SQL Package to Set and Clear the Client Identifier
- 3.13.2.7 Enabling the CLIENTID_OVERWRITE Event System-Wide
- 3.13.2.8 Enabling the CLIENTID_OVERWRITE Event for the Current Session
- 3.13.2.9 Disabling the CLIENTID_OVERWRITE Event
-
3.13.1
Middle Tier Server Use for Proxy Authentication
- 3.14 User Authentication Data Dictionary Views
-
4
Configuring Privilege and Role Authorization
- 4.1 About Privileges and Roles
- 4.2 Who Should Be Granted Privileges?
- 4.3 How the Oracle Multitenant Option Affects Privileges
-
4.4
Managing Administrative Privileges
- 4.4.1 About Administrative Privileges
- 4.4.2 Grants of Administrative Privileges to Users
- 4.4.3 SYSDBA and SYSOPER Privileges for Standard Database Operations
- 4.4.4 SYSBACKUP Administrative Privilege for Backup and Recovery Operations
- 4.4.5 SYSDG Administrative Privilege for Oracle Data Guard Operations
- 4.4.6 SYSKM Administrative Privilege for Transparent Data Encryption
- 4.4.7 SYSRAC Administrative Privilege for Oracle Real Application Clusters
- 4.5 Managing System Privileges
-
4.6
Managing Commonly and Locally Granted Privileges
- 4.6.1 About Commonly and Locally Granted Privileges
- 4.6.2 How Commonly Granted System Privileges Work
- 4.6.3 How Commonly Granted Object Privileges Work
- 4.6.4 Granting or Revoking Privileges to Access a PDB
- 4.6.5 Example: Granting a Privilege in a Multitenant Environment
- 4.6.6 Enabling Common Users to View CONTAINER_DATA Object Information
-
4.7
Managing Common Roles and Local Roles
- 4.7.1 About Common Roles and Local Roles
- 4.7.2 How Common Roles Work
- 4.7.3 How the PUBLIC Role Works in a Multitenant Environment
- 4.7.4 Privileges Required to Create, Modify, or Drop a Common Role
- 4.7.5 Rules for Creating Common Roles
- 4.7.6 Creating a Common Role
- 4.7.7 Rules for Creating Local Roles
- 4.7.8 Creating a Local Role
- 4.7.9 Role Grants and Revokes for Common Users and Local Users
-
4.8
Managing User Roles
-
4.8.1
About User Roles
- 4.8.1.1 What Are User Roles?
- 4.8.1.2 The Functionality of Roles
- 4.8.1.3 Properties of Roles and Why They Are Advantageous
- 4.8.1.4 Typical Uses of Roles
- 4.8.1.5 Common Uses of Application Roles
- 4.8.1.6 Common Uses of User Roles
- 4.8.1.7 How Roles Affect the Scope of a User's Privileges
- 4.8.1.8 How Roles Work in PL/SQL Blocks
- 4.8.1.9 How Roles Aid or Restrict DDL Usage
- 4.8.1.10 How Operating Systems Can Aid Roles
- 4.8.1.11 How Roles Work in a Distributed Environment
- 4.8.2 Predefined Roles in an Oracle Database Installation
- 4.8.3 Creating a Role
-
4.8.4
Specifying the Type of Role Authorization
- 4.8.4.1 Authorizing a Role by Using the Database
- 4.8.4.2 Authorizing a Role by Using an Application
- 4.8.4.3 Authorizing a Role by Using an External Source
- 4.8.4.4 Authorizing a Role by Using the Operating System
- 4.8.4.5 Authorizing a Role by Using a Network Client
- 4.8.4.6 Authorizing a Global Role by an Enterprise Directory Service
- 4.8.5 Granting and Revoking Roles
- 4.8.6 Dropping Roles
- 4.8.7 Restricting SQL*Plus Users from Using Database Roles
- 4.8.8 Role Privileges and Secure Application Roles
-
4.8.1
About User Roles
- 4.9 Restricting Operations on PDBs Using PDB Lockdown Profiles
- 4.10 Managing Object Privileges
- 4.11 Table Privileges
- 4.12 View Privileges
-
4.13
Procedure Privileges
- 4.13.1 The Use of the EXECUTE Privilege for Procedure Privileges
- 4.13.2 Procedure Execution and Security Domains
- 4.13.3 System Privileges Required to Create or Replace a Procedure
- 4.13.4 System Privileges Required to Compile a Procedure
- 4.13.5 How Procedure Privileges Affect Packages and Package Objects
-
4.14
Type Privileges
- 4.14.1 System Privileges for Named Types
- 4.14.2 Object Privileges for Named Types
- 4.14.3 Method Execution Model for Named Types
- 4.14.4 Privileges Required to Create Types and Tables Using Types
- 4.14.5 Example: Privileges for Creating Types and Tables Using Types
- 4.14.6 Privileges on Type Access and Object Access
- 4.14.7 Type Dependencies
-
4.15
Grants of User Privileges and Roles
-
4.15.1
Granting System Privileges and Roles to Users and Roles
- 4.15.1.1 Privileges for Grants of System Privileges and Roles to Users and Roles
- 4.15.1.2 Example: Granting a System Privilege and a Role to a User
- 4.15.1.3 Example: Granting the EXECUTE Privilege on a Directory Object
- 4.15.1.4 Use of the ADMIN Option to Enable Grantee Users to Grant the Privilege
- 4.15.1.5 Creating a New User with the GRANT Statement
- 4.15.2 Granting Object Privileges to Users and Roles
-
4.15.1
Granting System Privileges and Roles to Users and Roles
- 4.16 Revokes of Privileges and Roles from a User
- 4.17 Grants and Revokes of Privileges to and from the PUBLIC Role
-
4.18
Grants of Roles Using the Operating System or Network
- 4.18.1 About Granting Roles Using the Operating System or Network
- 4.18.2 Operating System Role Identification
- 4.18.3 Operating System Role Management
- 4.18.4 Role Grants and Revokes When OS_ROLES Is Set to TRUE
- 4.18.5 Role Enablements and Disablements When OS_ROLES Is Set to TRUE
- 4.18.6 Network Connections with Operating System Role Management
- 4.19 How Grants and Revokes Work with SET ROLE and Default Role Settings
-
4.20
User Privilege and Role Data Dictionary Views
- 4.20.1 Data Dictionary Views to Find Information about Privilege and Role Grants
- 4.20.2 Query to List All System Privilege Grants
- 4.20.3 Query to List All Role Grants
- 4.20.4 Query to List Object Privileges Granted to a User
- 4.20.5 Query to List the Current Privilege Domain of Your Session
- 4.20.6 Query to List Roles of the Database
- 4.20.7 Query to List Information About the Privilege Domains of Roles
-
5
Performing Privilege Analysis to Find Privilege Use
- 5.1 What Is Privilege Analysis?
