Index

A

access control entry (ACE)
- about 1.2.5
- definition 4.3.1
access control lists (ACL)
- about 1.2.6
- directories
  - trace files, using to resolve predicate errors 5.4.3
- dynamic data realm constraints
  - about 5.4.2
  - ACL evaluation order 5.6.3
- evaluation order 5.6.3
- static data realm constraints
  - ACL evaluation order 5.6.3
- static data realms
  - about 5.4.2
- user-managed
  - example 5.6.2
ACE
- definition 4.3.1
- evaluation order 4.3.9
acl
- troubleshooting D.2.4
ACL
- adding ACE 4.3.4
- binding 4.5
- changing security class 4.3.4
- constraining inheritance 4.3.10.2
- create 4.3.2
- extending inheritance 4.3.10.1
- identifiers
  - master-detail tables, retrieving ACL identifiers for 10.4
- inheritance 4.3.10
  - constraining 4.3.10.2
  - extending 4.3.10.1
- inheritance|ACL
  - changing parent ACL 4.3.4
- multilevel authentication 4.3.6
- removing ACL 4.3.4
- scope
  - definition 4.2.3
ACLS
- See: access control lists
ACLs and ACEs
- about 4.3.1
- creating 4.3.2
aggregate privilege
- about 1.2.3
- benefits 1.2.3
- definition 4.1.1
ALL_XDS_ACL_REFRESH view 9.54
ALL_XDS_ACL_REFSTAT view 9.55
ALL_XDS_LATEST_ACL_REFSTAT view 9.56
ALL_XS_ACES view 9.29
ALL_XS_ACL_PARAMETERS view 9.41
ALL_XS_ACLS view 9.26
ALL_XS_APPLIED_POLICIES view 9.46
ALL_XS_COLUMN_CONSTRAINTS view 9.44
ALL_XS_IMPLIED_PRIVILEGES view 9.16
ALL_XS_INHERITED_REALMS view 9.38
ALL_XS_POLICIES view 9.32
ALL_XS_PRIVILEGES view 9.13
ALL_XS_REALM_CONSTRAINTS view 9.35
ALL_XS_SECURITY_CLASS_DEP view 9.23
ALL_XS_SECURITY_CLASSES view 9.20
ALL grant 4.1.1.1
ALL privilege 4.1.1.1
anonymous user 7.1
application integration
- support for external users and roles 7.1
application privileges
- about 1.2.3
- granting to principles 2.4
application roles
- about 1.2.2, 2.2.1
- creating dynamic role 2.2.2.2, 2.2.3.2
- creating regular role 2.2.2.1, 2.2.3.1
- granting database role to an application role 2.4.3
- granting to another application role 2.4.2
- granting to existing application user 2.4.1.2
- granting to new application user 2.4.1.1
- using effective dates 2.3
- validating 2.2.3.3
application sessions
- about 3.1
- advantages 3.1.2
- attaching 3.2.3
- cookies, setting for 3.2.4
- creating 3.1.1, 3.2.1, 11.1.4.1
- creating anonymous application session 3.2.2
- database session
  - attaching to 11.1.4.2
  - detaching from 11.1.4.18
- destroying 11.1.4.19
- event handling 3.2.8
- global callback events, using 3.2.8
- namespace
  - creating 11.1.4.5
  - deleting 11.1.4.11
- namespaces
  - attributes, getting 3.3.4
  - attributes, setting 3.3.3
  - attribute values, getting 11.1.4.8
  - attribute values, setting 11.1.4.7
  - deleting 3.3.6
- roles
  - disabling for specified session 11.1.4.13
  - enabling for specified session 11.1.4.12
- roles, disabling from session 3.3.8
- roles, enabling for session 3.3.7
- saving 11.1.4.17
- security context, setting 11.1.4.4
- session cookie
  - setting 11.1.4.14
- session state manipulating 3.3
- switch user 11.1.4.4
- troubleshooting D.2.1
- users, assigning to 3.2.5
- users, creating namespace templates 3.3.1.3
- users, custom attributes 3.3.5
- users, destroying 3.2.11
- users, detaching from 3.2.10
- users, initializing namespaces 3.3.2.1, 3.3.2.2, 3.3.2.3, 3.3.2.4
- users, initializing namespaces explicitly 3.3.2.5
- users, switching to 3.2.6
application sessions in the database
- architecture figure 3.1.1
application user roles
- application sessions, disabling from 3.3.8
- application sessions, enabling for 3.3.7
- disabling for specified session 11.1.4.13
- enabling for specified session 11.1.4.12
application users
- about 1.2.2, 2.1.1
- application sessions, assigning to 3.2.5
- application sessions, creating namespace templates 3.3.1.3
- application sessions, custom attributes 3.3.5
- application sessions, destroying 3.2.11
- application sessions, detaching from 3.2.10
- application sessions, initializing namespaces 3.3.2.1, 3.3.2.2, 3.3.2.3, 3.3.2.4
- application sessions, initializing namespaces explicitly 3.3.2.5
- application sessions, switching to 3.2.6
- compared with database user 1.2.2.1
- creating 2.1.1.1
  - direct login users 2.1.3.2
- creating direct login user 2.1.3.1
- definition 1.2.2
- general procedure 2.1.1.1
- modifying 2.1.1.1
- validating 2.1.6
application users and roles
- troubleshooting D.2.2
applying
- additional application privileges
  - to a column 5.5
assigning
- an application user to an anonymous application session 3.2.5
attaching
- an application session 3.2.3
auditing
- DBA_XS_AUDIT_POLICY_OPTIONS view 1.6
- DBA_XS_AUDIT_TRAIL view 1.6
- DBA_XS_ENB_AUDIT_POLICIES view 1.6
- in an Oracle Database Real Application Security environment 1.6
- unified auditing 1.6, 9
authentication
- multilevel 4.3.6
- strong 4.3.6
- weak 4.3.6

