Index

A B C D E F G H I J L M N O P Q R S T U V W

Symbols

% wildcard, 11.3

A

access control policy

configuring with tools and components

Oracle Label Security PL/SQL APIs, 1.2.6

Oracle Policy Manager, 1.2.6

reports

Core Database Vault Audit Report, 11.4.2.5

access control run-time PL/SQL procedures and functions, H.1

Access to Sensitive Objects Report, 11.5.3.2

accounts

See database accounts

Accounts With DBA Roles Report, 11.5.5.2

Accounts with SYSDBA/SYSOPER Privilege Report, 11.5.3.4

ALTER DATABASE statement

monitoring, 10.2

ALTER ROLE statement

monitoring, 10.3

ALTER SESSION privilege

reports, ALTER SYSTEM or ALTER SESSION Report, 11.5.5.5

trace files, enabling, J.1

ALTER SESSION statement

guidelines on managing privileges, I.3.6

ALTER SYSTEM or ALTER SESSION Report, 11.5.5.5

ALTER SYSTEM privilege

reports, ALTER SYSTEM or ALTER SESSION Report, 11.5.5.5

ALTER SYSTEM statement

controlling with command rules, 6.1

guidelines on managing privileges, I.3.6

ALTER TABLE statement

monitoring, 10.2

ALTER USER statement

monitoring, 10.3

ANY privileges, D.2.6

ANY System Privileges for Database Accounts Report, 11.5.2.4

APIs

See DVSYS.DBMS_MACADM package, DVSYS.DBMS_MACSEC_ROLES package, DVSYS.DBMS_MACUTL package

audit policy change

monitoring, 10.3

AUDIT privilege, 11.5.5.10

AUDIT Privileges Report, 11.5.5.10

AUDIT_SYS_OPERATIONS initialization parameter, 2.1.1

AUDIT_TRAIL initialization parameter

effect on auditing policy, A.2

effect on Core Database Audit Report, 11.5.8

effect on monitoring database, 10.3

example of setting, A.2

AUDIT_TRAIL$ system table

archiving, A.5

format, A.4.2

auditing

archiving Database Vault audit trail, A.5

Core Database Audit Report, 11.5.8

Database Vault policy settings, A.3

DVSYS.DBMS_MACUTL fields, G.1

factors

options, 7.3

intruders

using factors, 7.3

using rule sets, 5.3

realms

DVSYS.DBMS_MACUTL fields, G.1

options, 4.3

reports, 11.4.2

rule sets

DVSYS.DBMS_MACUTL fields, G.1

options, 5.3

secure application roles

audit records, 8.8

troubleshooting, J.1

views used to audit events, D.4

B

BECOME USER Report, 11.5.5.4

BECOME USER system privilege

about, 11.5.5.4

C

catalog-based roles, 11.5.5.9

child factors

See factors

clients

finding IP address with DVF.F$CLIENT_IP, H.2

code groups

DVSYS.DBMS_MACUTL fields, G.1

ID, retrieving with DVSYS.DBMS_MACUTL functions, G.2

retrieving value with DVSYS.DBMS_MACUTL functions, G.2

Command Rule Audit Report, 11.4.2.2

Command Rule Configuration Issues Report, 11.4.1.1

command rules

about, 6.1

audit event, custom, A.4.1

creating, 6.4

default command rules, 6.2

deleting, 6.5

diagnosing behavior, J.1

editing, 6.4

example, 6.7

functions

DVSYS.DBMS_MACADM (configuration), E.3

DVSYS.DBMS_MACUTL (utility), G

guidelines, 6.8

how command rules work, 6.6

objects

name, 6.4

owner, 6.4

performance effect, 6.9

process flow, 6.6

reports, 6.10

rule sets

selecting, 6.4

used with, 6.1

troubleshooting

general diagnostic advice, J.1

with auditing report, 11.4.2.2

views, D.4

See also rule sets

compliance

Oracle Database Vault addressing, 1.3

computer name

finding with DVF.F$MACHINE, H.2

Machine default factor, 7.2

configuration

changes, monitoring, 10.3

D

data definition language (DDL)

statement

controlling with command rules, 6.1

data dictionary

adding DV_ACCTMGR role to realm, 3.2.1

data manipulation language (DML)

statement

checking with DVSYS.DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED function, G.2

controlling with command rules, 6.1

data Oracle Database Vault recognizes

See factors

Database Account Default Password Report, 11.5.7.1

Database Account Status Report, 11.5.7.2

database accounts

counting privileges of, 11.5.4.1

creation scenarios, D.3.1, D.3.1

DBSNMP, 4.2

default Oracle Database Vault, D.3.1

DVSYS, D.3

LBACSYS, D.3

monitoring, 10.3

reports

Accounts With DBA Roles Report, 11.5.5.2

ALTER SYSTEM or ALTER SESSION Report, 11.5.5.5

ANY System Privileges for Database Accounts Report, 11.5.2.4

AUDIT Privileges Report, 11.5.5.10

BECOME USER Report, 11.5.5.4

Database Account Default Password Report, 11.5.7.1

Database Account Status Report, 11.5.7.2

Database Accounts With Catalog Roles Report, 11.5.5.9

Direct and Indirect System Privileges By Database Account Report, 11.5.2.2

Direct Object Privileges Report, 11.5.1.3

Direct System Privileges By Database Account Report, 11.5.2.1

Hierarchical System Privileges by Database Account Report, 11.5.2.3

Object Access By PUBLIC Report, 11.5.1.1

Object Access Not By PUBLIC Report, 11.5.1.2

OS Security Vulnerability Privileges, 11.5.5.11

Password History Access Report, 11.5.5.6

Privileges Distribution By Grantee Report, 11.5.4.1, 11.5.4.1, 11.5.4.1

Privileges Distribution By Grantee, Owner Report, 11.5.4.2, 11.5.4.2

Privileges Distribution By Grantee, Owner, Privilege Report, 11.5.4.3, 11.5.4.3

Roles/Accounts That Have a Given Role Report, 11.5.5.8

Security Policy Exemption Report, 11.5.5.3

WITH ADMIN Privilege Grants Report, 11.5.5.1

WITH GRANT Privileges Report, 11.5.5.7

solution for lockouts, B.1

suggested, D.3

SYSMAN, 4.2

Database Accounts With Catalog Roles Report, 11.5.5.9

database configuration

monitoring changes, 10.2

database definition language (DDL)