-
5.2
Creating and Managing Privilege Analysis Policies
- 5.2.1 About Creating and Managing Privilege Analysis Policies
- 5.2.2 General Steps for Managing Privilege Analysis
- 5.2.3 Creating a Privilege Analysis Policy
- 5.2.4 Enabling a Privilege Analysis Policy
- 5.2.5 Examples of Creating and Enabling Privilege Analysis Policies
- 5.2.6 Disabling a Privilege Analysis Policy
-
5.2.7
Generating a Privilege Analysis Report
- 5.2.7.1 About Generating a Privilege Analysis Report
- 5.2.7.2 General Process for Managing Multiple Named Capture Runs
- 5.2.7.3 Generating a Privilege Analysis Report Using DBMS_PRIVILEGE_CAPTURE
- 5.2.7.4 Generating a Privilege Analysis Report Using Cloud Control
- 5.2.7.5 Accessing Privilege Analysis Reports Using Cloud Control
- 5.2.8 Dropping a Privilege Analysis Policy
- 5.3 Creating Roles and Managing Privileges Using Cloud Control
-
5.4
Tutorial: Using Capture Runs to Analyze ANY Privilege Use
- 5.4.1 Step 1: Create User Accounts
- 5.4.2 Step 2: Create and Enable a Privilege Analysis Policy
- 5.4.3 Step 3: Use the READ ANY TABLE System Privilege
- 5.4.4 Step 4: Disable the Privilege Analysis Policy
- 5.4.5 Step 5: Generate and View a Privilege Analysis Report
- 5.4.6 Step 6: Create a Second Capture Run
- 5.4.7 Step 7: Remove the Components for This Tutorial
-
5.5
Tutorial: Analyzing Privilege Use by a User Who Has the DBA Role
- 5.5.1 Step 1: Create User Accounts
- 5.5.2 Step 2: Create and Enable a Privilege Analysis Policy
- 5.5.3 Step 3: Perform the Database Tuning Operations
- 5.5.4 Step 4: Disable the Privilege Analysis Policy
- 5.5.5 Step 5: Generate and View Privilege Analysis Reports
- 5.5.6 Step 6: Remove the Components for This Tutorial
- 5.6 Privilege Analysis Policy and Report Data Dictionary Views
-
6
Configuring Centrally Managed Users with Microsoft Active Directory
-
6.1
Introduction to Centrally Managed Users with Microsoft Active Directory
- 6.1.1 About the Oracle Database-Microsoft Active Directory Integration
- 6.1.2 How Centrally Managed Users with Microsoft Active Directory Works
- 6.1.3 Centrally Managed User-Microsoft Active Directory Architecture
- 6.1.4 Supported Authentication Methods
- 6.1.5 Users Supported by Centrally Managed Users with Microsoft Active Directory
- 6.1.6 How the Oracle Multitenant Option Affects Centrally Managed Users
-
6.2
Configuring the Oracle Database-Microsoft Active Directory Integration
- 6.2.1 About Configuring the Oracle Database-Microsoft Active Directory Connection
-
6.2.2
Connecting to Microsoft Active Directory
- 6.2.2.1 Step 1: Create an Oracle Service Directory User Account on Microsoft Active Directory and Grant Permissions
- 6.2.2.2 Step 2: For Password Authentication, Install the Password Filter and Extend the Microsoft Active Directory Schema
- 6.2.2.3 Step 3: If Necessary, Install the Oracle Database Software
- 6.2.2.4 Step 4: Create the dsi.ora or ldap.ora File
- 6.2.2.5 Step 5: Request an Active Directory Certificate for a Secure Connection
- 6.2.2.6 Step 6: Create the Wallet for a Secure Connection
-
6.2.2.7
Step 7: Configure the Microsoft Active Directory Connection
- 6.2.2.7.1 About Configuring the Microsoft Active Directory Connection
- 6.2.2.7.2 Configuring the Access Manually Using Database System Parameters
- 6.2.2.7.3 Configuring the Access Using the Database Configuration Assistant GUI
- 6.2.2.7.4 Configuring the Access Using Database Configuration Assistant Silent Mode
- 6.2.2.8 Step 8: Verify the Oracle Wallet
- 6.2.2.9 Step 9: Test the Integration
- 6.3 Configuring Authentication for Centrally Managed Users
-
6.4
Configuring Authorization for Centrally
Managed Users
- 6.4.1 About Configuring Authorization for Centrally Managed Users
- 6.4.2 Mapping a Directory Group to a Shared Database Global User
- 6.4.3 Mapping a Directory Group to a Global Role
- 6.4.4 Exclusively Mapping a Directory User to a Database Global User
- 6.4.5 Altering or Migrating a User Mapping Definition
- 6.4.6 Configuring Administrative Users
- 6.4.7 Verifying the Centrally Managed User Logon Information
- 6.5 Integration of Oracle Database with Microsoft Active Directory Account Policies
- 6.6 Configuring Centrally Managed Users with Oracle Autonomous Database
- 6.7 Troubleshooting Centrally Managed Users
-
6.1
Introduction to Centrally Managed Users with Microsoft Active Directory
-
7
Managing Security for Definer's Rights and Invoker's Rights
- 7.1 About Definer's Rights and Invoker's Rights
- 7.2 How Procedure Privileges Affect Definer's Rights
- 7.3 How Procedure Privileges Affect Invoker's Rights
- 7.4 When You Should Create Invoker's Rights Procedures
-
7.5
Controlling Invoker's Rights Privileges for Procedure Calls and View Access
- 7.5.1 How the Privileges of a Schema Affect the Use of Invoker's Rights Procedures
- 7.5.2 How the INHERIT [ANY] PRIVILEGES Privileges Control Privilege Access
- 7.5.3 Grants of the INHERIT PRIVILEGES Privilege to Other Users
- 7.5.4 Example: Granting INHERIT PRIVILEGES on an Invoking User
- 7.5.5 Example: Revoking INHERIT PRIVILEGES
- 7.5.6 Grants of the INHERIT ANY PRIVILEGES Privilege to Other Users
- 7.5.7 Example: Granting INHERIT ANY PRIVILEGES to a Trusted Procedure Owner
- 7.5.8 Managing INHERIT PRIVILEGES and INHERIT ANY PRIVILEGES
- 7.6 Definer's Rights and Invoker's Rights in Views
-
7.7
Using Code Based Access Control for Definer's Rights and Invoker's Rights
- 7.7.1 About Using Code Based Access Control for Applications
- 7.7.2 Who Can Grant Code Based Access Control Roles to a Program Unit?
- 7.7.3 How Code Based Access Control Works with Invoker's Rights Program Units
- 7.7.4 How Code Based Access Control Works with Definer's Rights Program Units
- 7.7.5 Grants of Database Roles to Users for Their CBAC Grants
- 7.7.6 Grants and Revokes of Database Roles to a Program Unit
-
7.7.7
Tutorial: Controlling Access to Sensitive Data Using Code Based Access Control
- 7.7.7.1 About This Tutorial
- 7.7.7.2 Step 1: Create the User and Grant HR the CREATE ROLE Privilege
- 7.7.7.3 Step 2: Create the print_employees Invoker's Rights Procedure
- 7.7.7.4 Step 3: Create the hr_clerk Role and Grant Privileges for It
- 7.7.7.5 Step 4: Test the Code Based Access Control HR.print_employees Procedure
- 7.7.7.6 Step 5: Create the view_emp_role Role and Grant Privileges for It
- 7.7.7.7 Step 6: Test the HR.print_employees Procedure Again
- 7.7.7.8 Step 7: Remove the Components of This Tutorial
-
7.8
Controlling Definer's Rights Privileges for Database Links
- 7.8.1 About Controlling Definer's Rights Privileges for Database Links
- 7.8.2 Grants of the INHERIT REMOTE PRIVILEGES Privilege to Other Users
- 7.8.3 Example: Granting INHERIT REMOTE PRIVILEGES on a Connected User
- 7.8.4 Grants of the INHERIT ANY REMOTE PRIVILEGES Privilege to Other Users
- 7.8.5 Revokes of the INHERIT [ANY] REMOTE PRIVILEGES Privilege
- 7.8.6 Example: Revoking the INHERIT REMOTE PRIVILEGES Privilege
- 7.8.7 Example: Revoking the INHERIT REMOTE PRIVILEGES Privilege from PUBLIC
-
7.8.8
Tutorial: Using a Database Link in a Definer's Rights Procedure
- 7.8.8.1 About This Tutorial
- 7.8.8.2 Step 1: Create User Accounts
- 7.8.8.3 Step 2: As User dbuser2, Create a Table to Store User IDs
- 7.8.8.4 Step 3: As User dbuser1, Create a Database Link and Definer's Rights Procedure
- 7.8.8.5 Step 4: Test the Definer's Rights Procedure
- 7.8.8.6 Step 5: Remove the Components of This Tutorial
-
8
Managing Fine-Grained Access in PL/SQL Packages and Types
- 8.1 About Managing Fine-Grained Access in PL/SQL Packages and Types
- 8.2 About Fine-Grained Access Control to External Network Services
- 8.3 About Access Control to Oracle Wallets
- 8.4 Upgraded Applications That Depend on Packages That Use External Network Services
- 8.5 Configuring Access Control for External Network Services
-
8.6
Configuring Access Control to an Oracle Wallet
- 8.6.1 About Configuring Access Control to an Oracle Wallet
- 8.6.2 Step 1: Create an Oracle Wallet
- 8.6.3 Step 2: Configure Access Control Privileges for the Oracle Wallet
- 8.6.4 Step 3: Make the HTTP Request with the Passwords and Client Certificates
- 8.6.5 Revoking Access Control Privileges for Oracle Wallets
-
8.7
Examples of Configuring Access Control for External Network Services
- 8.7.1 Example: Configuring Access Control for a Single Role and Network Connection
- 8.7.2 Example: Configuring Access Control for a User and Role
- 8.7.3 Example: Using the DBA_HOST_ACES View to Show Granted Privileges
- 8.7.4 Example: Configuring ACL Access Using Passwords in a Non-Shared Wallet
- 8.7.5 Example: Configuring ACL Access for a Wallet in a Shared Database Session
- 8.8 Specifying a Group of Network Host Computers