C

callback event handler procedure
- creating 3.2.7
checking
- ACLs for a privilege 4.3.5
checking security attribute
- using getSecurityAttribute method
  - SecurityAttribute returns value ENABLED B.2.1
  - SecurityAttribute returns value NONE B.2.1
  - SecurityAttribute returns value UNKNOWN B.2.1
checking user authorization indicator
- using getAuthorizationIndicator method
  - AuthorizationIndicator returns value NONE B.2.2
  - AuthorizationIndicator returns value UNAUTHORIZED B.2.2
  - AuthorizationIndicator returns value UNKNOWN B.2.2
COLUMN_AUTH_INDICATOR function 10.1
column authorization
- JDBCI interface B.2
- OCI interface B.1
column-level security 5.5
configuring
- an application role 2.2.3
- application roles 2.2
- application users 2.1
- application user switch
  - proxying an application user 2.1.5
- global callback event handlers
  - for an application session 3.2.8
constraining ACL inheritance
- definition 4.3.10.2
cookies
- application sessions, setting for 3.2.4
create views
- using BEQUEATH clause 5.9
creating
- ACLs and ACEs 4.3.2
- anonymous application session 3.2.2
- application sessions 3.2.1
- application user accounts 2.1.1.1
- application users 2.1.1.1
- custom attributes
  - in application session 3.3.5
- direct login user 2.1.3.1
- dynamic application role 2.2.2.2, 2.2.3.2
- namespaces
  - using namespace templates 3.3.1
- namespace templates 3.3.1.3
- regular application role 2.2.2.1, 2.2.3.1
- security class 4.2.2
- simple application user account 2.1.2

