Index

A  B  C  D  E  F  G  H  I  J  L  M  N  O  P  Q  R  S  T  U  V  W  X  

A

  • access control policy
    • reports
      • Core Database Vault Audit Report 26.5.5
  • Access to Sensitive Objects Report 26.6.3.2
  • accounts
    • See: database accounts
  • Accounts With DBA Roles Report 26.6.5.2
  • Accounts with SYSDBA/SYSOPER Privilege Report 26.6.3.4
  • ad hoc tools
    • preventing use of 7.8.1
  • administrators
    • DBA operations in Oracle Database Vault 12
  • ADRCI utility
  • alerts
    • Enterprise Manager Cloud Control 12.1.2
  • ALTER ROLE statement
  • ALTER SESSION command rules 6.1.3.2, 16.7
  • ALTER SESSION event command rules
  • ALTER SESSION privilege
    • enabling trace files E.1.5
    • reports, ALTER SYSTEM or ALTER SESSION Report 26.6.5.5
  • ALTER SESSION statement
    • guidelines on managing privileges D.6.6.1
  • ALTER SYSTEM command rules
    • deleting system event command rules 16.8
  • ALTER SYSTEM event command rules
  • ALTER SYSTEM or ALTER SESSION Report 26.6.5.5
  • ALTER SYSTEM privilege
    • reports, ALTER SYSTEM or ALTER SESSION Report 26.6.5.5
  • ALTER SYSTEM statement
    • guidelines on managing privileges D.6.6.1
  • ALTER USER statement
  • ANY System Privileges for Database Accounts Report 26.6.2.4
  • AUDIT_SYS_OPERATIONS initialization parameter 2.1
  • AUDIT_TRAIL$ system table
  • auditing
    • about A.1
    • archiving Database Vault audit trail A.4.2
    • Core Database Audit Report 26.6.8
    • DBMS_MACUTL fields 20.1.1
    • Oracle Database audit settings A.5
    • purging Database Vault audit trail A.4.3
    • realms
    • reports 26.5
    • rule sets
    • secure application roles
      • audit records 8.10
  • auditing policies
    • about A
    • audit events
    • custom events
    • events that are tracked A.3.1
    • monitoring changes to 25.1
  • audit policy change
  • AUDIT privilege 26.6.5.10
  • AUDIT Privileges Report 26.6.5.10
  • AUDSYS.DV$CONFIGURATION_AUDIT view 24.53
  • AUDSYS.DV$ENFORCEMENT_AUDIT view 24.54
  • authentication
    • Authentication_Method default factor 7.2
    • command rules 6.1.1
    • method, finding with DVF.F$AUTHENTICATION_METHOD 17.3.2
    • realm procedures 14.1
  • authorizations
    • Oracle Data Pump activities 12.2.1
    • realms 4.7
    • scheduling database jobs 12.3.1
  • AUTHORIZE_MAINTENANCE_USER procedure 21.1.9

B

  • backup accounts 13.4
  • BECOME USER Report 26.6.5.4
  • BECOME USER system privilege
  • break-glass accounts
    • See: backup accounts
  • break-glass protocol 12.7.1

C

  • catalog-based roles 26.6.5.9
  • CDB_DV_STATUS view 24.2
  • CDBs
    • Database Vault operations control 12.7.1
    • functionality in Oracle Database Vault 1.8
    • preventing local users from blocking operations 12.8.1
    • realms 4.1.3
      • authorizations 4.7
    • rule sets 5.2
  • CDBS
    • PDB access by infrastructure DBAs 12.7.1
  • client identifiers
  • clients
    • finding IP address with DVF.F$CLIENT_IP 17.3.3
  • code groups
    • retrieving value with DBMS_MACUTL functions 20.2
  • Command Rule Audit Report 26.5.2
  • Command Rule Configuration Issues Report 26.4.1
  • command rules 6.1.1, 6.3, 6.4
    • See also: rule sets
    • about 6.1.1
    • creating 6.4
    • data dictionary view 6.11
    • data masking 12.12.4
    • default command rules 6.2
    • deleting 6.6
    • editing 6.4
    • functions
      • DBMS_MACUTL (utility) 20
    • guidelines 6.9
    • how command rules work 6.7
    • modifying 6.5
    • objects
    • performance effect 6.10
    • procedures
      • DBMS_MACADM (configuration) 16
    • process flow 6.7
    • propagating configuration to other databases 12.1.1
    • reports 6.11
    • rule sets
    • simulation mode 10.1
    • troubleshooting
    • tutorial 6.8
    • views 6.11, 24.5
    • with PDBs 6.1.2
  • common objects, preventing local users from blocking operations
  • common objects, preventing local users from blocking operations of
  • common objects, restricting local user access to
    • DBMS_MACADM.ALLOW_COMMON_OPERATION procedure 21.1.3
    • finding status of 24.44
  • compliance
    • Oracle Database Vault addressing 1.4
  • computer name
    • finding with DVF.F$MACHINE 17.3.17
    • Machine default factor 7.2
  • configuration
    • monitoring changes 25.1
    • views
      • AUDSYS.DV$CONFIGURATION_AUDIT 24.53
      • DVSYS.DV$CONFIGURATION_AUDIT 24.41
      • DVSYS.DV$ENFORCEMENT_AUDIT 24.42
  • CONFIGURE_DV procedure
  • CONNECT command rules
  • CONNECT events, controlling with command rules 6.1.1
  • core database
    • troubleshooting with Core Database Vault Audit Report 26.5.5
  • Core Database Audit Report 26.6.8
  • Core Database Vault Audit Trail Report 26.5.5
  • CPU_PER_SESSION resource profile 26.6.6.2
  • CREATE ANY JOB privilege D.6.3
  • CREATE ANY JOB statement
    • guidelines on managing privileges D.6.3
  • CREATE EXTERNAL JOB privilege D.6.4
  • CREATE JOB privilege D.6.3
  • CREATE JOB statement
    • guidelines on managing privileges D.6.3
  • CREATE ROLE statement
  • CREATE USER statement
  • CTXSYS schema realm protection 4.2.4