- 8.9 Precedence Order for a Host Computer in Multiple Access Control List Assignments
- 8.10 Precedence Order for a Host in Access Control List Assignments with Port Ranges
-
8.11
Checking Privilege Assignments That Affect User Access to Network Hosts
- 8.11.1 About Privilege Assignments that Affect User Access to Network Hosts
- 8.11.2 How to Check User Network Connection and Domain Privileges
- 8.11.3 Example: Administrator Checking User Network Access Control Permissions
- 8.11.4 How Users Can Check Their Network Connection and Domain Privileges
- 8.11.5 Example: User Checking Network Access Control Permissions
- 8.12 Configuring Network Access for Java Debug Wire Protocol Operations
- 8.13 Data Dictionary Views for Access Control Lists Configured for User Access
-
9
Managing Security for a Multitenant Environment in Enterprise Manager
- 9.1 About Managing Security for a Multitenant Environment in Enterprise Manager
- 9.2 Logging into a Multitenant Environment in Enterprise Manager
-
9.3
Managing Common and Local Users in Enterprise Manager
- 9.3.1 Creating a Common User Account in Enterprise Manager
- 9.3.2 Editing a Common User Account in Enterprise Manager
- 9.3.3 Dropping a Common User Account in Enterprise Manager
- 9.3.4 Creating a Local User Account in Enterprise Manager
- 9.3.5 Editing a Local User Account in Enterprise Manager
- 9.3.6 Dropping a Local User Account in Enterprise Manager
-
9.4
Managing Common and Local Roles and Privileges in Enterprise Manager
- 9.4.1 Creating a Common Role in Enterprise Manager
- 9.4.2 Editing a Common Role in Enterprise Manager
- 9.4.3 Dropping a Common Role in Enterprise Manager
- 9.4.4 Revoking Common Privilege Grants in Enterprise Manager
- 9.4.5 Creating a Local Role in Enterprise Manager
- 9.4.6 Editing a Local Role in Enterprise Manager
- 9.4.7 Dropping a Local Role in Enterprise Manager
- 9.4.8 Revoking Local Privilege Grants in Enterprise Manager
-
2
Managing Security for Oracle Database Users
-
Part II Application Development Security
-
10
Managing Security for Application Developers
- 10.1 About Application Security Policies
- 10.2 Considerations for Using Application-Based Security
- 10.3 Securing Passwords in Application Design
-
10.4
Securing External Procedures
- 10.4.1 About Securing External Procedures
- 10.4.2 General Process for Configuring extproc for a Credential Authentication
- 10.4.3 extproc Process Authentication and Impersonation Expected Behaviors
- 10.4.4 Configuring Authentication for External Procedures
- 10.4.5 External Procedures for Legacy Applications
- 10.5 Securing LOBs with LOB Locator Signatures
- 10.6 Managing Application Privileges
- 10.7 Advantages of Using Roles to Manage Application Privileges
- 10.8 Creating Secure Application Roles to Control Access to Applications
- 10.9 Association of Privileges with User Database Roles
- 10.10 Protecting Database Objects by Using Schemas
- 10.11 Object Privileges in an Application
-
10.12
Parameters for Enhanced Security of Database Communication
- 10.12.1 Bad Packets Received on the Database from Protocol Errors
- 10.12.2 Controlling Server Execution After Receiving a Bad Packet
- 10.12.3 Configuration of the Maximum Number of Authentication Attempts
- 10.12.4 Configuring the Display of the Database Version Banner
- 10.12.5 Configuring Banners for Unauthorized Access and Auditing User Actions
-
10
Managing Security for Application Developers
-
Part III Controlling Access to Data
-
11
Using Application Contexts to Retrieve User Information
- 11.1 About Application Contexts
- 11.2 Types of Application Contexts
-
11.3
Using Database Session-Based Application Contexts
- 11.3.1 About Database Session-Based Application Contexts
- 11.3.2 Components of a Database Session-Based Application Context
- 11.3.3 Creating Database Session-Based Application Contexts
-
11.3.4
Creating a Package to Set a Database Session-Based Application Context
- 11.3.4.1 About the Package That Manages the Database Session-Based Application Context
- 11.3.4.2 Using the SYS_CONTEXT Function to Retrieve Session Information
- 11.3.4.3 Checking the SYS_CONTEXT Settings
- 11.3.4.4 Dynamic SQL with SYS_CONTEXT
- 11.3.4.5 SYS_CONTEXT in a Parallel Query
- 11.3.4.6 SYS_CONTEXT with Database Links
- 11.3.4.7 DBMS_SESSION.SET_CONTEXT for Setting Session Information
- 11.3.4.8 Example: Simple Procedure to Create an Application Context Value
- 11.3.5 Logon Triggers to Run a Database Session Application Context Package
- 11.3.6 Example: Creating a Simple Logon Trigger
- 11.3.7 Example: Creating a Logon Trigger for a Production Environment
- 11.3.8 Example: Creating a Logon Trigger for a Development Environment
-
11.3.9
Tutorial: Creating and Using a Database Session-Based Application Context
- 11.3.9.1 Step 1: Create User Accounts and Ensure the User SCOTT Is Active
- 11.3.9.2 Step 2: Create the Database Session-Based Application Context
- 11.3.9.3 Step 3: Create a Package to Retrieve Session Data and Set the Application Context
- 11.3.9.4 Step 4: Create a Logon Trigger for the Package
- 11.3.9.5 Step 5: Test the Application Context
- 11.3.9.6 Step 6: Remove the Components of This Tutorial
-
11.3.10
Initializing Database Session-Based Application Contexts Externally
- 11.3.10.1 About Initializing Database Session-Based Application Contexts Externally
- 11.3.10.2 Default Values from Users
- 11.3.10.3 Values from Other External Resources
- 11.3.10.4 Example: Creating an Externalized Database Session-based Application Context
- 11.3.10.5 Initialization of Application Context Values from a Middle-Tier Server
-
11.3.11
Initializing Database Session-Based Application Contexts Globally
- 11.3.11.1 About Initializing Database Session-Based Application Contexts Globally
- 11.3.11.2 Database Session-Based Application Contexts with LDAP
- 11.3.11.3 How Globally Initialized Database Session-Based Application Contexts Work
- 11.3.11.4 Initializing a Database Session-Based Application Context Globally
- 11.3.12 Externalized Database Session-Based Application Contexts
-
11.4
Global Application Contexts
- 11.4.1 About Global Application Contexts
- 11.4.2 Uses for Global Application Contexts
- 11.4.3 Components of a Global Application Context
- 11.4.4 Global Application Contexts in an Oracle Real Application Clusters Environment
- 11.4.5 Creating Global Application Contexts
-
11.4.6
PL/SQL Package to Manage a Global Application Context
- 11.4.6.1 About the Package That Manages the Global Application Context
- 11.4.6.2 How Editions Affects the Results of a Global Application Context PL/SQL Package
- 11.4.6.3 DBMS_SESSION.SET_CONTEXT username and client_id Parameters
- 11.4.6.4 Sharing Global Application Context Values for All Database Users
- 11.4.6.5 Example: Package to Manage Global Application Values for All Database Users
- 11.4.6.6 Global Contexts for Database Users Who Move Between Applications
- 11.4.6.7 Global Application Context for Nondatabase Users
- 11.4.6.8 Example: Package to Manage Global Application Context Values for Nondatabase Users
- 11.4.6.9 Clearing Session Data When the Session Closes
-
11.4.7
Embedding Calls in Middle-Tier Applications to Manage the Client Session ID
- 11.4.7.1 About Managing Client Session IDs Using a Middle-Tier Application
- 11.4.7.2 Step 1: Retrieve the Client Session ID Using a Middle-Tier Application
- 11.4.7.3 Step 2: Set the Client Session ID Using a Middle-Tier Application
- 11.4.7.4 Step 3: Clear the Session Data Using a Middle-Tier Application
-
11.4.8
Tutorial: Creating a Global Application Context That Uses a Client Session ID
- 11.4.8.1 About This Tutorial
- 11.4.8.2 Step 1: Create User Accounts
- 11.4.8.3 Step 2: Create the Global Application Context
- 11.4.8.4 Step 3: Create a Package for the Global Application Context
- 11.4.8.5 Step 4: Test the Newly Created Global Application Context
- 11.4.8.6 Step 5: Modify the Session ID and Test the Global Application Context Again
- 11.4.8.7 Step 6: Remove the Components of This Tutorial
- 11.4.9 Global Application Context Processes
-
11.5
Using Client Session-Based Application Contexts
- 11.5.1 About Client Session-Based Application Contexts
- 11.5.2 Setting a Value in the CLIENTCONTEXT Namespace
- 11.5.3 Retrieving the CLIENTCONTEXT Namespace
- 11.5.4 Example: Retrieving a Client Session ID Value for Client Session-Based Contexts
- 11.5.5 Clearing a Setting in the CLIENTCONTEXT Namespace
- 11.5.6 Clearing All Settings in the CLIENTCONTEXT Namespace
- 11.6 Application Context Data Dictionary Views
-
12
Using Oracle Virtual Private Database to Control Data Access
-
12.1
About Oracle Virtual Private Database
- 12.1.1 What Is Oracle Virtual Private Database?