D

database role
- about 1.2.2
database user
- about 1.2.2
- compared with application user 1.2.2.1
data realm constraints
- affect on database tables 5.6.2
- membership methods 5.4.1
- membership rule (WHERE predicate)
  - about 5.4.1
- membership rules
  - session variables, guideline for 5.4.1
- parameterized
  - about 5.4.1
- types defined by WHERE predicates 5.4.1
data realms 5.4.2
- See also: dynamic data realms, static data realms
- about 5.1
- definition 4.4.1
- structure 5.4.1
data security
- about 5.1
- ACLs 4.4
- automatic refreshment for static ACL 11.5.3.1
- troubleshooting D.2.5
- with Oracle Database Real Application Security 1.2.1
data security documents
- example 5.3
- privileges
  - security checks, how handled 5.8.1
- privileges, column-level security 5.5
DataSecurity module 4.4.1
data security policy
- tables
  - enabling 11.4.3.13
  - removing from 11.4.3.12
data security privileges
- alter refreshment for static ACL 11.3.4.2, 11.5.3.2
- automatic refreshment for static ACL 11.3.4.1
DBA_XDS_ACL_REFRESH view 9.57
DBA_XDS_ACL_REFSTAT view 9.58
DBA_XDS_LATEST_ACL_REFSTAT view 9.59
DBA_XS_ACES view 4.3.1, 4.3.11, 9.27
DBA_XS_ACL_PARAMETERS view 9.39
DBA_XS_ACLS view 4.3.11, 9.24
DBA_XS_ACTIVE_SESSIONS view 9.49
DBA_XS_APPLIED_POLICIES view 9.45
DBA_XS_AUDIT_POLICY_OPTIONS view 1.6, 9
DBA_XS_AUDIT_TRAIL view 1.6, 9
DBA_XS_COLUMN_CONSTRAINTS view 9.42
DBA_XS_DYNAMIC_ROLES view 9.8
DBA_XS_ENB_AUDIT_POLICIES view 1.6, 9
DBA_XS_EXTERNAL_PRINICIPALS view 9.3
DBA_XS_IMPLIED_PRIVILEGES view 9.14
DBA_XS_INHERITED_REALMS view 9.36
DBA_XS_MODIFIED_POLICIES view 9.47
DBA_XS_NS_TEMPLATE_ATTRIBUTES view 9.53
DBA_XS_NS_TEMPLATES view 9.52
DBA_XS_OBJECTS view 9.1
DBA_XS_POLICIES view 9.30
DBA_XS_PRINICIPALS view 9.2
DBA_XS_PRIVILEGE_GRANTS view 9.17
DBA_XS_PRIVILEGES view 4.3.12, 9.11
DBA_XS_PROXY_ROLES view 9.9
DBA_XS_REALM_CONSTRAINTS view 9.33
DBA_XS_ROLE_GRANTS view 9.10
DBA_XS_ROLES view 9.7
DBA_XS_SECURITY_CLASS_DEP view 4.3.12, 9.21
DBA_XS_SECURITY_CLASSES view 4.3.12, 9.18
DBA_XS_SESSION_NS_ATTRIBUTES view 9.51
DBA_XS_SESSION_ROLES view 9.50
DBA_XS_SESSIONS view 9.48
DBA_XS_USERS view 9.4
DBMS_XS_SESSIONS PL/SQL package
- about 11.1
- ADD_GLOBAL_CALLBACK 11.1.4.20
- ASSIGN_USER 3.3.2.3
- ATTACH_SESSION 3.3.2.2
- constants 11.1.2
- CREATE_ATTRIBUTE 3.3.5
- CREATE_NAMESPACE 3.3.2.5
- CREATE_SESSION 3.3.2.1
- DELETE_GLOBAL_CALLBACK 3.2.8, 11.1.4.22
- DELETE_NAMESPACE 3.3.6
- DESTROY_SESSION 3.2.11
- DETACH_SESSION 3.2.10
- DISABLE_ROLE 3.3.8
- ENABLE_GLOBAL_CALLBACK 11.1.4.21
- ENABLE_ROLE 3.3.7
- GET_ATTRIBUTE 3.3.4
- object types, constructor functions 11.1.3
- SAVE_SESSION 3.2.9
- security model 11.1.1
- SET_ATTRIBUTE 3.3.3
- SWITCH_USER 2.1.5, 3.3.2.4
default security class
- definition 4.2.3
defining a basic data security policy
- implementation tasks 5.10.1
  - disable a data security policy for a table 5.10.1.6
- use case 5.10
deleting
- namespaces
  - in application session 3.3.6
destroying
- application session 3.2.11
detaching
- application session
  - from a traditional database session 3.2.10
determining
- invoker’s rights use for nested program units
  - using BEQUEATH clause when creating views 5.9
- the invoking application user
  - using SQL functions 5.9.1
direct application user accounts
- setting password verifiers 2.1.3.3
disabling
- application roles
  - for an application session 3.3.8
displaying secure column values
- using SQL*Plus SET SECUREDCOL command 5.8.2
dynamic application role 2.2.2.2
dynamic application roles
- predefined 2.2.4
dynamic data realm constraints
- about 5.4.2
- ACL evaluation order 5.6.3

E

enabling
- application roles
  - for application session 3.3.7
event-based tracing
- about D.1.5
- components D.2
event handlers 11.1.4.20
- See also: global callback events
examples
- JDBC
  - security attributes, checking B.2.3
  - user authorization, checking B.2.3
- OCI return codes B.1.1
- Real Application Security policy on master-detail related tables 5.7.3
exception dumps D.3
exception state dumps D.1.4
extending ACL inheritance
- definition 4.3.10.1
external roles 7.1
external users 7.1
- namespaces for 7.2.1
- session modes 7.1
  - secure mode 7.1
  - trusted mode 7.1
external users and external roles
- createSession method 7.2.2
- for application integration 7.1
- session APIs for 7.2

F

firewall 4.3.6
- authentication 4.3.10.2
foreign_key
- specifies foreign key of detail table 5.7.2

G

getting
- session attributes
  - in application session 3.3.4
global callback events
- about 3.2.8
- adding 11.1.4.20
- deleting 11.1.4.22
- enable or disable 11.1.4.21
granting
- application privileges to principles 2.4
- application role
  - to existing application user 2.4.1.2
  - to new application role 2.4.2
  - to new application user 2.4.1.1
- database role
  - to an application role 2.4.3

I

inheritance
- master-detail related tables 5.7.1
inheritedFrom element, components 5.7.2
initializing
- namaspace
  - when session is attached 3.3.2.2
- namespace 3.3.2.3
  - application user is switched in application session 3.3.2.4
  - when session is created 3.3.2.1
- namespaces
  - explicitly 3.3.2.5
in-memory tracing D.1.6