D

  • Database Account Default Password Report 26.6.7.1
  • database accounts
    • backup DV_OWNER and DV_ACCTMGR 13.4
    • configuring Database Vault accounts as enterprise users 11.1.3
    • counting privileges of 26.6.4.1
    • DBSNMP
    • DVSYS 13.3.2
    • LBACSYS 13.3.2
    • monitoring 25.1
    • reports
      • Accounts With DBA Roles Report 26.6.5.2
      • ALTER SYSTEM or ALTER SESSION Report 26.6.5.5
      • ANY System Privileges for Database Accounts Report 26.6.2.4
      • AUDIT Privileges Report 26.6.5.10
      • BECOME USER Report 26.6.5.4
      • Database Account Default Password Report 26.6.7.1
      • Database Account Status Report 26.6.7.2
      • Database Accounts With Catalog Roles Report 26.6.5.9
      • Direct and Indirect System Privileges By Database Account Report 26.6.2.2
      • Direct Object Privileges Report 26.6.1.3
      • Direct System Privileges By Database Account Report 26.6.2.1
      • Hierarchical System Privileges by Database Account Report 26.6.2.3
      • Object Access By PUBLIC Report 26.6.1.1
      • Object Access Not By PUBLIC Report 26.6.1.2
      • OS Security Vulnerability Privileges 26.6.5.11
      • Password History Access Report 26.6.5.6
      • Privileges Distribution By Grantee, Owner, Privilege Report 26.6.4.3
      • Privileges Distribution By Grantee, Owner Report 26.6.4.2
      • Privileges Distribution By Grantee Report 26.6.4.1
      • Roles/Accounts That Have a Given Role Report 26.6.5.8
      • Security Policy Exemption Report 26.6.5.3
      • WITH ADMIN Privilege Grants Report 26.6.5.1
      • WITH GRANT Privileges Report 26.6.5.7
    • solution for lockouts B.1
    • suggested 13.3.3
  • Database Account Status Report 26.6.7.2
  • Database Accounts With Catalog Roles Report 26.6.5.9
  • database administrative operations 12
  • database domains, Database_Domain default factor 7.2
  • database links
    • function to return information about 17.3.11
  • database objects 13.1
    • See also: objects
    • Oracle Database Vault 13
    • reports
  • database options, installing B.1
  • database roles
  • databases
    • defined with factors 7.1
    • domain, Domain default factor 7.2
    • event monitoring E.1.1
    • grouped schemas
    • host names, Database_Hostname default factor 7.2
    • instance, retrieving information with functions 17.1
    • instances
      • Database_Instance default factor 7.2
      • names, finding with DVF.F$DATABASE_INSTANCE 17.3.6
      • number, finding with DV_INSTANCE_NUM 15.2.3
    • IP addresses
      • Database_IP default factor 7.2
      • retrieving with DVF.F$DATABASE_IP 17.3.7
    • monitoring events E.1.1
    • names
      • Database_Name default factor 7.2
      • retrieving with DV_DATABASE_NAME 15.2.4
      • retrieving with DVF.F$DATABASE_NAME 17.3.8
    • parameters
      • Security Related Database Parameters Report 26.6.6.1
    • roles that do not exist 26.4.7
    • schema creation, finding with DVF.F$IDENTIFICATION_TYPE 17.3.14
    • schema creation, Identification_Type default factor 7.2
    • user name, Session_User default factor 7.2
  • database sessions 7.4.2
    • controlling with Allow Sessions default rule set 5.4
    • factor evaluation 7.7.1
    • session user name, Proxy_User default factor 7.2
  • Database Vault
    • See: Oracle Database Vault
    • MACADM procedure for deleting operations exception 21.1.14
  • Database Vault Account Management realm 4.2.2
  • Database Vault command rule protections 6.1.1
  • Database Vault operations control
    • adding users and packages to exception list, how works 12.7.2
    • adding users and packages to exception list, procedure 12.7.4
    • deleting users and packages from exception list 12.7.5
    • disabling 12.7.6
    • enabling 12.7.3
    • MACADM procedure enabling operations control 21.1.20
    • MACADM procedure for adding operations exception 21.1.1
    • MACADM procedure for disabling operations control 21.1.15
  • Database Vault realm protection 4.1.1
  • Database Vault realm protections 4.1.1
  • data definition language (DDL)
    • statement
      • controlling with command rules 6.1.1
  • Data Definition Language (DDL) statements
    • Database Vault authorization
  • Data Dictionary realm
  • data manipulation language (DML)
    • statement
      • checking with DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED function 20.2
      • controlling with command rules 6.1.1
  • data masking
  • data Oracle Database Vault recognizes
    • See: factors
  • DBA_DV_APP_EXCEPTION view 24.3
  • DBA_DV_CODE view 24.4
  • DBA_DV_COMMAND_RULE view 6.11, 24.5
  • DBA_DV_DATAPUMP_AUTH view 24.6
  • DBA_DV_DBCAPTURE_AUTH view 24.7
  • DBA_DV_DBREPLAY_AUTH view 24.8
  • DBA_DV_DDL_AUTH view 24.9
  • DBA_DV_DICTIONARY_ACCTS view 24.10
  • DBA_DV_FACTOR_LINK 24.13
  • DBA_DV_FACTOR_LINK view 24.13
  • DBA_DV_FACTOR_TYPE view 24.12
  • DBA_DV_FACTOR view 24.11
  • DBA_DV_IDENTITY_MAP view 24.15
  • DBA_DV_IDENTITY view 24.14
  • DBA_DV_JOB_AUTH view 24.16
  • DBA_DV_MAC_POLICY_FACTOR view 24.18
  • DBA_DV_MAC_POLICY view 24.17
  • DBA_DV_MAINTENANCE_AUTH view 24.19
  • DBA_DV_ORADEBUG view 24.20
  • DBA_DV_PATCH_ADMIN_AUDIT view 24.21
  • DBA_DV_POLICY_LABEL view 24.23
  • DBA_DV_POLICY_OBJECT view 24.24
  • DBA_DV_POLICY_OWNER view 24.25
  • DBA_DV_POLICY view 24.22
  • DBA_DV_PREPROCESSOR_AUTH view 24.26
  • DBA_DV_PROXY_AUTH view 24.27
  • DBA_DV_PUB_PRIVS view 24.28
  • DBA_DV_REALM_AUTH view 24.30
  • DBA_DV_REALM_OBJECT view 24.31
  • DBA_DV_REALM view 24.29
  • DBA_DV_ROLE view 24.32
  • DBA_DV_RULE_SET_RULE view 24.35
  • DBA_DV_RULE_SET view 24.34
  • DBA_DV_RULE view 24.33
  • DBA_DV_SIMULATION_LOG view 24.36
  • DBA_DV_STATUS view 24.37
  • DBA_DV_TTS_AUTH view 24.38
  • DBA_DV_USER_PRIVS_ALL view 24.40
  • DBA_DV_USER_PRIVS view 24.39
  • DBA_USERS_WITH_DEFPWD data dictionary view
    • access to in Oracle Database Vault 2.4
  • DBA role
    • impact of Oracle Database Vault installation 2.4
  • DBMS_FILE_TRANSFER package, guidelines on managing D.6.2.1
  • DBMS_MACADM.ADD_APP_EXCEPTION procedure 21.1.1
  • DBMS_MACADM.ADD_AUTH_TO_REALM procedure 14.1
  • DBMS_MACADM.ADD_CMD_RULE_TO_POLICY procedure 22.1, 22.5
  • DBMS_MACADM.ADD_FACTOR_LINK procedure 17.1.1
  • DBMS_MACADM.ADD_NLS_DATA
    • procedure C.2
  • DBMS_MACADM.ADD_NLS_DATA procedure 21.1.2
  • DBMS_MACADM.ADD_OBJECT_TO_REALM procedure 14.2
  • DBMS_MACADM.ADD_OWNER_TO_POLICY procedure 22.2
  • DBMS_MACADM.ADD_POLICY_FACTOR procedure 17.1.2
  • DBMS_MACADM.ADD_REALM_TO_POLICY procedure 22.3
  • DBMS_MACADM.ADD_RULE_TO_RULE_SET procedure 15.1.1
  • DBMS_MACADM.ALLOW_COMMON_OPERATION procedure 21.1.3
  • DBMS_MACADM.AUTHORIZE_DATAPUMP_USER procedure 21.1.4, 21.1.25
  • DBMS_MACADM.AUTHORIZE_DBCAPTURE procedure 21.1.5
  • DBMS_MACADM.AUTHORIZE_DBREPLAY procedure 21.1.6
  • DBMS_MACADM.AUTHORIZE_DDL procedure 21.1.7
  • DBMS_MACADM.AUTHORIZE_DIAGNOSTIC_ADMIN procedure 21.1.8
  • DBMS_MACADM.AUTHORIZE_PREPROCESSOR procedure 21.1.10
  • DBMS_MACADM.AUTHORIZE_PROXY_USER procedure 21.1.11
  • DBMS_MACADM.AUTHORIZE_SCHEDULER_USER procedure 21.1.12
  • DBMS_MACADM.AUTHORIZE_TTS_USER procedure 21.1.13
  • DBMS_MACADM.CHANGE_IDENTITY_FACTOR procedure 17.1.3
  • DBMS_MACADM.CHANGE_IDENTITY_VALUE procedure 17.1.4
  • DBMS_MACADM.CREATE_COMMAND_RULE procedure 16.1
  • DBMS_MACADM.CREATE_CONNECT_COMMAND_RULE procedure 16.2
  • DBMS_MACADM.CREATE_DOMAIN_IDENTITY procedure 17.1.5
  • DBMS_MACADM.CREATE_FACTOR_TYPE procedure 17.1.7
  • DBMS_MACADM.CREATE_FACTOR procedure 17.1.6
  • DBMS_MACADM.CREATE_IDENTITY_MAP procedure 17.1.9
  • DBMS_MACADM.CREATE_IDENTITY procedure 17.1.8
  • DBMS_MACADM.CREATE_MAC_POLICY procedure 19.1
  • DBMS_MACADM.CREATE_POLICY_LABEL procedure 19.2
  • DBMS_MACADM.CREATE_POLICY procedure 22.4
  • DBMS_MACADM.CREATE_REALM procedure 14.3
  • DBMS_MACADM.CREATE_ROLE procedure 18.1.1
  • DBMS_MACADM.CREATE_RULE_SET procedure 15.1.3
  • DBMS_MACADM.CREATE_RULE procedure 15.1.2
  • DBMS_MACADM.CREATE_SESSION_EVENT_CMD_RULE procedure 16.3
  • DBMS_MACADM.CREATE_SYSTEM_EVENT_CMD_RULE procedure 16.4
  • DBMS_MACADM.DELETE_APP_EXCEPTION procedure 21.1.14
  • DBMS_MACADM.DELETE_AUTH_FROM_REALM procedure 14.4
  • DBMS_MACADM.DELETE_COMMAND_RULE procedure 16.5
  • DBMS_MACADM.DELETE_CONNECT_COMMAND_RULE procedure 16.6