- 12.1.2 Benefits of Using Oracle Virtual Private Database Policies
- 12.1.3 Who Can Create Oracle Virtual Private Database Policies?
- 12.1.4 Privileges to Run Oracle Virtual Private Database Policy Functions
- 12.1.5 Oracle Virtual Private Database Use with an Application Context
- 12.1.6 Oracle Virtual Private Database in a Multitenant Environment
- 12.2 Components of an Oracle Virtual Private Database Policy
-
12.3
Configuration of Oracle Virtual Private Database Policies
- 12.3.1 About Oracle Virtual Private Database Policies
- 12.3.2 Attaching a Policy to a Database Table, View, or Synonym
- 12.3.3 Example: Attaching a Simple Oracle Virtual Private Database Policy to a Table
- 12.3.4 Enforcing Policies on Specific SQL Statement Types
- 12.3.5 Example: Specifying SQL Statement Types with DBMS_RLS.ADD_POLICY
-
12.3.6
Control of the Display of Column Data with Policies
- 12.3.6.1 Policies for Column-Level Oracle Virtual Private Database
- 12.3.6.2 Example: Creating a Column-Level Oracle Virtual Private Database Policy
- 12.3.6.3 Display of Only the Column Rows Relevant to the Query
- 12.3.6.4 Column Masking to Display Sensitive Columns as NULL Values
- 12.3.6.5 Example: Adding Column Masking to an Oracle Virtual Private Database Policy
-
12.3.7
Oracle Virtual Private Database Policy Groups
- 12.3.7.1 About Oracle Virtual Private Database Policy Groups
- 12.3.7.2 Creation of a New Oracle Virtual Private Database Policy Group
- 12.3.7.3 Default Policy Group with the SYS_DEFAULT Policy Group
- 12.3.7.4 Multiple Policies for Each Table, View, or Synonym
- 12.3.7.5 Validation of the Application Used to Connect to the Database
-
12.3.8
Optimizing Performance by Using Oracle Virtual Private Database Policy Types
- 12.3.8.1 About Oracle Virtual Private Database Policy Types
- 12.3.8.2 Dynamic Policy Type to Automatically Rerun Policy Functions
- 12.3.8.3 Example: Creating a DYNAMIC Policy with DBMS_RLS.ADD_POLICY
- 12.3.8.4 Static Policy to Prevent Policy Functions from Rerunning for Each Query
- 12.3.8.5 Example: Creating a Static Policy with DBMS_RLS.ADD_POLICY
- 12.3.8.6 Example: Shared Static Policy to Share a Policy with Multiple Objects
- 12.3.8.7 When to Use Static and Shared Static Policies
- 12.3.8.8 Context-Sensitive Policy for Application Context Attributes That Change
- 12.3.8.9 Example: Creating a Context-Sensitive Policy with DBMS_RLS.ADD_POLICY
- 12.3.8.10 Example: Refreshing Cached Statements for a VPD Context-Sensitive Policy
- 12.3.8.11 Example: Altering an Existing Context-Sensitive Policy
- 12.3.8.12 Example: Using a Shared Context Sensitive Policy to Share a Policy with Multiple Objects
- 12.3.8.13 When to Use Context-Sensitive and Shared Context-Sensitive Policies
- 12.3.8.14 Summary of the Five Oracle Virtual Private Database Policy Types
-
12.4
Tutorials: Creating Oracle Virtual Private Database Policies
- 12.4.1 Tutorial: Creating a Simple Oracle Virtual Private Database Policy
-
12.4.2
Tutorial: Implementing a Session-Based Application Context Policy
- 12.4.2.1 About This Tutorial
- 12.4.2.2 Step 1: Create User Accounts and Sample Tables
- 12.4.2.3 Step 2: Create a Database Session-Based Application Context
- 12.4.2.4 Step 3: Create a PL/SQL Package to Set the Application Context
- 12.4.2.5 Step 4: Create a Logon Trigger to Run the Application Context PL/SQL Package
- 12.4.2.6 Step 5: Test the Logon Trigger
- 12.4.2.7 Step 6: Create a PL/SQL Policy Function to Limit User Access to Their Orders
- 12.4.2.8 Step 7: Create the New Security Policy
- 12.4.2.9 Step 8: Test the New Policy
- 12.4.2.10 Step 9: Remove the Components of This Tutorial
-
12.4.3
Tutorial: Implementing an Oracle Virtual Private Database Policy Group
- 12.4.3.1 About This Tutorial
- 12.4.3.2 Step 1: Create User Accounts and Other Components for This Tutorial
- 12.4.3.3 Step 2: Create the Two Policy Groups
- 12.4.3.4 Step 3: Create PL/SQL Functions to Control the Policy Groups
- 12.4.3.5 Step 4: Create the Driving Application Context
- 12.4.3.6 Step 5: Add the PL/SQL Functions to the Policy Groups
- 12.4.3.7 Step 6: Test the Policy Groups
- 12.4.3.8 Step 7: Remove the Components of This Tutorial
-
12.5
How Oracle Virtual Private Database Works with Other Oracle Features
- 12.5.1 Oracle Virtual Private Database Policies with Editions
- 12.5.2 SELECT FOR UPDATE Statement in User Queries on VPD-Protected Tables
- 12.5.3 Oracle Virtual Private Database Policies and Outer or ANSI Joins
- 12.5.4 Oracle Virtual Private Database Security Policies and Applications
- 12.5.5 Automatic Reparsing for Fine-Grained Access Control Policies Functions
- 12.5.6 Oracle Virtual Private Database Policies and Flashback Queries
- 12.5.7 Oracle Virtual Private Database and Oracle Label Security
- 12.5.8 Export of Data Using the EXPDP Utility access_method Parameter
- 12.5.9 User Models and Oracle Virtual Private Database
- 12.6 Oracle Virtual Private Database Data Dictionary Views
-
12.1
About Oracle Virtual Private Database
-
13
Using Transparent Sensitive Data Protection
- 13.1 About Transparent Sensitive Data Protection
- 13.2 General Steps for Using Transparent Sensitive Data Protection
- 13.3 Use Cases for Transparent Sensitive Data Protection Policies
- 13.4 Privileges Required for Using Transparent Sensitive Data Protection
- 13.5 How a Multitenant Environment Affects Transparent Sensitive Data Protection
-
13.6
Creating Transparent Sensitive Data Protection Policies
- 13.6.1 Step 1: Create a Sensitive Type
- 13.6.2 Step 2: Identify the Sensitive Columns to Protect
- 13.6.3 Step 3: Import the Sensitive Columns List from ADM into Your Database
-
13.6.4
Step 4: Create the Transparent Sensitive Data Protection Policy
- 13.6.4.1 About Creating the Transparent Sensitive Data Protection Policy
- 13.6.4.2 Creating the Transparent Sensitive Data Protection Policy
- 13.6.4.3 Setting the Oracle Data Redaction or Virtual Private Database Feature Options
- 13.6.4.4 Setting Conditions for the Transparent Sensitive Data Protection Policy
- 13.6.4.5 Specifying the DBMS_TSDP_PROTECT.ADD_POLICY Procedure
- 13.6.5 Step 5: Associate the Policy with a Sensitive Type
- 13.6.6 Step 6: Enable the Transparent Sensitive Data Protection Policy
- 13.6.7 Step 7: Optionally, Export the Policy to Other Databases
- 13.7 Altering Transparent Sensitive Data Protection Policies
- 13.8 Disabling Transparent Sensitive Data Protection Policies
- 13.9 Dropping Transparent Sensitive Data Protection Policies
-
13.10
Using the Predefined REDACT_AUDIT Policy to Mask Bind Values
- 13.10.1 About the REDACT_AUDIT Policy
-
13.10.2
Variables Associated with Sensitive Columns
- 13.10.2.1 About Variables Associated with Sensitive Columns
- 13.10.2.2 Bind Variables and Sensitive Columns in the Expressions of Conditions
- 13.10.2.3 A Bind Variable and a Sensitive Column Appearing in the Same SELECT Item
- 13.10.2.4 Bind Variables in Expressions Assigned to Sensitive Columns in INSERT or UPDATE Operations
- 13.10.3 How Bind Variables on Sensitive Columns Behave with Views
- 13.10.4 Disabling the REDACT_AUDIT Policy
- 13.10.5 Enabling the REDACT_AUDIT Policy
- 13.11 Transparent Sensitive Data Protection Policies with Data Redaction
-
13.12
Using Transparent Sensitive Data Protection Policies with Oracle VPD Policies
- 13.12.1 About Using TSDP Policies with Oracle Virtual Private Database Policies
