List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
- Audience
- Documentation Accessibility
- Related Documents
- Conventions
1 Introducing Oracle Database Real Application Security
- 1.1 What Is Oracle Database Real Application Security?
- 1.2 Data Security Concepts Used in Real Application Security
- 1.3 Application Session Concepts Used in Application Security
- 1.4 Flow of Design and Development
  - 1.4.1 Design Phase
  - 1.4.2 Development Flow Steps
- 1.5 Scenario: Security Human Resources (HR) Demonstration of Employee Information
  - 1.5.1 Basic Security HR Demo Scenario: Description and Security Requirements
  - 1.5.2 Basic HR Scenario: Implementation Overview
- 1.6 About Auditing in an Oracle Database Real Application Security Environment
- 1.7 Support for Pluggable Databases
2 Configuring Application Users and Application Roles
- 2.1 About Configuring Application Users
- 2.2 About Configuring Application Roles
- 2.3 Effective Dates for Application Users and Application Roles
- 2.4 About Granting Application Privileges to Principals
3 Configuring Application Sessions
- 3.1 About Application Sessions
  - 3.1.1 About Application Sessions in Real Application Security
  - 3.1.2 Advantages of Application Sessions
- 3.2 About Creating and Maintaining Application Sessions
- 3.3 About Manipulating the Application Session State
- 3.4 About Administrative APIs for External Users and Roles
- 3.5 About Real Application Security Session Privilege Scoping Through ACL
  - 3.5.1 Granting Session Privileges on a Principal Using an ACL
4 Configuring Application Privileges and Access Control Lists
- 4.1 About Application Privileges
  - 4.1.1 Aggregate Privilege
    - 4.1.1.1 ALL Privilege
- 4.2 About Configuring Security Classes
- 4.3 About Configuring Access Control Lists
- 4.4 Data Security
  - 4.4.1 Data Realms
  - 4.4.2 Parameterized ACL
- 4.5 ACL Binding
5 Configuring Data Security
- 5.1 About Data Security
- 5.2 About Validating the Data Security Policy
- 5.3 Understanding the Structure of the Data Security Policy
- 5.4 About Designing Data Realms
- 5.5 Applying Additional Application Privileges to a Column
- 5.6 About Enabling Data Security Policy for a Database Table or View
- 5.7 About Creating Real Application Security Policies on Master-Detail Related Tables
- 5.8 About Managing Application Privileges for Data Security Policies
  - 5.8.1 About Bypassing the Security Checks of a Real Application Security Policy
  - 5.8.2 Using the SQL*Plus SET SECUREDCOL Command
- 5.9 Using BEQUEATH CURRENT_USER Views
  - 5.9.1 Using SQL Functions to Determine the Invoking Application User
- 5.10 Real Application Security: Putting It All Together
  - 5.10.1 Basic HR Scenario: Implementation Tasks
  - 5.10.2 Running the Security HR Demo
- 5.11 About Schema Level Real Application Security Policy Administration
  - 5.11.1 Setting Up and Enabling a Schema Level Data Security Policy
6 Using Real Application Security in Java Applications
- 6.1 About Initializing the Middle Tier
- 6.2 About Managing Real Application Security Sessions
- 6.3 Authenticating Application Users Using Java APIs
- 6.4 About Authorizing Application Users Using ACLs
- 6.5 Human Resources Administration Use Case: Implementation in Java
7 Oracle Fusion Middleware Integration with Real Application Security
- 7.1 About External Users and External Roles
- 7.2 Session APIs for External Users and Roles
8 Application Session Service in Oracle Fusion Middleware
- 8.1 About Real Application Security Concepts
- 8.2 About Application Session Service in Oracle Fusion Middleware
- 8.3 About the Application Session Filter
  - 8.3.1 About the Application Session Filter Operation
- 8.4 About Deployment
- 8.5 About Application Configuration of the Application Session Filter
- 8.6 Domain Configuration: Setting Up an Application Session Service to Work with OPSS and Oracle Fusion Middleware
- 8.7 About Application Session APIs