  • DBMS_MACADM.DELETE_FACTOR_LINK procedure 17.1.11
  • DBMS_MACADM.DELETE_FACTOR_TYPE procedure 17.1.12
  • DBMS_MACADM.DELETE_FACTOR procedure 17.1.10
  • DBMS_MACADM.DELETE_IDENTITY_MAP procedure 17.1.14
  • DBMS_MACADM.DELETE_IDENTITY procedure 17.1.13
  • DBMS_MACADM.DELETE_MAC_POLICY_CASCADE procedure 19.3
  • DBMS_MACADM.DELETE_OBJECT_FROM_REALM procedure 14.5
  • DBMS_MACADM.DELETE_OWNER_FROM_POLICY procedure 22.6
  • DBMS_MACADM.DELETE_POLICY_FACTOR procedure 19.4
  • DBMS_MACADM.DELETE_POLICY_LABEL procedure 19.5
  • DBMS_MACADM.DELETE_REALM_CASCADE procedure 14.7
  • DBMS_MACADM.DELETE_REALM_FROM_POLICY procedure 22.7
  • DBMS_MACADM.DELETE_REALM procedure 14.6
  • DBMS_MACADM.DELETE_ROLE procedure 18.1.2
  • DBMS_MACADM.DELETE_RULE_FROM_RULE_SET procedure 15.1.5
  • DBMS_MACADM.DELETE_RULE_SET procedure 15.1.6
  • DBMS_MACADM.DELETE_RULE procedure 15.1.4
  • DBMS_MACADM.DELETE_SESSION_EVENT_CMD_RULE procedure 16.7
  • DBMS_MACADM.DELETE_SYSTEM_EVENT_CMD_RULE procedure 16.8
  • DBMS_MACADM.DISABLE_APP_PROTECTION procedure 21.1.15
  • DBMS_MACADM.DISABLE_DV_DICTIONARY_ACCTS procedure 21.1.17
  • DBMS_MACADM.DISABLE_DV_PATCH_ADMIN_AUDIT procedure 21.1.18
  • DBMS_MACADM.DISABLE_DV procedure 21.1.16
  • DBMS_MACADM.DISABLE_ORADEBUG procedure 21.1.19
  • DBMS_MACADM.DROP_DOMAIN_IDENTITY procedure 17.1.15
  • DBMS_MACADM.DROP_POLICY procedure 22.8
  • DBMS_MACADM.ENABLE_DV_DICTIONARY_ACCTS procedure 21.1.22
  • DBMS_MACADM.ENABLE_DV procedure
  • DBMS_MACADM.ENABLE_ORADEBUG procedure 21.1.24
  • DBMS_MACADM.ENSABLE_DV_PATCH_ADMIN_AUDIT procedure 21.1.23
  • DBMS_MACADM.GET_INSTANCE_INFO function 17.1.17
  • DBMS_MACADM.GET_SESSION_INFO function 17.1.16
  • DBMS_MACADM.RENAME_FACTOR_TYPE procedure 17.1.19
  • DBMS_MACADM.RENAME_FACTOR procedure 17.1.18
  • DBMS_MACADM.RENAME_POLICY procedure 22.9
  • DBMS_MACADM.RENAME_REALM procedure 14.8
  • DBMS_MACADM.RENAME_ROLE procedure 18.1.3
  • DBMS_MACADM.RENAME_RULE_SET procedure 15.1.8
  • DBMS_MACADM.RENAME_RULE procedure 15.1.7
  • DBMS_MACADM.UNAUTHORIZE_DBCAPTURE procedure 21.1.26
  • DBMS_MACADM.UNAUTHORIZE_DBREPLAY procedure 21.1.27
  • DBMS_MACADM.UNAUTHORIZE_DDL procedure 21.1.28
  • DBMS_MACADM.UNAUTHORIZE_DIAGNOSTIC_ADMIN procedure 21.1.29
  • DBMS_MACADM.UNAUTHORIZE_PREPROCESSOR procedure 21.1.31
  • DBMS_MACADM.UNAUTHORIZE_PROXY_USER procedure 21.1.32
  • DBMS_MACADM.UNAUTHORIZE_SCHEDULER_USER procedure 21.1.33
  • DBMS_MACADM.UNAUTHORIZE_TTS_USER procedure 21.1.34
  • DBMS_MACADM.UPDATE_COMMAND_RULE procedure 16.9
  • DBMS_MACADM.UPDATE_CONNECT_COMMAND_RULE procedure 16.10
  • DBMS_MACADM.UPDATE_FACTOR_TYPE procedure 17.1.21
  • DBMS_MACADM.UPDATE_FACTOR procedure 17.1.20
  • DBMS_MACADM.UPDATE_IDENTITY procedure 17.1.22
  • DBMS_MACADM.UPDATE_MAC_POLICY procedure 19.6
  • DBMS_MACADM.UPDATE_POLICY_DESCRIPTION procedure 22.10
  • DBMS_MACADM.UPDATE_POLICY_STATE procedure 22.11
  • DBMS_MACADM.UPDATE_REALM_AUTH procedure 14.10
  • DBMS_MACADM.UPDATE_REALM procedure 14.9
  • DBMS_MACADM.UPDATE_ROLE procedure 18.1.4
  • DBMS_MACADM.UPDATE_RULE_SET procedure 15.1.10
  • DBMS_MACADM.UPDATE_RULE procedure 15.1.9
  • DBMS_MACADM.UPDATE_SESSION_EVENT_CMD_RULE procedure 16.11
  • DBMS_MACADM.UPDATE_SYSTEM_EVENT_CMD_RULE procedure 16.12
  • DBMS_MACADM package
    • about 23.1
    • command rule procedures, listed 16
    • factor procedures, listed 17.1
    • Oracle Label Security policy procedures, listed 19
    • realm procedures, listed 14
    • rule set procedures, listed 15.1
    • secure application role procedures, listed 18.1
  • DBMS_MACADM PL/SQL package contents 23.1
  • DBMS_MACSEC_ROLES.CAN_SET_ROLE function 18.2.1
  • DBMS_MACSEC_ROLES.SET_ROLE procedure 18.2.2
  • DBMS_MACSEC_ROLES package
  • DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED procedure 20.2.1
  • DBMS_MACUTL.GET_CODE_VALUE function 20.2.2
  • DBMS_MACUTL.GET_DAY function 20.2.6
  • DBMS_MACUTL.GET_HOUR function 20.2.5
  • DBMS_MACUTL.GET_MINUTE function 20.2.4
  • DBMS_MACUTL.GET_MONTH function 20.2.7
  • DBMS_MACUTL.GET_SECOND function 20.2.3
  • DBMS_MACUTL.GET_YEAR function 20.2.8
  • DBMS_MACUTL.IS_ALPHA function 20.2.9
  • DBMS_MACUTL.IS_DIGIT function 20.2.10
  • DBMS_MACUTL.IS_DVSYS_OWNER function 20.2.11
  • DBMS_MACUTL.IS_OLS_INSTALLED_VARCHAR function 20.2.13
  • DBMS_MACUTL.IS_OLS_INSTALLED function 20.2.12
  • DBMS_MACUTL.ROLE_GRANTED_ENABLED_VARCHAR function 20.2.14
  • DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function 20.2.15
  • DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function 20.2.17
  • DBMS_MACUTL.USER_HAS_ROLE function 20.2.16
  • DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function 20.2.18
  • DBMS_MACUTL package
    • about 20
    • constants (fields)
    • procedures and functions, listed 20.2
  • DBMS_MACUTL PL/SQL package contents 23.3
  • DBSNMP schema realm protection 4.2.3
  • DBSNMP user account
  • deinstallation B
  • DELETE_CATALOG_ROLE role 26.6.5.9
  • deleting event command rules 16.7
  • Denial of Service (DoS) attacks
    • reports
  • diagnostic view and table queries
    • MACADM procedure for authorization 21.1.8
    • MACADM procedure for revoking authorization 21.1.29
  • Direct and Indirect System Privileges By Database Account Report 26.6.2.2
  • Direct Object Privileges Report 26.6.1.3
  • direct system privileges 26.6.2.3
  • Direct System Privileges By Database Account Report 26.6.2.1
  • disabling system features with Disabled default rule set 5.4
  • domains
    • defined with factors 7.1
    • finding database domain with DVF.F$DATABASE_DOMAIN 17.3.4
    • finding with DVF.F$DOMAIN 17.3.9
  • DROP ROLE statement
  • DROP USER statement
  • dual key connection, dual key security
    • See: two-person integrity (TPI)
  • DV_ACCTMGR role E.4.2
    • about 13.2.4
    • backup account 13.4
    • Database Vault disabled 13.2.4
    • GRANT and REVOKE operations affected by 13.2.4
    • privileges associated with 13.2.4
    • realm protection 4.2.2
    • system privileges of 13.2.2
  • DV_ADMIN role
    • about 13.2.5
    • changing password for user granted DV_ADMIN 13.2.5
    • Database Vault disabled 13.2.5, 13.2.11
    • GRANT and REVOKE operations affected by 13.2.5
    • privileges associated with 13.2.5
  • DV_AUDIT_CLEANUP role
  • DV_DATAPUMP_NETWORK_LINK role
    • about 13.2.7
    • Database Vault disabled 13.2.7
    • GRANT and REVOKE operations affected by 13.2.7
    • privileges associated with 13.2.7
  • DV_GOLDENDATE_REDO role
    • privileges associated with 13.2.9
  • DV_GOLDENDGATE_ADMIN role
    • Database Vault disabled 13.2.8
  • DV_GOLDENGATE_ADMIN role 13.2.8
    • GRANT and REVOKE operations affected by 13.2.8
    • privileges associated with 13.2.8
  • DV_GOLDENGATE_REDO_ACCESS role 13.2.9
    • Database Vault disabled 13.2.9
    • GRANT and REVOKE operations affected by 13.2.9
  • DV_MONITOR role
  • DV_OWNER role E.4.1
    • about 13.2.11
    • backup account 13.4
    • changing password for user granted DV_OWNER 13.2.11
    • Database Vault disabled 13.2.11
    • GRANT and REVOKE operations affected by 13.2.11
    • privileges associated with 13.2.11
    • system privileges of 13.2.2
  • DV_PATCH_ADMIN role 13.2.12
    • Database Vault disabled 13.2.12
    • GRANT and REVOKE operations affected by 13.2.12
    • privileges associated with 13.2.12
    • SYS user 12.15
  • DV_POLICY_OWNER role
  • DV_SECANALYST role
  • DV_XSTREAM_ADMIN role 13.2.15
    • Database Vault disabled 13.2.15
    • GRANT and REVOKE operations affected by 13.2.15
    • privileges associated with 13.2.15
  • DVF account
    • auditing policy A.5
    • database accounts 13.3.2
  • DVF PL/SQL interface contents 23.5
  • DVF schema 17.3
  • DVSYS.DBA_DV_COMMON_OPERATION_STATUS view 24.44
  • DVSYS.DBA_DV_FACTOR_LINK view 24.13
  • DVSYS.DV$CONFIGURATION_AUDIT view 24.41
  • DVSYS.DV$ENFORCEMENT_AUDIT view 24.42
  • DVSYS.DV$REALM view 24.43
  • DVSYS.POLICY_OWNER_POLICY view 24.46
  • DVSYS.POLICY_OWNER_REALM_AUTH view 24.48
  • DVSYS.POLICY_OWNER_REALM_OBJECT view 24.49
  • DVSYS.POLICY_OWNER_REALM view 24.47
  • DVSYS.POLICY_OWNER_RULE_SET_RULE view 24.52
  • DVSYS.POLICY_OWNER_RULE_SET view 24.51
  • DVSYS.POLICY_OWNER_RULE view 24.50
  • DVSYS account 13.3.2
  • DVSYS schema