- 13.12.2 DBMS_RLS.ADD_POLICY Parameters That Are Used for TSDP Policies
-
13.12.3
Tutorial: Creating a TSDP Policy That Uses Virtual Private Database Protection
- 13.12.3.1 Step 1: Create the hr_appuser User Account
- 13.12.3.2 Step 2: Identify the Sensitive Columns
- 13.12.3.3 Step 3: Create an Oracle Virtual Private Database Function
- 13.12.3.4 Step 4: Create and Enable a Transparent Sensitive Data Protection Policy
- 13.12.3.5 Step 5: Test the Transparent Sensitive Data Protection Policy
- 13.12.3.6 Step 6: Remove the Components of This Tutorial
- 13.13 Using Transparent Sensitive Data Protection Policies with Unified Auditing
- 13.14 Using Transparent Sensitive Data Protection Policies with Fine-Grained Auditing
- 13.15 Using Transparent Sensitive Data Protection Policies with TDE Column Encryption
- 13.16 Transparent Sensitive Data Protection Data Dictionary Views
-
14
Encryption of Sensitive Credential Data in the Data Dictionary
- 14.1 About Encrypting Sensitive Credential Data in the Data Dictionary
- 14.2 How the Multitenant Option Affects the Encryption of Sensitive Data
- 14.3 Encrypting Sensitive Credential Data in System Tables
- 14.4 Rekeying Sensitive Credential Data in the SYS.LINK$ System Table
- 14.5 Deleting Sensitive Credential Data in System Tables
- 14.6 Restoring the Functioning of Database Links After a Lost Keystore
- 14.7 Data Dictionary Views for Encrypted Data Dictionary Credentials
-
15
Manually Encrypting Data
- 15.1 Security Problems That Encryption Does Not Solve
- 15.2 Data Encryption Challenges
- 15.3 Data Encryption Storage with the DBMS_CRYPTO Package
- 15.4 Asymmetric Key Operations with the DBMS_CRYPTO Package
- 15.5 Using Ciphertexts Encrypted in OFB Mode in Oracle Database Release 11g
- 15.6 Examples of Using the Data Encryption API
- 15.7 Data Dictionary Views for Encrypted Data
-
11
Using Application Contexts to Retrieve User Information
-
Part IV Securing Data on the Network
-
16
Configuring Oracle Database Native Network Encryption and Data Integrity
- 16.1 About Oracle Database Native Network Encryption and Data Integrity
- 16.2 Oracle Database Native Network Encryption Data Integrity
- 16.3 Improving Native Network Encryption Security
- 16.4 Data Integrity Algorithms Support
- 16.5 Diffie-Hellman Based Key Negotiation
-
16.6
Configuration of Data Encryption and Integrity
- 16.6.1 About Activating Encryption and Integrity
- 16.6.2 About Negotiating Encryption and Integrity
- 16.6.3 Configuring Encryption and Integrity Parameters Using Oracle Net Manager
-
17
Configuring the Thin JDBC Client Network
- 17.1 About the Java Implementation
- 17.2 Java Database Connectivity Support
- 17.3 Thin JDBC Features
- 17.4 Implementation Overview
- 17.5 Obfuscation of the Java Cryptography Code
-
17.6
Configuration Parameters for the Thin JDBC Network Implementation
- 17.6.1 About the Thin JDBC Network Implementation Configuration Parameters
- 17.6.2 Client Encryption Level Parameter
- 17.6.3 Client Encryption Selected List Parameter
- 17.6.4 Client Integrity Level Parameter
- 17.6.5 Client Integrity Selected List Parameter
- 17.6.6 Client Authentication Service Parameter
- 17.6.7 AnoServices Constants
-
16
Configuring Oracle Database Native Network Encryption and Data Integrity
-
Part V Managing Strong Authentication
-
18
Introduction to Strong Authentication
- 18.1 What Is Strong Authentication?
- 18.2 Centralized Authentication and Single Sign-On
- 18.3 How Centralized Network Authentication Works
- 18.4 Supported Strong Authentication Methods
- 18.5 Oracle Database Native Network Encryption/Strong Authentication Architecture
- 18.6 System Requirements for Strong Authentication
- 18.7 Oracle Database Native Network Encryption and Strong Authentication Restrictions
- 19 Strong Authentication Administration Tools
-
20
Configuring Kerberos Authentication
-
20.1
Enabling Kerberos Authentication
- 20.1.1 Step 1: Install Kerberos
- 20.1.2 Step 2: Configure a Service Principal for an Oracle Database Server
- 20.1.3 Step 3: Extract a Service Key Table from Kerberos
- 20.1.4 Step 4: Install an Oracle Database Server and an Oracle Client
- 20.1.5 Step 5: Configure Oracle Net Services and Oracle Database
- 20.1.6 Step 6: Configure Kerberos Authentication
- 20.1.7 Step 7: Create a Kerberos User
- 20.1.8 Step 8: Create an Externally Authenticated Oracle User
- 20.1.9 Step 9: Get an Initial Ticket for the Kerberos/Oracle User
- 20.2 Utilities for the Kerberos Authentication Adapter
- 20.3 Connecting to an Oracle Database Server Authenticated by Kerberos
-
20.4
Configuring Interoperability with a Windows 2008 Domain Controller KDC
- 20.4.1 About Configuring Interoperability with a Microsoft Windows Server Domain Controller KDC
- 20.4.2 Step 1: Configure Oracle Kerberos Client for Windows 2008 Domain Controller
- 20.4.3 Step 2: Configure a Microsoft Windows Server Domain Controller KDC for the Oracle Client
- 20.4.4 Step 3: Configure Oracle Database for a Microsoft Windows Server Domain Controller KDC
- 20.4.5 Step 4: Obtain an Initial Ticket for the Kerberos/Oracle User
- 20.5 Configuring Kerberos Authentication Fallback Behavior
- 20.6 Troubleshooting the Oracle Kerberos Authentication Configuration
-
20.1
Enabling Kerberos Authentication
-
21
Configuring Secure Sockets Layer Authentication
- 21.1 Secure Sockets Layer and Transport Layer Security
- 21.2 How Oracle Database Uses Secure Sockets Layer for Authentication
- 21.3 How Secure Sockets Layer Works in an Oracle Environment: The SSL Handshake
- 21.4 Public Key Infrastructure in an Oracle Environment
- 21.5 Secure Sockets Layer Combined with Other Authentication Methods
- 21.6 Secure Sockets Layer and Firewalls
- 21.7 Secure Sockets Layer Usage Issues
-
21.8
Enabling Secure Sockets Layer
-
21.8.1
Step 1: Configure Secure Sockets Layer on the Server
- 21.8.1.1 Step 1A: Confirm Wallet Creation on the Server
- 21.8.1.2 Step 1B: Specify the Database Wallet Location on the Server
- 21.8.1.3 Step 1C: Set the Secure Sockets Layer Cipher Suites on the Server (Optional)
- 21.8.1.4 Step 1D: Set the Required Secure Sockets Layer Version on the Server (Optional)
- 21.8.1.5 Step 1E: Set SSL Client Authentication on the Server (Optional)
- 21.8.1.6 Step 1F: Set SSL as an Authentication Service on the Server (Optional)
- 21.8.1.7 Step 1G: Disable SSLv3 on the Server and Client (Optional)
- 21.8.1.8 Step 1H: Create a Listening Endpoint that Uses TCP/IP with SSL on the Server
-
21.8.2
Step 2: Configure Secure Sockets Layer on the Client
- 21.8.2.1 Step 2A: Confirm Client Wallet Creation
- 21.8.2.2 Step 2B: Configure Server DN Matching and Use TCP/IP with SSL on the Client
- 21.8.2.3 Step 2C: Specify Required Client SSL Configuration (Wallet Location)
- 21.8.2.4 Step 2D: Set the Client Secure Sockets Layer Cipher Suites (Optional)
- 21.8.2.5 Step 2E: Set the Required SSL Version on the Client (Optional)
- 21.8.2.6 Step 2F: Set SSL as an Authentication Service on the Client (Optional)
- 21.8.2.7 Step 2G: Specify the Certificate to Use for Authentication on the Client (Optional)
- 21.8.3 Step 3: Log in to the Database Instance
-
21.8.1
Step 1: Configure Secure Sockets Layer on the Server
- 21.9 Troubleshooting the Secure Sockets Layer Configuration
-
21.10
Certificate Validation with Certificate Revocation Lists
- 21.10.1 About Certificate Validation with Certificate Revocation Lists
- 21.10.2 What CRLs Should You Use?