J

Java environment
- aborting a session 7.2.5
- assigning a user to a session 7.2.4
- assigning or switching an application user 6.2.3
- attaching an application session 7.2.3
  - external role behavior 7.2.3
- attachng an application session 6.2.2
- authenticating users using Java APIs 6.3
- authorizing application users using ACLs 6.4
- changing the middle-tier cache size 6.1.3
  - clearing the cache 6.1.3.6
  - getting the maximum cache idle time 6.1.3.3
  - getting the maximum cache size 6.1.3.4
  - removing entries from the cache 6.1.3.5
  - removing entries from the cache, getting the high watermark for cache 6.1.3.5.2
  - removing entries from the cache, getting the low watermark for cache 6.1.3.5.3
  - removing entries from the cache, setting the watermark 6.1.3.5.1
  - setting the maximum cache size 6.1.3.2
  - setting the middle-tier cache idle time 6.1.3.1
- checking if application role is enabled 6.2.4.3
- constructing an ACL identifier 6.4.1
- creating an application session 7.2.2
- creating a session namespace attribute 6.2.5.4.1
- creating a user session 6.2.1
- creating namespaces 6.2.5.1
- deleting namespaces 6.2.5.2
- deleting session namespace attributes 6.2.5.4.6
- destroying an application session 6.2.9
- detaching an application session 6.2.8
- disabling application roles 6.2.4.2
- enabling and disabling application roles 6.2.4
- enabling application roles 6.2.4.1
- getting a session namespace attribute 6.2.5.4.3
- getting data privileges associated with a specific ACL 6.4.3
- getting the application user ID for the session 6.2.7.2
- getting the Oracle connection associated with the session 6.2.7.1
- getting the session cookie 6.2.7.5
- getting the session ID for the session 6.2.7.3
- getting the string representation of the session 6.2.7.4
- implicitly creating namespaces 6.2.5.3
- initializing the middle tier 6.1
  - mid-tier configuration mode 6.1.1
  - privileges for the session manager 6.1.2
  - roles for the session manager 6.1.2
  - using getSessionManager method 6.1.2
- listing session namespace attributes 6.2.5.4.4
- performing namespace operations as session manager 6.2.6
- performing namespace operations as session user 6.2.5
- resetting session namespace attributes 6.2.5.4.5
- saving a session 7.2.5
- setting a session namespace attribute 6.2.5.4.2
- setting session cookie as session manager 6.2.7.7
- setting session inactivity timeout as session manager 6.2.7.6
- using namespace attributes 6.2.5.4
- using the checkAcl method 6.4.2
JDBC
- column authorization, interface for B.2

M

master detail data realm
- foreign_key
  - specifies foreign key of detail table 5.7.2
- parentObjectName element
  - specifies name of master table 5.7.2
- parentSchemaName element
  - specifies name of schema containing master table 5.7.2
- primary_key
  - specifies primary key from master table 5.7.2
- when element
  - specifies a predicate for detail table 5.7.2
master-detail tables
- ACL
  - identifiers, retrieving 10.4
- inheritedFrom element, components 5.7.2
- Real Application Security policies
  - about 5.7.1
  - creating for 5.7.3
Materialized View 5.4.2
membership rules (WHERE predicate) in data realm constraints
- about 5.4.1
membership rules in data realm constraints
- session variables, guideline for 5.4.1
modifying
- application users 2.1.1.1
multilevel authentication 4.3.6
- definition 4.3.6
- using 4.3.6

N

namespaces
- application sessions
  - attributes, getting 3.3.4
  - attributes, setting 3.3.3
  - creating 11.1.4.5
  - deleting 3.3.6, 11.1.4.11
- attributes
  - creating 11.1.4.6
  - deleting 11.1.4.10
  - resetting 11.1.4.9
- attribute values
  - getting 11.1.4.8
  - setting 11.1.4.7

O

OCI parameter handle attribute
- OCI_ATTR_XDS_POLICY_STATUS B.1.4
  - OCI_XDS_POLICY_ENABLED value B.1.4
  - OCI_XDS_POLICY_NONE value B.1.4
  - OCI_XDS_POLICY_UNKNOWN value B.1.4
OCI return codes
- ORA-24530
  - column value is unauthorized to the user B.1.1
- ORA-24531
  - column value authorization is unknown B.1.1
- ORA-24536
  - column authorization unknown B.1.1
ORA_CHECK_ACL function 10.3, D.1.3
ORA_CHECK_PRIVILEGE function 10.5
ORA_GET_ACLIDS function
- See: ORA_GET_ACLIDS function
ORA_INVOKING_USER function
- returns name of current database user 5.9.1
ORA_INVOKING_USERID function
- returns ID of current database user 5.9.1
ORA_INVOKING_XS_USER_GUID function
- returns ID of current Real Application Security application user 5.9.1
ORA_INVOKING_XS_USER function
- returns name of current Real Application Security application user 5.9.1
ORA-24530
- column value is unauthorized to the user
  - OCI return code B.1.1
ORA-24531
- column value authorization is unknown
  - OCI return code B.1.1
ORA-24536
- column authorization unknown
  - OCI return code B.1.1
ORA-28113((colon)) policy predicate has error message 5.4.3
oracle.jdbc.OracleResultSetMetaData interface
- getAuthorizationIndicator method
  - about B.2.2
  - example B.2.3
- getSecurityAttribute method
  - about B.2.1
  - example B.2.3
Oracle Call Interface (OCI)
- column authorization, interface for B.1
Oracle Database Real Application Security
- about data security 1.2.1
- access control entry (ACE) 1.2.5
- access control list (ACL) 1.2.6
- advantages of 1.1.2
- aggregate privilege 1.2.3
- application privileges 1.2.3
- application session concepts 1.3
- architecture 1.1.3
- data security concepts 1.2
- data security policy 1.2.7
- flow of design and development 1.4
- principals
  - users and roles 1.2.2
- security classes 1.2.4
- security components of 1.1.3
- use case scenario example policy 1.5
  - component requirements 1.5.2
  - description and security requirements 1.5.1
  - implementation overview 1.5.2
- what is 1.1
Oracle Label Security
- context established during attach session 2.1.3.4
- context established in application session 3.2.3
- context established in named user’s application session 3.2.5
- context switches to target_user session 3.2.6
Oracle Virtual Private Database (VPD)
- extended for Real Application Security 5.1