E

  • ENABLE_APP_PROTECTION procedure 21.1.20
  • enabling system features with Enabled default rule set 5.4
  • encrypted information 26.6.9.5
  • enterprise identities, Enterprise_Identity default factor 7.2
  • Enterprise Manager
    • See: Oracle Enterprise Manager
  • enterprise user security
    • configuring Database Vault accounts for 11.1.3
  • event handler
    • rule sets 5.5
  • example 6.1.3.2
  • examples 7.7.4
    • See also: tutorials
  • EXECUTE_CATALOG_ROLE role 26.6.5.9
    • impact of Oracle Database Vault installation 2.4
  • Execute Privileges to Strong SYS Packages Report 26.6.3.1
  • EXEMPT ACCESS POLICY system privilege 26.6.5.3
  • exporting data
    • See: Oracle Data Pump

F

  • Factor Audit Report 26.5.3
  • Factor Configuration Issues Report 26.4.4
  • factor identities
  • factors
    • about 7.1
    • assignment
    • assignment operation 26.5.3
    • audit events, custom A.3.1
    • child factors
    • creating 7.3
    • data dictionary views 7.11
    • DBA_DV_FACTOR view 24.11
    • DBA_DV_SIMULATION_LOG view 24.36
    • DBMS_MACUTL constants, example of 20.1.4
    • default factors 7.2
    • deleting 7.6
    • domain, finding with DVF.F$DOMAIN 17.3.9
    • evaluation operation 26.5.3
    • factor-identity pair mapping 7.4.6.2
    • functionality 7.7
    • functions
      • DBMS_MACUTL (utility) 20
      • DBMS_MACUTL constants (fields) 20.1.1
    • guidelines 7.9
    • identifying using child factors 7.4.6.1
    • identities
    • identity maps, deleting 7.4.6.3
    • initialization, command rules 6.1.1
    • invalid audit options 26.4.4
    • label 26.4.4
    • modifying 7.5
    • Oracle Virtual Private Database, attaching factors to 11.3
    • performance effect 7.10
    • procedures
      • DBMS_MACADM (configuration) 17.1
    • process flow 7.7
    • reports 7.11
    • retrieving 7.7.3
    • retrieving with GET_FACTOR 17.2.3
    • setting 7.7.4
    • setting with SET_FACTOR 17.2.2
    • troubleshooting
      • auditing report 26.5.3
      • configuration problems E.3
      • tips E.2
    • values (identities) 7.1
    • views
      • DBA_DV_FACTOR_LINK 24.13
      • DBA_DV_FACTOR_TYPE 24.12
      • DBA_DV_IDENTITY 24.14
      • DBA_DV_IDENTITY_MAP 24.15
      • DBA_DV_MAC_POLICY_FACTOR 24.18
    • ways to assign 7.4.2
  • Factor Without Identities Report 26.4.5
  • FLASHBACK TABLE SQL statement 4.1.1
  • functions
    • command rules
      • DBMS_MACUTL (utility) 20
    • DVSYS schema enabling 17.2
    • factors
      • DBMS_MACUTL (utility) 20
    • Oracle Label Security policy
      • DBMS_MACADM (configuration) 19
    • realms
      • DBMS_MACUTL (utility) 20
    • rule sets
      • DBMS_MACADM (configuration) 15.1
      • DBMS_MACUTL (utility) 20
      • PL/SQL functions for inspecting SQL 15.2
    • secure application roles
      • DBMS_MACADM (configuration) 18.1
      • DBMS_MACSEC_ROLES (configuration) 18.2
      • DBMS_MACUTL (utility) 20

G

  • general security reports 26.6
  • GRANT statement
  • guidelines
    • ALTER SESSION privilege D.6.6.1
    • ALTER SYSTEM privilege D.6.6.1
    • backup DV_OWNER and DV_ACCTMGR accounts 13.4
    • command rules 6.9
    • CREATE ANY JOB privilege D.6.3
    • CREATE EXTERNAL JOB privilege D.6.4
    • CREATE JOB privilege D.6.3
    • DBMS_FILE_TRANSFER package D.6.2.1
    • factors 7.9
    • general security D
    • LogMiner packages D.6.5
    • operating system access D.2.4
    • Oracle software owner D.4.2
    • performance effect 7.10
    • realms 4.14
    • root access D.2.4
    • root user access D.4.1
    • rule sets 5.11
    • secure application roles 8.2
    • SYSDBA access D.4.3
    • SYSDBA privilege, limiting D.2.3
    • SYSOPER access D.4.4
    • SYSTEM schema and application tables D.2.2
    • SYSTEM user account D.2.1
    • trusted accounts and roles D.3
    • using Database Vault in a production environment D.5
    • UTL_FILE package D.6.2.1

H

  • hackers
    • See: security attacks
  • Hierarchical System Privileges by Database Account Report 26.6.2.3
  • host names
    • finding with DVF.F$DATABASE_HOSTNAME 17.3.5

I

  • identities
    • See: factors, identities
  • Identity Configuration Issues Report 26.4.6
  • IDLE_TIME resource profile 26.6.6.2
  • IMP_FULL_DATABASE role
    • impact of Oracle Database Vault installation 2.4
  • importing data
    • See: Oracle Data Pump
  • incomplete rule set 26.4.4
  • Information Lifecycle Management 4.1.1
    • authorizations, about 12.4.1
    • granting users authorization for 12.4.2
    • revoking authorization from users 12.4.3
  • initialization parameters
    • Allow System Parameters default rule set 5.4
    • modified after installation 2.1
    • modified by Oracle Database Vault 2.1
    • reports 26.6.6
  • insider threats
    • See: intruders
  • installations
    • Database Vault and Label Security in a multitenant environment 3.2.5
    • security considerations D.6
  • intruders
    • See: security attacks
    • compromising privileged accounts 1.5
  • IP addresses
    • Client_IP default factor 7.2
    • defined with factors 7.1

J

  • Java Policy Grants Report 26.6.9.1
  • jobs, scheduling
    • See: Oracle Scheduler

L

  • labels 7.4.4
    • See also: Oracle Label Security
  • Label Security Integration Audit Report 26.5.4
  • languages
    • adding to Oracle Database Vault C.2
    • finding with DVF.F$LANG 17.3.15
    • finding with DVF.F$LANGUAGE 17.3.16
    • name
      • Lang default factor 7.2
      • Language default factor 7.2
  • LBACSYS account 13.3.2
    • See also: Oracle Label Security
  • LBACSYS schema
    • auditing policy A.5
    • realm protection 4.2.1
  • locked out accounts, solution for B.1
  • log files
    • Database Vault log files A.3.2
  • logging on
    • reports, Core Database Audit Report 26.6.8
  • LogMiner packages

M

  • managing user accounts and profiles
    • Can Maintain Accounts/Profiles default rule set 5.4
  • managing user accounts and profiles on own account, Can Maintain Own Accounts default rule set 5.4
  • mandatory realms
  • mapping identities 7.4.6.2
  • MDDATA schema realm protection 4.2.4
  • MDSYS schema realm protection 4.2.4
  • modules
    • function to return information about 17.3.12
  • monitoring
    • activities 25
  • multitenant container databases
    • See: CDBs
  • My Oracle Support
    • about