- 21.10.3 How CRL Checking Works
- 21.10.4 Configuring Certificate Validation with Certificate Revocation Lists
-
21.10.5
Certificate Revocation List Management
- 21.10.5.1 About Certificate Revocation List Management
- 21.10.5.2 Displaying orapki Help for Commands That Manage CRLs
- 21.10.5.3 Renaming CRLs with a Hash Value for Certificate Validation
- 21.10.5.4 Uploading CRLs to Oracle Internet Directory
- 21.10.5.5 Listing CRLs Stored in Oracle Internet Directory
- 21.10.5.6 Viewing CRLs in Oracle Internet Directory
- 21.10.5.7 Deleting CRLs from Oracle Internet Directory
- 21.10.6 Troubleshooting CRL Certificate Validation
- 21.10.7 Oracle Net Tracing File Error Messages Associated with Certificate Validation
- 21.11 Configuring Your System to Use Hardware Security Modules
-
22
Configuring RADIUS Authentication
- 22.1 About Configuring RADIUS Authentication
- 22.2 RADIUS Components
- 22.3 RADIUS Authentication Modes
-
22.4
Enabling RADIUS Authentication, Authorization, and Accounting
- 22.4.1 Step 1: Configure RADIUS Authentication
- 22.4.2 Step 2: Create a User and Grant Access
- 22.4.3 Step 3: Configure External RADIUS Authorization (Optional)
- 22.4.4 Step 4: Configure RADIUS Accounting
- 22.4.5 Step 5: Add the RADIUS Client Name to the RADIUS Server Database
- 22.4.6 Step 6: Configure the Authentication Server for Use with RADIUS
- 22.4.7 Step 7: Configure the RADIUS Server for Use with the Authentication Server
- 22.4.8 Step 8: Configure Mapping Roles
- 22.5 Using RADIUS to Log in to a Database
- 22.6 RSA ACE/Server Configuration Checklist
- 23 Customizing the Use of Strong Authentication
-
18
Introduction to Strong Authentication
-
Part VI Monitoring Database Activity with Auditing
-
24
Introduction to Auditing
- 24.1 What Is Auditing?
- 24.2 Why Is Auditing Used?
- 24.3 Best Practices for Auditing
- 24.4 What Is Unified Auditing?
- 24.5 Benefits of the Unified Audit Trail
- 24.6 Checking if Your Database Has Migrated to Unified Auditing
- 24.7 Mixed Mode Auditing
- 24.8 Who Can Perform Auditing?
- 24.9 Unified Auditing in a Multitenant Environment
- 24.10 Auditing in a Distributed Database
-
25
Configuring Audit Policies
- 25.1 Selecting an Auditing Type
-
25.2
Auditing Activities with Unified Audit Policies and the AUDIT Statement
- 25.2.1 About Auditing Activities with Unified Audit Policies and AUDIT
- 25.2.2 Best Practices for Creating Unified Audit Policies
- 25.2.3 Syntax for Creating a Unified Audit Policy
- 25.2.4 Auditing Roles
-
25.2.5
Auditing System Privileges
- 25.2.5.1 About System Privilege Auditing
- 25.2.5.2 System Privileges That Can Be Audited
- 25.2.5.3 System Privileges That Cannot Be Audited
- 25.2.5.4 Configuring a Unified Audit Policy to Capture System Privilege Use
- 25.2.5.5 Example: Auditing a User Who Has ANY Privileges
- 25.2.5.6 Example: Using a Condition to Audit a System Privilege
- 25.2.5.7 How System Privilege Unified Audit Policies Appear in the Audit Trail
- 25.2.6 Auditing Administrative Users
-
25.2.7
Auditing Object Actions
- 25.2.7.1 About Auditing Object Actions
- 25.2.7.2 Object Actions That Can Be Audited
- 25.2.7.3 Configuring an Object Action Unified Audit Policy
- 25.2.7.4 Example: Auditing Actions on SYS Objects
- 25.2.7.5 Example: Auditing Multiple Actions on One Object
- 25.2.7.6 Example: Auditing Both Actions and Privileges on an Object
- 25.2.7.7 Example: Auditing All Actions on a Table
- 25.2.7.8 Example: Auditing All Actions in the Database
- 25.2.7.9 How Object Action Unified Audit Policies Appear in the Audit Trail
- 25.2.7.10 Auditing Functions, Procedures, Packages, and Triggers
- 25.2.7.11 Auditing of Oracle Virtual Private Database Predicates
- 25.2.7.12 Audit Policies for Oracle Virtual Private Database Policy Functions
- 25.2.7.13 Unified Auditing with Editioned Objects
- 25.2.8 Auditing the READ ANY TABLE and SELECT ANY TABLE Privileges
- 25.2.9 Auditing SQL Statements and Privileges in a Multitier Environment
-
25.2.10
Creating a Condition for a Unified Audit Policy
- 25.2.10.1 About Conditions in Unified Audit Policies
- 25.2.10.2 Configuring a Unified Audit Policy with a Condition
- 25.2.10.3 Example: Auditing Access to SQL*Plus
- 25.2.10.4 Example: Auditing Actions Not in Specific Hosts
- 25.2.10.5 Example: Auditing Both a System-Wide and a Schema-Specific Action
- 25.2.10.6 Example: Auditing a Condition Per Statement Occurrence
- 25.2.10.7 Example: Unified Audit Session ID of a Current Administrative User Session
- 25.2.10.8 Example: Unified Audit Session ID of a Current Non-Administrative User Session
- 25.2.10.9 How Audit Records from Conditions Appear in the Audit Trail
-
25.2.11
Auditing Application Context Values
- 25.2.11.1 About Auditing Application Context Values
- 25.2.11.2 Configuring Application Context Audit Settings
- 25.2.11.3 Disabling Application Context Audit Settings
- 25.2.11.4 Example: Auditing Application Context Values in a Default Database
- 25.2.11.5 Example: Auditing Application Context Values from Oracle Label Security
- 25.2.11.6 How Audited Application Contexts Appear in the Audit Trail
-
25.2.12
Auditing Oracle Database Real Application Security Events
- 25.2.12.1 About Auditing Oracle Database Real Application Security Events
- 25.2.12.2 Oracle Database Real Application Security Auditable Events
- 25.2.12.3 Oracle Database Real Application Security User, Privilege, and Role Audit Events
- 25.2.12.4 Oracle Database Real Application Security Security Class and ACL Audit Events
- 25.2.12.5 Oracle Database Real Application Security Session Audit Events
- 25.2.12.6 Oracle Database Real Application Security ALL Events
- 25.2.12.7 Configuring a Unified Audit Policy for Oracle Database Real Application Security
- 25.2.12.8 Example: Auditing Real Application Security User Account Modifications
- 25.2.12.9 Example: Using a Condition in a Real Application Security Unified Audit Policy
- 25.2.12.10 How Oracle Database Real Application Security Events Appear in the Audit Trail
- 25.2.13 Auditing Oracle Recovery Manager Events
-
25.2.14
Auditing Oracle Database Vault Events
- 25.2.14.1 About Auditing Oracle Database Vault Events
- 25.2.14.2 Who Is Audited in Oracle Database Vault?