- 8.8 Human Resources Demo Use Case: Implementation in Java
9 Oracle Database Real Application Security Data Dictionary Views
- 9.1 DBA_XS_OBJECTS
- 9.2 DBA_XS_PRINCIPALS
- 9.3 DBA_XS_EXTERNAL_PRINCIPALS
- 9.4 DBA_XS_USERS
- 9.5 USER_XS_USERS
- 9.6 USER_XS_PASSWORD_LIMITS
- 9.7 DBA_XS_ROLES
- 9.8 DBA_XS_DYNAMIC_ROLES
- 9.9 DBA_XS_PROXY_ROLES
- 9.10 DBA_XS_ROLE_GRANTS
- 9.11 DBA_XS_PRIVILEGES
- 9.12 USER_XS_PRIVILEGES
- 9.13 ALL_XS_PRIVILEGES
- 9.14 DBA_XS_IMPLIED_PRIVILEGES
- 9.15 USER_XS_IMPLIED_PRIVILEGES
- 9.16 ALL_XS_IMPLIED_PRIVILEGES
- 9.17 DBA_XS_PRIVILEGE_GRANTS
- 9.18 DBA_XS_SECURITY_CLASSES
- 9.19 USER_XS_SECURITY_CLASSES
- 9.20 ALL_XS_SECURITY_CLASSES
- 9.21 DBA_XS_SECURITY_CLASS_DEP
- 9.22 USER_XS_SECURITY_CLASS_DEP
- 9.23 ALL_XS_SECURITY_CLASS_DEP
- 9.24 DBA_XS_ACLS
- 9.25 USER_XS_ACLS
- 9.26 ALL_XS_ACLS
- 9.27 DBA_XS_ACES
- 9.28 USER_XS_ACES
- 9.29 ALL_XS_ACES
- 9.30 DBA_XS_POLICIES
- 9.31 USER_XS_POLICIES
- 9.32 ALL_XS_POLICIES
- 9.33 DBA_XS_REALM_CONSTRAINTS
- 9.34 USER_XS_REALM_CONSTRAINTS
- 9.35 ALL_XS_REALM_CONSTRAINTS
- 9.36 DBA_XS_INHERITED_REALMS
- 9.37 USER_XS_INHERITED_REALMS
- 9.38 ALL_XS_INHERITED_REALMS
- 9.39 DBA_XS_ACL_PARAMETERS
- 9.40 USER_XS_ACL_PARAMETERS
- 9.41 ALL_XS_ACL_PARAMETERS
- 9.42 DBA_XS_COLUMN_CONSTRAINTS
- 9.43 USER_XS_COLUMN_CONSTRAINTS
- 9.44 ALL_XS_COLUMN_CONSTRAINTS
- 9.45 DBA_XS_APPLIED_POLICIES
- 9.46 ALL_XS_APPLIED_POLICIES
- 9.47 DBA_XS_MODIFIED_POLICIES
- 9.48 DBA_XS_SESSIONS
- 9.49 DBA_XS_ACTIVE_SESSIONS
- 9.50 DBA_XS_SESSION_ROLES
- 9.51 DBA_XS_SESSION_NS_ATTRIBUTES
- 9.52 DBA_XS_NS_TEMPLATES
- 9.53 DBA_XS_NS_TEMPLATE_ATTRIBUTES
- 9.54 ALL_XDS_ACL_REFRESH
- 9.55 ALL_XDS_ACL_REFSTAT
- 9.56 ALL_XDS_LATEST_ACL_REFSTAT
- 9.57 DBA_XDS_ACL_REFRESH
- 9.58 DBA_XDS_ACL_REFSTAT
- 9.59 DBA_XDS_LATEST_ACL_REFSTAT
- 9.60 USER_XDS_ACL_REFRESH
- 9.61 USER_XDS_ACL_REFSTAT
- 9.62 USER_XDS_LATEST_ACL_REFSTAT
- 9.63 V$XS_SESSION_NS_ATTRIBUTES
- 9.64 V$XS_SESSION_ROLES
10 Oracle Database Real Application Security SQL Functions
- 10.1 COLUMN_AUTH_INDICATOR Function
- 10.2 XS_SYS_CONTEXT Function
- 10.3 ORA_CHECK_ACL Function
- 10.4 ORA_GET_ACLIDS Function
- 10.5 ORA_CHECK_PRIVILEGE Function
- 10.6 TO_ACLID Function
11 Oracle Database Real Application Security PL/SQL Packages
- 11.1 DBMS_XS_SESSIONS Package
- 11.2 XS_ACL Package
- 11.3 XS_ADMIN_UTIL Package
- 11.4 XS_DATA_SECURITY Package
- 11.5 XS_DATA_SECURITY_UTIL Package
- 11.6 XS_DIAG Package
  - 11.6.1 Security Model
  - 11.6.2 Summary of XS_DIAG Subprograms
- 11.7 XS_NAMESPACE Package
- 11.8 XS_PRINCIPAL Package
- 11.9 XS_SECURITY_CLASS Package
  - 11.9.1 Security Model for the XS_SECURITY_CLASS Package
  - 11.9.2 Summary of XS_SECURITY_CLASS Subprograms
12 Real Application Security HR Demo
- 12.1 Overview of the Security HR Demo
- 12.2 What Each Script Does
- 12.3 Setting Up the Security HR Demo Components
- 12.4 Running the Security HR Demo Using Direct Logon
- 12.5 Running the Security HR Demo Attached to a Real Application Security Session
- 12.6 Running the Security HR Demo Cleanup Script
- 12.7 Running the Security HR Demo in the Java Interface
- 12.8 About Using RASADM to Run the Security HR Demo
A Predefined Objects in Real Application Security
- A.1 Users
- A.2 Roles
- A.3 Namespaces
- A.4 Security Classes
- A.5 ACLs
B Configuring OCI and JDBC Applications for Column Authorization
- B.1 About Using OCI to Retrieve Column Authorization Indicators
- B.2 About Using JDBC to Retrieve Column Authorization Indicators
C Real Application Security HR Demo Files
- C.1 How to Run the Security HR Demo
- C.2 Scripts for the Security HR Demo
- C.3 Generated Log Files for Each Script
D Troubleshooting Oracle Database Real Application Security
- D.1 About Real Application Security Diagnostics
- D.2 About Event-Based Tracing of Real Application Security Components
- D.3 About Exception State Dump Information
- D.4 About Session Statistics
- D.5 Using Middle-Tier Tracing
Glossary
Index