N

  • naming conventions
  • network protocol
    • finding with DVF.F$NETWORK_PROTOCOL 17.3.18
  • network protocol, Network_Protocol default factor 7.2
  • NOAUDIT statement
  • Non-Owner Object Trigger Report 26.6.9.7
  • nonsystem database accounts 26.6.1.3

O

  • Object Access By PUBLIC Report 26.6.1.1
  • Object Access Not By PUBLIC Report 26.6.1.2
  • Object Dependencies Report 26.6.1.4
  • object owners
    • nonexistent 26.4.1
    • reports
      • Command Rule Configuration Issues Report 26.4.1
  • object privilege reports 26.6.1
  • objects 24.31
    • See also: database objects
    • command rule objects
    • dynamic SQL use 26.6.9.3
    • mandatory realms 4.1.2
    • monitoring 25.1
    • object names
      • finding with DV_DICT_OBJ_NAME 15.2.7
    • object owners
      • finding with DV_DICT_OBJ_OWNER 15.2.6
    • realms
      • object name 4.3
      • object owner 4.3
      • object type 4.3
      • procedures for registering 14.2
    • reports
      • Access to Sensitive Objects Report 26.6.3.2
      • Accounts with SYSDBA/SYSOPER Privilege Report 26.6.3.4
      • Direct Object Privileges Report 26.6.1.3
      • Execute Privileges to Strong SYS Packages Report 26.6.3.1
      • Non-Owner Object Trigger Report 26.6.9.7
      • Object Access By PUBLIC Report 26.6.1.1
      • Object Access Not By PUBLIC Report 26.6.1.2
      • Object Dependencies Report 26.6.1.4
      • Objects Dependent on Dynamic SQL Report 26.6.9.3
      • OS Directory Objects Report 26.6.9.2
      • privilege 26.6.1
      • Public Execute Privilege To SYS PL/SQL Procedures Report 26.6.3.3
      • sensitive 26.6.3
      • System Privileges By Privilege Report 26.6.2.5
    • restricting user access to using mandatory realms 4.1.2
    • types
      • finding with DV_DICT_OBJ_TYPE 15.2.5
    • views, DBA_DV_REALM_OBJECT 24.31
  • Objects Dependent on Dynamic SQL Report 26.6.9.3
  • object types
    • supported for Database Vault realm protection 4.1.4
  • OEM
    • See: Oracle Enterprise Manager (OEM)
  • OEM_MONITOR schema realm protection 4.2.3
  • OLS
    • See: Oracle Label Security
  • operating system access
    • guideline for using with Database Vault D.2.4
  • operating systems
  • ORA_DV_AUDPOL2 predefined unified audit policy A.1
  • ORA_DV_AUDPOL predefined unified audit policy A.1
  • ORA-00942 error 8.8.7
  • ORA-01301 error 12.12.1
  • ORA-06512 error 20.2.1
  • ORA-47305 error 8.8.7
  • ORA-47400 error 12.12.1
  • ORA-47401 error 4.10.2.1, 12.12.1
  • ORA-47408 error 12.12.1
  • ORA-47409 error 12.12.1
  • ORA-47500 error 21.2
  • ORA-47503 error 3.2.3, 3.2.4
  • ORA-47920 error 20.2.1
  • Oracle Database Replay
    • authorizations, about 12.5.1
    • Database Vault authorization
      • granting for workload captures 21.1.5
      • granting for workload replays 21.1.6
      • revoking for workload captures 21.1.26
      • revoking for workload replays 21.1.27
    • granting users authorization for workload capture operations 12.5.2.1
    • granting users authorization for workload replay operations 12.5.2.2
    • revoking workload capture authorization from users 12.5.3.1
    • revoking workload replay authorization from users 12.5.3.2
  • Oracle Database Vault
    • about 1.1.1
    • components 1.3, 1.3.1
    • disabling
      • procedures for B
      • reasons for B.1
    • enabling
      • procedures for B
    • integrating with other Oracle products 11
    • Oracle Database installation, affect on 2
    • post-installation procedures C
    • privileges to use 1.2
    • registering
      • using DBCA 3.1
    • reinstalling C.4
    • roles
    • uninstalling C.3
  • Oracle Database Vault accounts
    • created during registration 13.3.1
  • Oracle Database Vault Administrator (DVA)
    • logging on from Oracle Enterprise Manager Cloud Control 3.4
  • Oracle Database Vault Administrator pages 1.3.5
  • Oracle Database Vault operations control
  • Oracle Database Vault policies
  • Oracle Database Vault realm 4.2.1
  • Oracle Database Vault registration
    • about 3.1
    • common users to manage specific PDBs 3.2.3
    • common user to manage CDB root 3.2.2
    • local users to manage specific PDBs 3.2.4
    • verifying configuration and enablement 3.3
  • Oracle Data Guard
    • how auditing is affected after intergration with Database Vault 11.5.3
    • integrating Database Vault with 11.5
  • Oracle Data Pump
    • archiving the Oracle Database Vault audit trail with A.4.2
    • authorizing transportable tablespace operations for Database Vault 12.2.3.3
    • DBA_DV_DATAPUMP_AUTH view 24.6
    • DBA_DV_TTS_AUTH view 24.38
    • DBMS_MACADM.AUTHORIZE_TTS_USER 21.1.13
    • DBMS_MACADM.UNAUTHORIZE_TTS_USER 21.1.34
    • granting authorization to use with Database Vault 12.2.2.3
    • guidelines before performing an export or import 12.2.4
    • levels of authorization required
    • MACADM procedure for authorization 21.1.4
    • realm protection 4.2.5
    • revoking standard authorization 12.2.2.4
    • revoking transportable tablespace authorization 12.2.3.4
    • using with Oracle Database Vault 12.2.1
  • Oracle Default Component Protection Realm 4.2.6
  • Oracle Default Schema Protection Realm 4.2.4
  • Oracle Enterprise Manager
    • DBSNMP account
    • using Oracle Database Vault with 12.1
  • Oracle Enterprise Manager Cloud Control
    • monitoring Database Vault for attempted violations 13.2.10
    • propagating Database Vault configurations to other databases 12.1.1
    • starting Oracle Database Vault from 3.4
  • Oracle Enterprise Manager realm 4.2.3
  • Oracle Enterprise User Security, integrating with Oracle Database Vault 11.1
  • Oracle Flashback Technology 4.1.1, 6.1.1
  • Oracle GoldenGate
    • Database Vault role used for
      • DV_GOLDENGATE_ADMIN 13.2.8
      • DV_GOLDENGATE_REDO_ACCESS 13.2.9
    • in an Oracle Database Vault environment 12.11
  • Oracle Internet Directory, registering with DBCA 11.6
  • Oracle Internet Directory Distinguished Name, Proxy_Enterprise_Identity default factor 7.2
  • Oracle Label Security
    • using OLS_LABEL_DOMINATES function in rule expressions 15.1.2
  • Oracle Label Security (OLS) 13.3.2
    • See also: LBACSYS account
    • audit events, custom A.3.1
    • checking if installed using DBMS_MACUTL functions 20.2
    • data dictionary views 11.4.5
    • functions
      • DBMS_MACUTL (utility) 20.1.1
    • how Database Vault integrates with 11.4.1
    • initialization, command rules 6.1.1
    • integration with Oracle Database Vault
    • labels
      • about 7.4.4
      • determining with GET_FACTOR_LABEL 17.2.4
      • invalid label identities 26.4.6
    • policies
    • procedures
      • DBMS_MACADM (configuration) 19
    • reports 11.4.5
    • views
      • DBA_DV_MAC_POLICY 24.17
      • DBA_DV_MAC_POLICY_FACTOR 24.18
      • DBA_DV_POLICY_LABEL 24.23
  • Oracle MetaLink
    • See: My Oracle Support
  • Oracle OLAP realm protection 4.2.4
  • Oracle Real Application Clusters
    • configuring Database Vault on RAC nodes C.1
    • multiple factor identities 7.4.2
    • uninstalling Oracle Database Vault from C.3
  • Oracle Recovery Manager (RMAN)
    • in an Oracle Database Vault environment 12.9
  • Oracle Scheduler
    • DBA_DV_JOB_AUTH view 24.16
    • granting Oracle Database Vault authorization 12.3.2
    • realm protection 4.2.5
    • revoking Oracle Database Vault authorization 12.3.3
    • SCHEDULER_ADMIN role, impact of Oracle Database Vault installation 2.4
    • using with Oracle Database Vault 12.3.1
  • Oracle software owner, guidelines on managing D.4.2
  • Oracle Spatial realm protection 4.2.4
  • Oracle System Privilege and Role Management Realm 4.2.5
  • Oracle Text realm protection 4.2.4
  • Oracle Virtual Private Database (VPD)
    • accounts that bypass 26.6.5.3
    • factors, attaching to 11.3
    • GRANT EXECUTE privileges with Grant VPD Administration default rule set 5.4
    • using Database Vault factors with Oracle Label Security 11.4.4.1
  • ORADEBUG utility
    • about 12.14
    • DBA_DV_ORADEBUG view 24.20
    • PL/SQL procedure for disabling in Database Vault 21.1.19
    • PL/SQL procedure for enabling in Database Vault 21.1.24
    • using with Database Vault 12.14
  • OS_ROLES initialization parameter 2.1
  • OS Directory Objects Report 26.6.9.2
  • OS Security Vulnerability Privileges Report 26.6.5.11
  • OUTlN schema realm protection 4.2.6