- 25.2.14.3 About Oracle Database Vault Unified Audit Trail Events
- 25.2.14.4 Oracle Database Vault Realm Audit Events
- 25.2.14.5 Oracle Database Vault Rule Set and Rule Audit Events
- 25.2.14.6 Oracle Database Vault Command Rule Audit Events
- 25.2.14.7 Oracle Database Vault Factor Audit Events
- 25.2.14.8 Oracle Database Vault Secure Application Role Audit Events
- 25.2.14.9 Oracle Database Vault Oracle Label Security Audit Events
- 25.2.14.10 Oracle Database Vault Oracle Data Pump Audit Events
- 25.2.14.11 Oracle Database Vault Enable and Disable Audit Events
- 25.2.14.12 Configuring a Unified Audit Policy for Oracle Database Vault
- 25.2.14.13 Example: Auditing an Oracle Database Vault Realm
- 25.2.14.14 Example: Auditing an Oracle Database Vault Rule Set
- 25.2.14.15 Example: Auditing Two Oracle Database Vault Events
- 25.2.14.16 Example: Auditing Oracle Database Vault Factors
- 25.2.14.17 How Oracle Database Vault Audited Events Appear in the Audit Trail
-
25.2.15
Auditing Oracle Label Security Events
- 25.2.15.1 About Auditing Oracle Label Security Events
- 25.2.15.2 Oracle Label Security Unified Audit Trail Events
- 25.2.15.3 Oracle Label Security Auditable User Session Labels
- 25.2.15.4 Configuring a Unified Audit Policy for Oracle Label Security
- 25.2.15.5 Example: Auditing Oracle Label Security Session Label Attributes
- 25.2.15.6 Example: Excluding a User from an Oracle Label Security Policy
- 25.2.15.7 Example: Auditing Oracle Label Security Policy Actions
- 25.2.15.8 Example: Querying for Audited OLS Session Labels
- 25.2.15.9 How Oracle Label Security Audit Events Appear in the Audit Trail
-
25.2.16
Auditing Oracle Data Mining Events
- 25.2.16.1 About Auditing Oracle Data Mining Events
- 25.2.16.2 Oracle Data Mining Unified Audit Trail Events
- 25.2.16.3 Configuring a Unified Audit Policy for Oracle Data Mining
- 25.2.16.4 Example: Auditing Multiple Oracle Data Mining Operations by a User
- 25.2.16.5 Example: Auditing All Failed Oracle Data Mining Operations by a User
- 25.2.16.6 How Oracle Data Mining Events Appear in the Audit Trail
-
25.2.17
Auditing Oracle Data Pump Events
- 25.2.17.1 About Auditing Oracle Data Pump Events
- 25.2.17.2 Oracle Data Pump Unified Audit Trail Events
- 25.2.17.3 Configuring a Unified Audit Policy for Oracle Data Pump
- 25.2.17.4 Example: Auditing Oracle Data Pump Import Operations
- 25.2.17.5 Example: Auditing All Oracle Data Pump Operations
- 25.2.17.6 How Oracle Data Pump Audited Events Appear in the Audit Trail
-
25.2.18
Auditing Oracle SQL*Loader Direct Load Path Events
- 25.2.18.1 About Auditing in Oracle SQL*Loader Direct Path Load Events
- 25.2.18.2 Oracle SQL*Loader Direct Load Path Unified Audit Trail Events
- 25.2.18.3 Configuring a Unified Audit Trail Policy for Oracle SQL*Loader Direct Path Events
- 25.2.18.4 Example: Auditing Oracle SQL*Loader Direct Path Load Operations
- 25.2.18.5 How SQL*Loader Direct Path Load Audited Events Appear in the Audit Trail
- 25.2.19 Auditing Only Top-Level Statements
-
25.2.20
Unified Audit Policies or AUDIT Settings in a Multitenant Environment
- 25.2.20.1 About Local, CDB Common, and Application Common Audit Policies
- 25.2.20.2 Traditional Auditing in a Multitenant Environment
- 25.2.20.3 Configuring a Local Unified Audit Policy or Common Unified Audit Policy
- 25.2.20.4 Example: Local Unified Audit Policy
- 25.2.20.5 Example: CDB Common Unified Audit Policy
- 25.2.20.6 Example: Application Common Unified Audit Policy
- 25.2.20.7 How Local or Common Audit Policies or Settings Appear in the Audit Trail
-
25.2.21
Altering Unified Audit Policies
- 25.2.21.1 About Altering Unified Audit Policies
- 25.2.21.2 Altering a Unified Audit Policy
- 25.2.21.3 Example: Altering a Condition in a Unified Audit Policy
- 25.2.21.4 Example: Altering an Oracle Label Security Component in a Unified Audit Policy
- 25.2.21.5 Example: Altering Roles in a Unified Audit Policy
- 25.2.21.6 Example: Dropping a Condition from a Unified Audit Policy
- 25.2.21.7 Example: Altering an Existing Unified Audit Policy Top-Level Statement Audits
- 25.2.22 Enabling and Applying Unified Audit Policies to Users and Roles
- 25.2.23 Disabling Unified Audit Policies
- 25.2.24 Dropping Unified Audit Policies
- 25.2.25 Tutorial: Auditing Nondatabase Users
-
25.3
Auditing Activities with the Predefined Unified Audit Policies
- 25.3.1 Logon Failures Predefined Unified Audit Policy
- 25.3.2 Secure Options Predefined Unified Audit Policy
- 25.3.3 Oracle Database Parameter Changes Predefined Unified Audit Policy
- 25.3.4 User Account and Privilege Management Predefined Unified Audit Policy
- 25.3.5 Center for Internet Security Recommendations Predefined Unified Audit Policy
- 25.3.6 Oracle Database Real Application Security Predefined Audit Policies
- 25.3.7 Oracle Database Vault Predefined Unified Audit Policy for DVSYS and LBACSYS Schemas
- 25.3.8 Oracle Database Vault Predefined Unified Audit Policy for Default Realms and Command Rules
-
25.4
Auditing Specific Activities with Fine-Grained Auditing
- 25.4.1 About Fine-Grained Auditing
- 25.4.2 Where Are Fine-Grained Audit Records Stored?
- 25.4.3 Who Can Perform Fine-Grained Auditing?