P

parameterized ACL 4.4.2
parameterized data realm constraints
- about 5.4.1
parentObjectName element
- specifies name of master table 5.7.2
parentSchemaName element
- specifies name of schema containing master table 5.7.2
password verifiers
- direct application user accounts 2.1.3.3
PL/SQL functions
- COLUMN_AUTH_INDICATOR 10.1
- XS_SYS_CONTEXT 10.2
pluggable databases
- Oracle Real Application Security support for 1.7
predefined objects
- ACLs
  - NS_UNRESTRICTED_ACL A.5
  - SESSIONACL A.5
  - SYSTEMACL A.5
- database roles
  - PROVISIONER A.2.3
  - XS_CACHE_ADMIN A.2.3
  - XS_NAMESPACE_ADMIN A.2.3
  - XS_SESSION_ADMIN A.2.3
- dynamic application roles 2.2.4
  - DBMS_AUTH A.2.2
  - DBMS_PASSWD A.2.2
  - EXTERNAL_DBMS_AUTH A.2.2
  - MIDTIER_AUTH A.2.2
  - XSAUTHENTICATED A.2.2
  - XSSWITCH A.2.2
- namespaces
  - XS$GLOBAL_VAR A.3
  - XS$SESSION A.3
- regular application roles
  - XSBYPASS A.2.1
  - XSCACHEADMIN A.2.1
  - XSCONNECT A.2.1
  - XSDISPATCHER A.2.1
  - XSNAMESPACEADMIN A.2.1
  - XSPROVISIONER A.2.1
  - XSPUBLIC A.2.1
  - XSSESSIONADMIN A.2.1
- security classes
  - DML A.4
  - NSTEMPLATE_SC A.4
  - SESSION A.4
  - SYSTEM A.4
- users
  - XSGUEST A.1
primary_key
- specifies primary key from master table 5.7.2
principals
- about 1.2.2
privileges
- about application 1.2.3
- check 4.3.5
- constrain 4.3.10.2
- data security documents
  - columns, applying additional to 5.5
  - security checks, how handled 5.8.1

R

regular application role 2.2.2.1
roles 1.2.2, 2.2.1
- See also: application roles
- dynamic
  - assigning to user 11.1.4.3
  - removing from user 11.1.4.3

S

scope, ACL
- definition 4.2.3
security class
- about 1.2.4
- adding parent|security class
  - inheritance 4.2.6
- configuration 4.2
- create 4.2.2
- definition 4.2.1
- inheritance 4.2.2
- inheritance|security class
  - adding privileges 4.2.6
  - deleting 4.2.6
  - description string 4.2.6
  - removing implied privileges 4.2.6
  - removing parent 4.2.6
  - removing privileges 4.2.6
- manipulating 4.2.6
- troubleshooting D.2.3
session 3
- See also: application sessions
- application 3
- IDs
  - authentication time, updating 11.1.4.15
  - time-out values, setting 11.1.4.16
- statistics D.4
Session
- isRoleEnabled 6.2.4.3
- setCookie 6.2.7.7
- setInactivityTimeout 6.2.7.6
session cookie
- application sessions
  - setting 11.1.4.14
SessionNamespace
- deleteAttribute 6.2.5.4.6
- toString 6.2.5.3
session privilege scoping through ACL 3.5
session service
- application configuration of the session filter 8.5
- authorization (checkACL) 8.2
- check privilege API 8.7.4
- deployment 8.4
- domain configuration 8.6
  - automatic 8.6.3
  - manual 8.6.2
  - prerequisites 8.6.1
- namespace APIs 8.7.3
- namespace operations 8.2
- Oracle Platform Security Service (OPSS) 8
- privilege elevation 8.2
- privilege elevation API 8.7.2
- Real Application Security servlet filter 8.2
- session APIs 8.2, 8.7.1
- session filter 8.3
- session filter operation 8.3.1
- supports JavaEE web application
  - using OPSS as application security provider 8
SET SECUREDCOL command
- SQL*Plus
  - displaying secure column values 5.8.2
setting
- a cookie for an application session 3.2.4
- password verifiers 2.1.3.3
- session attributes
  - in application session 3.3.3
SQL functions
- ORA_CHECK_ACL 10.3, D.1.3
- ORA_CHECK_PRIVILEGE 10.5
- ORA_INVOKING_USER
  - returns name of current datanase user 5.9.1
- ORA_INVOKING_USERID
  - returns ID of current database user 5.9.1
- ORA_INVOKING_XS_USER
  - returns name of current Real Application Security application user 5.9.1
- ORA_INVOKING_XS_USER_GUID
  - returns ID of current Real Application Security application user 5.9.1
- TO_ACLID 10.6
SQL operators
- ORA_CHECK_ACL
  - checking ACLs for a privilege 4.3.5
static data realms
- about 5.4.2
- constraints
  - ACL evaluation order 5.6.3
statistics in troubleshooting D.1.7
switching
- application users
  - in current application session 3.2.6
SYS_GET_ACLIDS function
- See: ORA_GET_ACLIDS function
system-constraining ACL
- about 4.3.6
- definition 4.3.6