P

  • parameters
    • modified after installation 2.1
    • reports
      • Security Related Database Parameters Report 26.6.6.1
  • Password History Access Report 26.6.5.6
  • passwords
    • forgotten, solution for B.1
    • reports 26.6.7
      • Database Account Default Password Report 26.6.7.1
      • Password History Access Report 26.6.5.6
      • Username/Password Tables Report 26.6.9.5
    • resetting for DV_ACCTMGR user E.4.2
    • resetting for DV_OWNER user E.4.1
  • patches
    • auditing DV_PATCH_ADMIN user 13.2.12
    • DBMS_MACADM.DISABLE_DV_PATCH_ADMIN_AUDIT procedure 21.1.18
    • DBMS_MACADM.ENSABLE_DV_PATCH_ADMIN_AUDIT procedure 21.1.23
    • DV_PATCH_ADMIN requirement for 13.2.12
    • security consideration D.6
    • two-person integrity used for 5.10.1
  • patch operations in Database Vault environment 12.15
  • PDBs
  • performance effect
    • command rules 6.10
    • realms 4.15
    • reports
    • rule sets 5.12
    • secure application roles 8.9
    • static evaluation for rule sets 5.12
  • performance tools
    • Automatic Workload Repository (AWR)
      • command rules 6.10
      • factors 7.10
      • Oracle Enterprise Manager
        • performance tools 4.15
      • performance tools
        • Cloud Control, realms 4.15
        • Oracle Enterprise Manager
      • realms 4.15
      • rule sets 5.12
      • secure application roles 8.9
    • Oracle Enterprise Manager
      • command rules 6.10
      • factors 7.10
      • performance tools
        • Oracle Enterprise Manager Cloud Control
          • command rules 6.10
      • rule sets 5.12
      • secure application roles 8.9
    • Oracle Enterprise Manager Cloud Control
      • factors 7.10
      • rule sets 5.12
      • secure application roles 8.9
    • TKPROF utility
  • PL/SQL
    • packages
  • PL/SQL factor functions 17.3
  • pluggable databases
    • See: PDBs
  • policies
    • See: Oracle Database Vault policies
  • POLICY_OWNER_COMMAND_RULE view 24.45
  • policy changes, monitoring 25.1
  • post-installation procedures C
  • preprocessor programs
    • about executing in Database Vault environment 12.6.1
    • authorizing users in Database Vault environment 12.6.2
    • Database Vault authorization
    • revoking authorization from Database Vault users 12.6.3
  • privileges
    • checking with DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function 20.2
    • existing users and roles, Database Vault affect on 2.4
    • least privilege principle
    • monitoring
      • GRANT statement 25.1
      • REVOKE statement 25.1
    • Oracle Database Vault restricting 2.2
    • prevented from existing users and roles 2.5
    • reports
      • Accounts With DBA Roles Report 26.6.5.2
      • ALTER SYSTEM or ALTER SESSION Report 26.6.5.5
      • ANY System Privileges for Database Accounts Report 26.6.2.4
      • AUDIT Privileges Report 26.6.5.10
      • Database Accounts With Catalog Roles Report 26.6.5.9
      • Direct and Indirect System Privileges By Database Account Report 26.6.2.2
      • Direct System Privileges By Database Account Report 26.6.2.1
      • Hierarchical System Privileges By Database Account Report 26.6.2.3
      • listed 26.6.4
      • OS Directory Objects Report 26.6.9.2
      • Privileges Distribution By Grantee, Owner, Privilege Report 26.6.4.3
      • Privileges Distribution By Grantee, Owner Report 26.6.4.2
      • Privileges Distribution By Grantee Report 26.6.4.1
      • WITH GRANT Privileges Report 26.6.5.7
    • restricting access using mandatory realms 4.1.2
    • roles
      • checking with DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function 20.2
    • system
      • checking with DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function 20.2
    • views
      • DBA_DV_PUB_PRIVS 24.28
      • DBA_DV_USER_PRIVS 24.39
      • DBA_DV_USER_PRIVS_ALL 24.40
  • Privileges Distribution By Grantee, Owner, Privilege Report 26.6.4.3
  • Privileges Distribution By Grantee, Owner Report 26.6.4.2
  • Privileges Distribution By Grantee Report 26.6.4.1
  • privileges using external password 26.6.3.4
  • problems, diagnosing E.1.1
  • procedures
    • command rules
      • .DBMS_MACADM (configuration) 16
    • factors
      • DBMS_MACADM (configuration) 17.1
    • realms
      • DBMS_MACADM (configuration) 14
  • production environments
    • guidelines for securing D.5
  • profiles 26.6.6
  • proxy user authorization
  • proxy users
    • function to return name of 17.3.20
  • PUBLIC access to realms 4.9
  • Public Execute Privilege To SYS PL/SQL Procedures Report 26.6.3.3
  • PUBLIC user account
    • impact of Oracle Database Vault installation 2.4