- 25.4.4 Fine-Grained Auditing on Tables or Views That Have Oracle VPD Policies
- 25.4.5 Fine-Grained Auditing in a Multitenant Environment
- 25.4.6 Fine-Grained Audit Policies with Editions
-
25.4.7
Using the DBMS_FGA PL/SQL Package to Manage Fine-Grained Audit Policies
- 25.4.7.1 About the DBMS_FGA PL/SQL PL/SQL Package
- 25.4.7.2 The DBMS_FGA PL/SQL Package with Editions
- 25.4.7.3 The DBMS_FGA PL/SQL Package in a Multitenant Environment
- 25.4.7.4 Creating a Fine-Grained Audit Policy
- 25.4.7.5 Example: Using DBMS_FGA.ADD_POLICY to Create a Fine-Grained Audit Policy
- 25.4.7.6 Disabling a Fine-Grained Audit Policy
- 25.4.7.7 Enabling a Fine-Grained Audit Policy
- 25.4.7.8 Dropping a Fine-Grained Audit Policy
-
25.4.8
Tutorial: Adding an Email Alert to a Fine-Grained Audit Policy
- 25.4.8.1 About This Tutorial
- 25.4.8.2 Step 1: Install and Configure the UTL_MAIL PL/SQL Package
- 25.4.8.3 Step 2: Create User Accounts
- 25.4.8.4 Step 3: Configure an Access Control List File for Network Services
- 25.4.8.5 Step 4: Create the Email Security Alert PL/SQL Procedure
- 25.4.8.6 Step 5: Create and Test the Fine-Grained Audit Policy Settings
- 25.4.8.7 Step 6: Test the Alert
- 25.4.8.8 Step 7: Remove the Components of This Tutorial
- 25.5 Audit Policy Data Dictionary Views
-
26
Administering the Audit Trail
-
26.1
Managing the Unified Audit Trail
- 26.1.1 When and Where Are Audit Records Created?
- 26.1.2 Activities That Are Mandatorily Audited
- 26.1.3 How Do Cursors Affect Auditing?
- 26.1.4 Writing the Unified Audit Trail Records to the AUDSYS Schema
- 26.1.5 Writing the Unified Audit Trail Records to SYSLOG or the Windows Event Viewer
- 26.1.6 When Audit Records Are Written to the Operating System
- 26.1.7 Moving Operating System Audit Records into the Unified Audit Trail
- 26.1.8 Exporting and Importing the Unified Audit Trail Using Oracle Data Pump
- 26.1.9 Disabling Unified Auditing
- 26.2 Archiving the Audit Trail
- 26.3 Purging Audit Trail Records
- 26.4 Audit Trail Management Data Dictionary Views
-
26.1
Managing the Unified Audit Trail
-
24
Introduction to Auditing
-
Appendixes
-
A
Keeping Your Oracle Database Secure
- A.1 About the Oracle Database Security Guidelines
- A.2 Downloading Security Patches and Contacting Oracle Regarding Vulnerabilities
- A.3 Guidelines for Securing User Accounts and Privileges
- A.4 Guidelines for Securing Roles
- A.5 Guidelines for Securing Passwords
- A.6 Guidelines for Securing Data
- A.7 Guidelines for Securing the ORACLE_LOADER Access Driver
- A.8 Guidelines for Securing a Database Installation and Configuration
- A.9 Guidelines for Securing the Network
- A.10 Guideline for Securing External Procedures
- A.11 Guidelines for Auditing
- A.12 Addressing the CONNECT Role Change
-
B
Data Encryption and Integrity Parameters
- B.1 About Using sqlnet.ora for Data Encryption and Integrity
- B.2 Sample sqlnet.ora File
-
B.3
Data Encryption and Integrity Parameters
- B.3.1 About the Data Encryption and Integrity Parameters
- B.3.2 SQLNET.ENCRYPTION_SERVER
- B.3.3 SQLNET.ENCRYPTION_CLIENT
- B.3.4 SQLNET.CRYPTO_CHECKSUM_SERVER
- B.3.5 SQLNET.CRYPTO_CHECKSUM_CLIENT
- B.3.6 SQLNET.ENCRYPTION_TYPES_SERVER
- B.3.7 SQLNET.ENCRYPTION_TYPES_CLIENT
- B.3.8 SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER
- B.3.9 SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT
-
C
Kerberos, SSL, and RADIUS Authentication Parameters
- C.1 Parameters for Clients and Servers Using Kerberos Authentication
-
C.2
Parameters for Clients and Servers Using Secure Sockets Layer
- C.2.1 Ways to Configure a Parameter for Secure Sockets Layer
- C.2.2 Secure Sockets Layer Authentication Parameters for Clients and Servers
- C.2.3 Cipher Suite Parameters for Secure Sockets Layer
- C.2.4 Supported Secure Sockets Layer Cipher Suites
- C.2.5 Secure Sockets Layer Version Parameters
- C.2.6 Secure Sockets Layer Client Authentication Parameters
- C.2.7 Secure Sockets Layer X.509 Server Match Parameters
- C.2.8 Oracle Wallet Location
-
C.3
Parameters for Clients and Servers Using RADIUS Authentication
-
C.3.1
sqlnet.ora File Parameters
- C.3.1.1 SQLNET.AUTHENTICATION_SERVICES
- C.3.1.2 SQLNET.RADIUS_ALTERNATE
- C.3.1.3 SQLNET.RADIUS_ALTERNATE_PORT
- C.3.1.4 SQLNET.RADIUS_ALTERNATE_TIMEOUT
- C.3.1.5 SQLNET.RADIUS_ALTERNATE_RETRIES
- C.3.1.6 SQLNET.RADIUS_AUTHENTICATION
- C.3.1.7 SQLNET.RADIUS_AUTHENTICATION_INTERFACE
- C.3.1.8 SQLNET.RADIUS_AUTHENTICATION_PORT
- C.3.1.9 SQLNET.RADIUS_AUTHENTICATION_TIMEOUT
- C.3.1.10 SQLNET.RADIUS_AUTHENTICATION_RETRIES
- C.3.1.11 SQLNET.RADIUS_CHALLENGE_RESPONSE
- C.3.1.12 SQLNET.RADIUS_CHALLENGE_KEYWORD
- C.3.1.13 SQLNET.RADIUS_CLASSPATH
- C.3.1.14 SQLNET.RADIUS_SECRET
- C.3.1.15 SQLNET.RADIUS_SEND_ACCOUNTING
- C.3.2 Minimum RADIUS Parameters
- C.3.3 Initialization File Parameter for RADIUS
-
C.3.1
sqlnet.ora File Parameters
- D Integrating Authentication Devices Using RADIUS
- E Oracle Database FIPS 140-2 Settings
-
F
Managing Public Key Infrastructure (PKI) Elements
- F.1 Uses of the orapki Utility
- F.2 orapki Utility Syntax
- F.3 Creating Signed Certificates for Testing Purposes
- F.4 Viewing a Certificate
- F.5 Controlling MD5 and SHA-1 Certificate Use
-
F.6
Managing Oracle Wallets with orapki Utility
- F.6.1 About Managing Wallets with orapki
-
F.6.2
Creating, Viewing, and Modifying Wallets with orapki
- F.6.2.1 Creating a PKCS#12 Wallet
- F.6.2.2 Creating an Auto-Login Wallet
- F.6.2.3 Creating an Auto-Login Wallet That Is Associated with a PKCS#12 Wallet
- F.6.2.4 Creating an Auto-Login Wallet That Is Local to the Computer and User Who Created It
- F.6.2.5 Viewing a Wallet
- F.6.2.6 Modifying the Password for a Wallet
- F.6.2.7 Converting an Oracle Wallet to Use the AES256 Algorithm
-
F.6.3
Adding Certificates and Certificate Requests to Oracle Wallets with orapki
- F.6.3.1 Adding a Certificate Request to an Oracle Wallet
- F.6.3.2 Adding a Trusted Certificate to an Oracle Wallet
- F.6.3.3 Adding a Root Certificate to an Oracle Wallet
- F.6.3.4 Adding a User Certificate to an Oracle Wallet
- F.6.3.5 Verifying Credentials on the Hardware Device That Uses a PKCS#11 Wallet
- F.6.3.6 Adding PKCS#11 Information to an Oracle Wallet
- F.6.4 Exporting Certificates and Certificate Requests from Oracle Wallets with orapki
- F.7 Management of Certificate Revocation Lists (CRLs) with orapki Utility
- F.8 orapki Usage
-
F.9
orapki Utility Commands Summary
- F.9.1 orapki cert create
- F.9.2 orapki cert display
- F.9.3 orapki crl delete Command
- F.9.4 orapki crl display
- F.9.5 orapki crl hash
- F.9.6 orapki crl list
- F.9.7 orapki crl upload
- F.9.8 orapki wallet add
- F.9.9 orapki wallet convert
- F.9.10 orapki wallet create
- F.9.11 orapki wallet display
- F.9.12 orapki wallet export
- G How the Unified Auditing Migration Affects Individual Audit Features
-
A
Keeping Your Oracle Database Secure
- Glossary
- Index