T

tables
- data security policy
  - enabling 11.4.3.13
  - removing from 11.4.3.12
- master-detail tables, Real Application Security policies
  - about 5.7.1
  - creating for 5.7.3
time-out values
- session
  - IDs, setting for 11.1.4.16
TO_ACLID function 10.6
trace files
- acl D.2.4
- application roles D.2.2
- application sessions D.2.1
- application users D.2.2
- data security D.2.5
- policy predicate errors 5.4.3
- Real Application Security components D.2
- security classes D.2.3
tracing
- event and in-memory D.1.6
traditional security model
- manging application users
  - disadvantages of 1.1.1
troubleshooting
- acl D.2.4
- application principals D.2.2
- application sessions D.2.1
- data security D.2.5
- event-based tracing
  - about D.1.5
  - components D.2
- exception dumps D.3
- exception state dumps D.1.4
- in-memory tracing D.1.6
- Real Application Security diagnostics D.1
- security classes D.2.3
- session statistics D.4
- statistics D.1.7
- using the ORA_CHECK_ACL function D.1.3
- using the ORA_GET_ACLIDS function D.1.2
- using validation APIs D.1.1

U

use case scenario example policy
- human resources administration of employee information 1.5
  - component requirements 1.5.2
  - description and security requirements 1.5.1
  - implementation overview 1.5.2
- Java implementation 6.5
  - authorizing with middle-tier API 6.5
  - main method 6.5
  - performing cleanup operations 6.5
  - running a query on the database 6.5
  - setting up connection 6.5
  - setting up session 6.5
USER_XDS_ACL_REFRESH view 9.60
USER_XDS_ACL_REFSTAT view 9.61
USER_XDS_LATEST_ACL_REFSTAT view 9.62
USER_XS_ACES view 9.28
USER_XS_ACL_PARAMETERS view 9.40
USER_XS_ACLS view 9.25
USER_XS_COLUMN_CONSTRAINTS view 9.43
USER_XS_IMPLIED_PRIVILEGES view 9.15
USER_XS_INHERITED_REALMS view 9.37
USER_XS_PASSWORD_LIMITS view 9.6
USER_XS_POLICIES view 9.31
USER_XS_PRIVILEGES view 9.12
USER_XS_REALM_CONSTRAINTS view 9.34
USER_XS_SECURITY_CLASS_DEP view 9.22
USER_XS_SECURITY_CLASSES view 9.19
USER_XS_USERS view 9.5
users 2.1.1.1
- See also: application users
user sessions 3
- See also: application sessions
using
- constraining application privilege 4.3.10.2
- effective dates with application roles 2.3
- multilevel authentication 4.3.6
- ORA_CHECK_ACL SQL operator 4.3.5
- SQL functions
  - to determine the invoking application user 5.9.1
- XS_DIAG.VALIDATE_PRINCIPAL function 2.1.6, 2.2.3.3