Q


R

  • Realm Audit Report 26.5.1
  • Realm Authorization Configuration Issues Report 26.4.3
  • realm authorizations:multitenant environment 4.7
  • realms 4.3
    • See also: rule sets
    • about 4.1.1
    • adding roles to as grantees 4.14
    • audit events, custom A.3.1
    • authentication-related procedures 14.1
    • authorization
      • enabling access to realm-protected objects 4.11
      • how realm authorizations work 4.10
      • process flow 4.10
      • troubleshooting E.2
    • authorizations
    • authorizations in multitenant environment 4.8
    • creating 4.3
    • creating names 4.3
    • Database Vault Account Management realm 4.2.2
    • data dictionary views 4.16
    • data masking 12.12.3
    • DBMS_MACUTL constants, example of 20.1.2
    • default realms
    • deleting 4.5
    • effect on other Oracle Database Vault components 4.13
    • enabling access to realm-protected objects 4.11
    • example 4.12
    • functions
      • DBMS_MACUTL (utility) 20
      • DBMS_MACUTL constants (fields) 20.1.1
    • guidelines 4.14
    • how realms work 4.9
    • mandatory realms 4.1.2
    • modifying 4.4
    • multitenant environment
    • naming conventions 4.3
    • object-related procedures 14.2
    • object types, supported 4.1.4
    • Oracle Database Vault realm 4.2.1
    • Oracle Default Component Protection Realm 4.2.6
    • Oracle Default Schema Protection Realm 4.2.4
    • Oracle Enterprise Manager realm 4.2.3
    • Oracle System Privilege and Role Management Realm 4.2.5
    • performance effect 4.15
    • procedures
      • DBMS_MACADM (configuration) 14
    • process flow 4.9
    • propagating configuration to other databases 12.1.1
    • protection after object is dropped 4.14
    • PUBLIC access 4.9
    • realm authorizations
    • realm secured objects
      • object name 4.3
      • object owner 4.3
      • object type 4.3
    • realm-secured objects 4.6
    • reports 4.16
    • secured object 26.4.3
    • simulation mode 10.1
    • territory a realm protects 4.6
    • troubleshooting E.2, E.3
    • tutorial 3.5.1
    • views
      • DBA_DV_CODE 24.4
      • DBA_DV_MAINTENANCE_AUTH 24.19
      • DBA_DV_POLICY 24.22
      • DBA_DV_POLICY_OBJECT 24.24
      • DBA_DV_POLICY_OWNER 24.25
      • DBA_DV_REALM 24.29
      • DBA_DV_REALM_OBJECT 24.31
      • DBS_DV_REALM_AUTH 24.30
      • DVSYS.POLICY_OWNER_COMMAND_RULE 24.45
      • DVSYS.POLICY_OWNER_POLICY 24.46
      • DVSYS.POLICY_OWNER_REALM 24.47
      • DVSYS.POLICY_OWNER_REALM_AUTH 24.48
      • DVSYS.POLICY_OWNER_REALM_OBJECT 24.49
      • DVSYS.POLICY_OWNER_RULE 24.50
      • DVSYS.POLICY_OWNER_RULE_SET 24.51
      • DVSYS.POLICY_OWNER_RULE_SET_RULE 24.52
  • recovering lost password E.4.1, E.4.2
  • RECOVERY_CATALOG_OWNER role 26.6.5.9
  • RECYCLEBIN initialization parameter
    • default setting in Oracle Database Vault 2.1
  • registering Oracle Database Vault 3.1
  • registration
    • multitenant, about 3.2.1
  • reinstalling Oracle Database Vault C.4
  • REMOTE_LOGIN_PASSWORDFILE initialization parameter 2.1
  • reports
    • about 26.1
    • Access to Sensitive Objects Report 26.6.3.2
    • Accounts With DBA Roles Report 26.6.5.2
    • Accounts with SYSDBA/SYSOPER Privilege Report 26.6.3.4
    • ALTER SYSTEM or ALTER SESSION Report 26.6.5.5
    • ANY System Privileges for Database Accounts Report 26.6.2.4
    • auditing 26.5
    • AUDIT Privileges Report 26.6.5.10
    • BECOME USER Report 26.6.5.4
    • categories of 26.1
    • Command Rule Audit Report 26.5.2
    • Command Rule Configuration Issues Report 26.4.1
    • Core Database Audit Report 26.6.8
    • Core Database Vault Audit Trail Report 26.5.5
    • Database Account Default Password Report 26.6.7.1
    • Database Account Status Report 26.6.7.2
    • Database Accounts With Catalog Roles Report 26.6.5.9
    • Direct and Indirect System Privileges By Database Account Report 26.6.2.2
    • Direct Object Privileges Report 26.6.1.3
    • Direct System Privileges By Database Account Report 26.6.2.1
    • Enterprise Manager Cloud Control 12.1.3
    • Execute Privileges to Strong SYS Packages Report 26.6.3.1
    • Factor Audit Report 26.5.3
    • Factor Configuration Issues Report 26.4.4
    • Factor Without Identities 26.4.5
    • general security 26.6
    • Hierarchical System Privileges by Database Account Report 26.6.2.3
    • Identity Configuration Issues Report 26.4.6
    • Java Policy Grants Report 26.6.9.1
    • Label Security Integration Audit Report 26.5.4
    • Non-Owner Object Trigger Report 26.6.9.7
    • Object Access By PUBLIC Report 26.6.1.1
    • Object Access Not By PUBLIC Report 26.6.1.2
    • Object Dependencies Report 26.6.1.4
    • Objects Dependent on Dynamic SQL Report 26.6.9.3
    • OS Directory Objects Report 26.6.9.2
    • OS Security Vulnerability Privileges 26.6.5.11
    • Password History Access Report 26.6.5.6
    • permissions for running 26.2
    • privilege management 26.6.4
    • Privileges Distribution By Grantee, Owner, Privilege Report 26.6.4.3
    • Privileges Distribution By Grantee, Owner Report 26.6.4.2
    • Privileges Distribution By Grantee Report 26.6.4.1
    • Public Execute Privilege To SYS PL/SQL Procedures Report 26.6.3.3
    • Realm Audit Report 26.5.1
    • Realm Authorization Configuration Issues Report 26.4.3
    • Resource Profiles Report 26.6.6.2
    • Roles/Accounts That Have a Given Role Report 26.6.5.8
    • Rule Set Configuration Issues Report 26.4.2
    • running 26.3
    • Secure Application Configuration Issues Report 26.4.7
    • Secure Application Role Audit Report 26.5.6
    • Security Policy Exemption Report 26.6.5.3
    • Security Related Database Parameters 26.6.6.1
    • security vulnerability 26.6.9
    • System Privileges By Privilege Report 26.6.2.5
    • System Resource Limits Report 26.6.6.3
    • Tablespace Quotas Report 26.6.9.6
    • Unwrapped PL/SQL Package Bodies Report 26.6.9.4
    • Username /Password Tables Report 26.6.9.5
    • WITH ADMIN Privileges Grants Report 26.6.5.1
    • WITH GRANT Privileges Report 26.6.5.7
  • Resource Profiles Report 26.6.6.2
  • resources
    • reports
  • REVOKE statement
  • roles 8.1
    • See also: secure application roles
    • adding to realms as grantees 4.14
    • catalog-based 26.6.5.9
    • Database Vault default roles 13.2.1
    • privileges, checking with DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function 20.2
    • role-based system privileges 26.6.2.3
    • role enablement in incomplete rule set 26.4.7
  • Roles/Accounts That Have a Given Role Report 26.6.5.8
  • root access
    • guideline for using with Database Vault D.2.4
    • guidelines on managing D.4.1
  • rules 5.6.1
    • See also: rule sets
  • Rule Set Configuration Issues Report 26.4.2
  • rule sets 5.1
    • See also: command rules, factors, realms, rules, secure application roles
    • about 5.1
    • adding existing rules 5.6.4
    • auditing
      • intruders
        • using rule sets 5.5
    • audit options 5.5
    • command rules
    • creating 5.5
    • creating names 5.5
    • data dictionary views 5.13
    • DBMS_MACUTL constants, example of 20.1.3
    • default, no longer supported 5.3
    • default rules 5.6.2
    • default rule sets 5.4
    • deleting 5.8
    • disabled for
    • evaluation of rules 5.6.1
    • event handlers 5.5
    • events firing, finding with DV_SYSEVENT 15.2.1
    • fail code 5.5
    • fail message 5.5
    • functions
      • DBMS_MACADM (configuration) 15.1
      • DBMS_MACUTL (utility) 20
      • DBMS_MACUTL constants (fields) 20.1.1
      • PL/SQL functions for rule sets 15.2
    • guidelines 5.11
    • how rule sets work 5.9.1
    • incomplete 26.4.1
    • modifying 5.7
    • multitenant environment
    • naming conventions 5.5
    • nested rules 5.9.2
    • performance effect 5.12
    • procedures
      • DBMS_MACADM (configuration) 15.1
    • process flow 5.9.1
    • propagating configuration to other databases 12.1.1
    • reports 5.13
    • rule sets
      • evaluation options 5.5
    • rules that exclude one user 5.9.3
    • security attacks
      • tracking
        • with rule set auditing 5.5
    • static evaluation 5.11
    • troubleshooting E.2, E.3
    • views
  • rules sets
    • audit event, custom A.3.1

S

  • SCHEDULER_ADMIN role
    • impact of Oracle Database Vault installation 2.4
  • scheduling database jobs
    • CREATE EXTERNAL JOB privilege security consideration D.6.4
  • scheduling jobs
    • See: Oracle Scheduler
  • schemas
  • Secure Application Configuration Issues Report 26.4.7
  • secure application role 8.1
  • Secure Application Role Audit Report 26.5.6
  • secure application roles 8.1
    • See also: roles, rule sets
    • audit event, custom A.3.1
    • creating 8.3
    • data dictionary view 8.10
    • DBMS_MACSEC_ROLES.SET_ROLE function 8.3
    • deleting 8.6
    • enabling Oracle Database roles to work with Oracle Database Vault 8.4
    • functionality 8.7
    • functions
      • DBMS_MACADM (configuration) 18.1
      • DBMS_MACSEC_ROLES (configuration) 18.2
      • DBMS_MACSEC_ROLES package 18.2
      • DBMS_MACUTL (utility) 20
      • DBMS_MACUTL constants (fields) 20.1.1
    • guidelines on managing 8.2
    • modifying 8.5
    • performance effect 8.9
    • procedure
      • DBMS_MACADM (configuration) 18.1
    • procedures and functions
      • DBMS_MACUTL (utility) 20.2
    • propagating configuration to other databases 12.1.1
    • reports 8.10
      • Rule Set Configuration Issues Report 26.4.2
    • troubleshooting E.3
    • troubleshooting with auditing report 26.5.6
    • tutorial 8.8.1
    • views
  • security attacks
    • Denial of Service (DoS) attacks
      • finding system resource limits 26.6.6.3
    • Denial of Service attacks
    • eliminating audit trail 26.6.5.10
    • monitoring security violations 25.1
    • Oracle Database Vault addressing compromised privileged user accounts 1.5
    • reports
      • AUDIT Privileges Report 26.6.5.10
      • Objects Dependent on Dynamic SQL Report 26.6.9.3
      • Privileges Distribution By Grantee, Owner Report 26.6.4.2
      • Unwrapped PL/SQL Package Bodies Report 26.6.9.4
    • SQL injection attacks 26.6.9.3
  • security policies, Oracle Database Vault addressing 1.6
  • Security Policy Exemption Report 26.6.5.3
  • Security Related Database Parameters Report 26.6.6.1
  • security violations
    • monitoring attempts 25.1
  • security vulnerabilities
    • how Database Vault addresses 1.7
    • operating systems 26.6.5.11
    • reports 26.6.9
      • Security Related Database Parameters Report 26.6.6.1
    • root operating system directory 26.6.9.2
  • SELECT_CATALOG_ROLE role 26.6.5.9
  • sensitive objects reports 26.6.3
  • separation of duty concept
    • about D.1.1
    • command rules 6.2
    • database accounts, suggested 13.3.3
    • database roles 2.3
    • documenting tasks D.1.4
    • example matrix D.1.3
    • how Oracle Database Vault addresses 2.3
    • realms 1.7
    • restricting privileges 2.2
    • roles 13.2.1
    • tasks in Oracle Database Vault environment D.1.2
  • session event command rule
  • session event command rules
    • creating for events 16.3
    • deleting 16.7
  • sessions
    • audit events, custom A.3.1
    • DBMS_MACUTL fields 20.1.1
    • finding session user with DVF.F$SESSION_USER 17.3.21
    • retrieving information with functions 17.1
  • simulation mode
  • simulation mode, realms
    • considerations 10.3.1
    • use cases
      • adding authorized users to a realm 10.3.6
      • adding new objects to a realm 10.3.4
      • all in simulation mode 10.3.2
      • new realms introduced to existing realms 10.3.3
      • removing authorized users from a realm 10.3.7
      • removing objects from a realm 10.3.5
      • testing new changes to an existing command rule 10.3.9
      • testing new factors with realms 10.3.8
  • SQL92_SECURITY initialization parameter 2.1
  • SQL injection attacks, detecting with Object Dependent on Dynamic SQL Report 26.6.9.3
  • SQL statements
    • default command rules that protect 6.2
  • SQL statements protected by 6.3
  • SQL text, finding with DV_SQL_TEXT 15.2.8
  • subfactors
    • See: child factors under factors topic
  • SYSDBA access
    • guidelines on managing D.4.3
  • SYSDBA privilege
    • limiting, importance of D.2.3
  • SYSOPER access
    • guidelines on managing D.4.4
  • system event command rule
  • system event command rules
  • system features
    • disabling with Disabled rule set 5.4
    • enabling with Enabled rule set 5.4
  • system privileges
    • checking with DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function 20.2
    • Oracle Database Vault roles 13.2.2
    • reports
      • System Privileges By Privileges Report 26.6.2.5
  • System Privileges By Privilege Report 26.6.2.5
  • System Resource Limits Report 26.6.6.3
  • system root access, guideline on managing D.4.1
  • SYSTEM schema
    • application tables in D.2.2
    • realm protection 4.2.6
  • SYSTEM user account
    • guidelines for using with Database Vault D.2.1
  • SYS user, patch operations 12.15
  • SYS user account
    • adding to realm authorization 4.14
    • protecting unified audit trail from A.2