V

V$XS_SESSION_NS_ATTRIBUTES view 9.63
V$XS_SESSION_ROLES view 9.64
validating
- ACLs 4.3.3, 11.6.2.3
- application roles 2.2.3.3
- application users 2.1.6
- data security policy 5.2, 11.6.2.4
- namespaces 11.6.2.5
- principals 11.6.2.1
- security classes 4.2.5, 11.6.2.2
- workspace objects 11.6.2.6
views 9
- ALL_XDS_ACL_REFRESH 9.54
- ALL_XDS_ACL_REFSTAT 9.55
- ALL_XDS_LATEST_ACL_REFSTAT 9.56
- ALL_XS_ACES 9.29
- ALL_XS_ACL_PARAMETERS 9.41
- ALL_XS_ACLS 9.26
- ALL_XS_APPLIED_POLICIES 9.46
- ALL_XS_COLUMN_CONSTRAINTS 9.44
- ALL_XS_IMPLIED_PRIVILEGES 9.16
- ALL_XS_INHERITED_REALMS 9.38
- ALL_XS_POLICIES 9.32
- ALL_XS_PRIVILEGES 9.13
- ALL_XS_REALM_CONSTRAINTS 9.35
- ALL_XS_SECURITY_CLASS_DEP 9.23
- ALL_XS_SECURITY_CLASSES 9.20
- DBA_XDS_ACL_REFRESH 9.57
- DBA_XDS_ACL_REFSTAT 9.58
- DBA_XDS_LATEST_ACL_REFSTAT 9.59
- DBA_XS_ACES 9.27
- DBA_XS_ACL_PARAMETERS 9.39
- DBA_XS_ACLS 9.24
- DBA_XS_ACTIVE_SESSIONS 9.49
- DBA_XS_APPLIED_POLICIES 9.45
- DBA_XS_COLUMN_CONSTRAINTS 9.42
- DBA_XS_DYNAMIC_ROLES 9.8
- DBA_XS_EXTERNAL_PRINCIPALS 9.3
- DBA_XS_IMPLIED_PRIVILEGES 9.14
- DBA_XS_INHERITED_REALMS 9.36
- DBA_XS_MODIFIED_POLICIES 9.47
- DBA_XS_NS_TEMPLATE_ATTRIBUTES 9.53
- DBA_XS_NS_TEMPLATES 9.52
- DBA_XS_OBJECTS 9.1
- DBA_XS_POLICIES 9.30
- DBA_XS_PRINCIPALS 9.2
- DBA_XS_PRIVILEGE_GRANTS 9.17
- DBA_XS_PRIVILEGES 9.11
- DBA_XS_PROXY_ROLES 9.9
- DBA_XS_REALM_CONSTRAINTS 9.33
- DBA_XS_ROLE_GRANTS 9.10
- DBA_XS_ROLES 9.7
- DBA_XS_SECURITY_CLASS_DEP 9.21
- DBA_XS_SECURITY_CLASSES 9.18
- DBA_XS_SESSION_NS_ATTRIBUTES 9.51
- DBA_XS_SESSION_ROLES 9.50
- DBA_XS_SESSIONS 9.48
- DBA_XS_USERS 9.4
- privileges in data security documents 5.8.1
- USER_XDS_ACL_REFRESH 9.60
- USER_XDS_ACL_REFSTAT 9.61
- USER_XDS_LATEST_ACL_REFSTAT 9.62
- USER_XS_ACES 9.28
- USER_XS_ACL_PARAMETERS 9.40
- USER_XS_ACLS 9.25
- USER_XS_COLUMN_CONSTRAINTS 9.43
- USER_XS_IMPLIED_PRIVILEGES 9.15
- USER_XS_INHERITED_REALMS 9.37
- USER_XS_PASSWORD_LIMITS 9.6
- USER_XS_POLICIES 9.31
- USER_XS_PRIVILEGES 9.12
- USER_XS_REALM_CONSTRAINTS 9.34
- USER_XS_SECURITY_CLASS_DEP 9.22
- USER_XS_SECURITY_CLASSES 9.19
- USER_XS_USERS 9.5
- V$XS_SESSION_NS_ATTRIBUTES 9.63
- V$XS_SESSION_ROLES 9.64