T

  • tablespace quotas 26.6.9.6
  • Tablespace Quotas Report 26.6.9.6
  • time data
    • DBMS_MACUTL functions 20.2
  • trace files
  • trace files, Oracle Database Vault
    • about E.1.1
    • activities that can be traced E.1.2
    • ADRCI utility E.1.6.3
    • directory location for trace files E.1.6.1
    • disabling for all sessions E.1.10.2
    • disabling for current session E.1.10.1
    • enabling for all sessions E.1.5.2
    • enabling for current session E.1.5.1
    • examples
      • highest level on realm violations E.1.9
      • high level authorization E.1.8
      • low level realm violations E.1.7
    • finding trace file directory E.1.6.1
    • levels of trace events E.1.3
    • performance effect E.1.4
    • querying
  • traisimulationning mode
  • Transparent Data Encryption, used with Oracle Database Vault 11.2
  • transportable tablespaces
    • authorizing for Oracle Data Pump operations in Database Vault 12.2.3.3
    • DBA_DV_TTS_AUTH view 24.38
    • DBMS_MACADM.AUTHORIZE_TTS_USER procedure 21.1.13
    • DBMS_MACADM.UNAUTHORIZE_TTS_USER procedure 21.1.34
  • triggers
    • different from object owner account 26.6.9.7
    • reports, Non-Owner Object Trigger Report 26.6.9.7
  • troubleshooting
    • access security sessions 26.5.5
    • auditing reports, using 26.5
    • factors E.2
    • general diagnostic tips E.2
    • locked out accounts B.1
    • passwords, forgotten B.1
    • realms E.2
    • rules E.2
    • rule sets E.2
    • secure application roles 26.5.6
  • trusted users
    • accounts and roles that should be limited D.4
    • default for Oracle Database Vault D.3
  • trust levels
    • about 7.4.3
    • determining for identities with GET_TRUST_LEVEL_FOR_IDENTITY 17.2.6
    • determining with GET_TRUST_LEVEL 17.2.5
    • factor identity 7.4.3
    • factors 7.4.5
    • for factor and identity requested 17.2.6
    • identities 7.4.2
    • of current session identity 17.2.5
  • tutorials 7.7.4
    • See also: examples
    • access, granting with secure application roles 8.8.1
    • ad hoc tool access, preventing 7.8.1
    • configuring two-person integrity (TPI) 5.10.1
    • Database Vault factors with Virtual Private Database and Oracle Label Security 11.4.4.1
    • Oracle Label Security integration with Oracle Database Vault 11.4.4.1
    • restricting user activities with command rules 6.8
    • schema, protecting with a realm 3.5.1
    • simulation mode 10.4
  • two-man rule security
    • See: two-person integrity (TPI)
  • two-person integrity (TPI)

U

  • UNAUTHORIZE_MAINTENANCE_USER procedure 21.1.30
  • unified auditing
    • in Oracle Database Vault A.1
    • predefined audit policies A.1
  • unified audit trail
    • how it works with Database Vault A.1
    • protecting with a realm A.2
  • uninstalling Oracle Database Vault C.3
  • Unwrapped PL/SQL Package Bodies Report 26.6.9.4
  • USER_HISTORY$ table 26.6.5.6
  • user authorization
    • Database Vault authorization for ILM
    • Database Vault authorization for Information Lifecycle Management
  • Username/Password Tables Report 26.6.9.5
  • user names
    • reports, Username/Password Tables Report 26.6.9.5
  • users
    • enterprise identities, finding with DVF.F$PROXY_ENTERPRISE_IDENTITY 17.3.19
    • enterprise-wide identities, finding with DVF.F$ENTERPRISE_IDENTITY 17.3.13
    • finding session user with DVF.F$SESSION_USER 17.3.21
    • login user name, finding with DV_LOGIN_USER 15.2.2
  • utility functions
    • See: .DBMS_MACUTL package
  • UTL_FILE object 26.6.1.4
  • UTL_FILE package, guidelines on managing D.6.2.1

V

  • views 24.1
    • See also: names beginning with DVSYS.DBA_DV
    • AUDSYS.DV$CONFIGURATION_AUDIT 24.53
    • AUDSYS.DV$ENFORCEMENT_AUDIT 24.54
    • CDB_DV_STATUS 24.2
    • DBA_DV_APP_EXCEPTION 24.3
    • DBA_DV_CODE 24.4
    • DBA_DV_COMMAND_RULE 24.5
    • DBA_DV_DATAPUMP_AUTH 24.6
    • DBA_DV_DBCAPTURE_AUTH 24.7
    • DBA_DV_DBREPLAY_AUTH 24.8
    • DBA_DV_DDL_AUTH 24.9
    • DBA_DV_DICTIONARY_ACCTS 24.10
    • DBA_DV_FACTOR 24.11
    • DBA_DV_FACTOR_TYPE 24.12
    • DBA_DV_IDENTITY 24.14
    • DBA_DV_IDENTITY_MAP 24.15
    • DBA_DV_JOB_AUTH 24.16
    • DBA_DV_MAINTENANCE_AUTH 24.19
    • DBA_DV_ORADEBUG 24.20
    • DBA_DV_PATCH_ADMIN_AUDIT 24.21
    • DBA_DV_POLICY 24.22
    • DBA_DV_POLICY_LABEL 24.23
    • DBA_DV_POLICY_OBJECT 24.24
    • DBA_DV_POLICY_OWNER 24.25
    • DBA_DV_PREPROCESSOR_AUTH 24.26
    • DBA_DV_PROXY_AUTH 24.27
    • DBA_DV_PUB_PRIVS 24.28
    • DBA_DV_REALM 24.29
    • DBA_DV_REALM_AUTH 24.30
    • DBA_DV_REALM_OBJECT 24.31
    • DBA_DV_ROLE 24.32
    • DBA_DV_RULE_SET 24.34
    • DBA_DV_RULE_SET_RULE 24.35
    • DBA_DV_SIMULATION_LOG 24.36
    • DBA_DV_STATUS 24.37
    • DBA_DV_TTS_AUTH 24.38
    • DBA_DV_USER_PRIVS 24.39
    • DBA_DV_USER_PRIVS_ALL 24.40
    • DVSYS.DBA_DV_COMMON_OPERATION_STATUS 24.44
    • DVSYS.DV$CONFIGURATION_AUDIT 24.41
    • DVSYS.DV$ENFORCEMENT_AUDIT 24.42
    • DVSYS.DV$REALM 24.43
    • DVSYS.POLICY_OWNER_COMMAND_RULE 24.45
    • DVSYS.POLICY_OWNER_POLICY 24.46
    • DVSYS.POLICY_OWNER_REALM 24.47
    • DVSYS.POLICY_OWNER_REALM_AUTH 24.48
    • DVSYS.POLICY_OWNER_REALM_OBJECT 24.49
    • DVSYS.POLICY_OWNER_RULE 24.50
    • DVSYS.POLICY_OWNER_RULE_SET 24.51
    • DVSYS.POLICY_OWNER_RULE_SET_RULE 24.52
  • VPD
    • See: Oracle Virtual Private Database (VPD)

W


X

  • XStream
    • Database Vault role used for 13.2.15
    • in an Oracle Database Vault environment 12.10