W

when element
- specifies a predicate for detail table 5.7.2

X

XS_ACL PL/SQL package
- about 11.2
- ADD_ACL_PARAMETER 11.2.4.6
- APPEND_ACES 4.3.4, 11.2.4.2
- constants 11.2.2
- CREATE_ACL 11.2.4.1
- DELETE_ACL 11.2.4.9
- object types, constructor functions 11.2.3
- REMOVE_ACES 4.3.4, 11.2.4.3
- REMOVE_ACL_PARAMETERS 11.2.4.7
- security model 11.2.1
- SET_DESCRIPTION 11.2.4.8
- SET_PARENT_ACL 4.3.4, 4.3.10.1, 4.3.10.2, 11.2.4.5
- SET_SECURITY_CLASS 4.3.4, 11.2.4.4
XS_ADMIN_UTIL PL/SQL package
- about 11.3
- constants 11.3.2
- GRANT_SYSTEM_PRIVILEGE 11.3.4.1
- object types 11.3.3
- REVOKE_SYSTEM_PRIVILEGE 11.3.4.2
- security model 11.3.1
XS_DATA_SECURITY_UTIL PL/SQL package
- about 11.5
- ALTER_STATIC_ACL_REFRESH Procedure 11.5.3.2
- constants 11.5.2
- SCHEDULE_STATIC_ACL_REFRESH Procedure 11.5.3.1
- security model 11.5.1
XS_DATA_SECURITY PL/SQL package
- about 11.4
- ADD_COLUMN_CONSTRAINTS Procedure 11.4.3.4
- APPEND_REALM_CONSTRAINTS Procedure 11.4.3.2
- APPLY_OBJECT_POLICY 5.6.2
- APPLY_OBJECT_POLICY Procedure 11.4.3.13
- CREATE_ACL_PARAMETER Procedure 11.4.3.6
- CREATE_POLICY Procedure 11.4.3.1
- DELETE_ACL_PARAMETER Procedure 11.4.3.7
- DELETE_POLICY Procedure 11.4.3.9
- DISABLE_OBJECT_POLICY Procedure 11.4.3.11
- ENABLE_OBJECT_POLICY
  - affect on database tables 5.6.2
- ENABLE_OBJECT_POLICY Procedure 11.4.3.10
- object types, constructor functions 11.4.2
- REMOVE_COLUMN_CONSTRAINTS Procedure 11.4.3.5
- REMOVE_OBJECT_POLICY Procedure 11.4.3.12
- REMOVE_REALM_CONSTRAINTS Procedure 11.4.3.3
- security model 11.4.1
- SET_DESCRIPTION Procedure 11.4.3.8
XS_DIAG PL/SQL package
- about 11.6
- security model 11.6.1
- VALIDATE_ACL 4.3.3
- VALIDATE_ACL Function 11.6.2.3
- VALIDATE_DATA_SECURITY 5.2
- VALIDATE_DATA_SECURITY Function 11.6.2.4
- VALIDATE_PRINCIPAL 2.1.6, 2.2.3.3
- VALIDATE_PRINCIPAL Function 11.6.2.1
- VALIDATE_SECURITY_CLASS 4.2.5
- VALIDATE_SECURITY_CLASS Function 11.6.2.2
- VALIDATE_WORKSPACE Function 11.6.2.6
XS_DIAG PL/SQL PL/SQL package
- VALIDATE_NAMESPACE_TEMPLATE Function 11.6.2.5
XS_NAMESPACE PL/SQL package
- about 11.7
- ADD_ATTRIBUTES Procedure 11.7.4.2
- constants 11.7.2
- CREATE_TEMPLATE 3.3.1.3
- CREATE_TEMPLATE Procedure 11.7.4.1
- DELETE_TEMPLATE 11.7.4.6
- object types, constructor functions 11.7.3
- REMOVE_ATTRIBUTES Procedure 11.7.4.3
- security model 11.7.1
- SET_DESCRIPTION Procedure 11.7.4.5
- SET_HANDLER Procedure 11.7.4.4
XS_PRINCIPAL PL/SQL package
- about 11.8
- ADD_PROXY_TO_DBUSER Procedure 11.8.4.8
- ADD_PROXY_USER 2.1.5
- ADD_PROXY_USER Procedure 11.8.4.6
- constants 11.8.2
- CREATE_DYNAMIC_ROLE 2.2.3.2
- CREATE_DYNAMIC_ROLE Procedure 11.8.4.3
- CREATE_ROLE 2.2.3.1
- CREATE_ROLE Procedure 11.8.4.2
- CREATE_USER 2.1.3.2, 2.3
- CREATE_USER Procedure 11.8.4.1
- DELETE_PRINCIPAL Procedure 11.8.4.23
- ENABLE_BY_DEFAULT Procedure 11.8.4.13
- ENABLE_ROLES_BY_DEFAULT Procedure 11.8.4.14
- GRANT_ROLES 2.4.1.2, 2.4.2
- GRANT_ROLES Procedure 11.8.4.4
- object types, constructor functions 11.8.3
- REMOVE_PROXY_FROM_DBUSER Procedure 11.8.4.9
- REMOVE_PROXY_USERS Procedure 11.8.4.7
- REVOKE_ROLES Procedure 11.8.4.5
- security model 11.8.1
- SET_ACL Procedure 11.8.4.17
- SET_DESCRIPTION Procedure 11.8.4.22
- SET_DYNAMIC_ROLE_DURATION Procedure 11.8.4.11
- SET_DYNAMIC_ROLE_SCOPE Procedure 11.8.4.12
- SET_EFFECTIVE_DATES Procedure 11.8.4.10
- SET_GUID Procedure 11.8.4.16
- SET_PASSWORD 2.1.3.2
- SET_PASSWORD Procedure 11.8.4.20
- SET_PROFILE 2.1.3.2
- SET_PROFILE Procedure 11.8.4.18
- SET_USER_SCHEMA Procedure 11.8.4.15
- SET_USER_STATUS Procedure 11.8.4.19
- SET_VERIFIER 2.1.3.3
- SET_VERIFIER Procedure 11.8.4.21
XS_SECURITY_CLASS PL/SQL package
- about 11.9
- ADD_IMPLIED_PRIVILEGES 4.1.1, 4.2.6
- ADD_IMPLIED_PRIVILEGES Procedure 11.9.2.6
- ADD_PARENTS 4.2.6
- ADD_PARENTS Procedure 11.9.2.2
- ADD_PRIVILEGES 4.1.1, 4.2.6
- ADD_PRIVILEGES Procedure 11.9.2.4
- CREATE_SECURITY_CLASS Procedure 11.9.2.1
- DELETE_SECURITY_CLASS 4.2.6
- DELETE_SECURITY_CLASS Procedure 11.9.2.9
- REMOVE_IMPLIED_PRIVILEGES 4.2.6
- REMOVE_IMPLIED_PRIVILEGES Procedure 11.9.2.7
- REMOVE_PARENTS 4.2.6
- REMOVE_PARENTS Procedure 11.9.2.3
- REMOVE_PRIVILEGES 4.2.6
- REMOVE_PRIVILEGES Procedure 11.9.2.5
- security model 11.9.1
- SET_DESCRIPTION 4.2.6
- SET_DESCRIPTION Procedure 11.9.2.8
XS_SYS_CONTEXT function 10.2
XSSessionManager
- clearCache 6.1.3.6
- createAnonymousSession 6.2.1
- createSession 6.2.1
- getLowWaterMark 6.1.3.5.3