statements

controlling with command rules, 6.1

database domains, Database_Domain default factor, 7.2

database objects

Oracle Database Vault, D

reports

Object Dependencies Report, 11.5.1.4

E

e-mail alerts in rule set, 5.8

enabling system features with Enabled default rule set, 5.2

encrypted information, 11.5.9.5

enterprise identities, Enterprise_Identity default factor, 7.2

Enterprise Manager

See Oracle Enterprise Manager

errors

DVSYS.DBMS_MACUTL.RAISE_UNAUTHORIZED_OPERATION function, G.2

factor error options, 7.3

rule set error options, 5.3

troubleshooting, J

event handler

rule sets, 5.3

example of using Oracle Database Vault, 3.2

examples

command rules, 6.7

database account creation scenarios, D.3.1

e-mail alert in rule set, 5.8

factors, 7.8

realms, 4.11

rule sets, 5.8

secure application roles, 8.6

EXECUTE ANY PROCEDURE privilege, securing for external C callouts, I.3.8.1

EXECUTE ANY PROCEDURE privilege, securing for Java stored procedures, I.3.7.1

Execute Privileges to Strong SYS Packages Report, 11.5.3.1

EXECUTE_CATALOG_ROLE role, 11.5.5.9

EXEMPT ACCESS POLICY system privilege, 11.5.5.3

external C callouts

EXECUTE ANY PROCEDURE privilege, I.3.8.1

security considerations, I.3.8

F

Factor Audit Report, 11.4.2.3

Factor Configuration Issues Report, 11.4.1.2

Factor Without Identities Report, 11.4.1.3

factors

about, 7.1

assignment, 7.3

disabled rule set, 11.4.1.2

incomplete rule set, 11.4.1.2

validate, 7.3

assignment operation, 11.4.2.3

audit events, custom, A.4.1

audit options, 7.3

child factors

about, 7.3

Factor Configuration Issues Report, 11.4.1.2

mapping, 7.5.2, 7.5.2

creating, 7.3

default factors, 7.2

deleting, 7.6

domain, finding with DVF.F$DOMAIN, H.2

editing, 7.4

error options, 7.3

evaluate, 7.3

evaluation operation, 11.4.2.3

example, 7.8

factor type

about, 7.3

selecting, 7.3

factor-identity pair mapping, 7.5.2

functionality, 7.7

functions

DVSYS.DBMS_MACADM (configuration), E.4

DVSYS.DBMS_MACUTL (utility), G

DVSYS.DBMS_MACUTL fields (constants), G.1

guidelines, 7.9

identifying using child factors, 7.5.2

identities

about, 7.3

adding to factor, 7.5

assigning, 7.3

configuring, 7.5.1

creating, 7.5.1

database session, 7.3

deleting, 7.5.1

determining with DVSYS.GET_FACTOR, 7.3

editing, 7.5.1

enterprise-wide users, H.2

how factor identities work, 7.3

labels, 7.3, 7.5.1

mapping, 7.3, 7.5.2

Oracle Label Security labels, 7.3

reports, 7.11

resolving, 7.3

retrieval methods, 7.3

setting dynamically, H.1.1

trust levels, 7.3, 7.5.1

with Oracle Label Security, 7.3

initialization, command rules, 6.1

invalid audit options, 11.4.1.2

label, 11.4.1.2

naming, 7.3

Oracle Virtual Private Database, attaching factors to, 9.3

parent factors, 7.3

performance effect, 7.10

process flow, 7.7

reports, 7.11

retrieving, 7.7.2

retrieving with DVSYS.GET_FACTOR, H.1.2

rule sets

selecting, 7.3

used with, 7.1

setting, 7.7.3

setting with DVSYS.SET_FACTOR, H.1.1

troubleshooting

auditing report, 11.4.2.3

configuration problems, J.3

tips, J.2

type (category of factor), 7.3

validating, 7.3

values (identities), 7.1

views

DBA_DV_CODE, D.4

DBA_DV_FACTOR_LINK, D.4

DBA_DV_FACTOR_TYPE, D.4

DBA_DV_IDENTITY, D.4

DBA_DV_IDENTITY_MAP, D.4

DBA_DV_MAC_POLICY_FACTOR, D.4

ways to assign, 7.3

See also rule sets

functions

command rules

DVSYS.DBMS_MACADM (configuration), E.3

DVSYS.DBMS_MACUTL (utility), G

DVSYS schema enabling, H.1

factors

DVSYS.DBMS_MACADM (configuration), E.4

DVSYS.DBMS_MACUTL (utility), G

Oracle Label Security policy

DVSYS.DBMS_MACADM (configuration), E.6

realms

DVSYS.DBMS_MACADM (configuration), E.1

DVSYS.DBMS_MACUTL (utility), G

rule sets

DVSYS.DBMS_MACADM (configuration), E.2

DVSYS.DBMS_MACUTL (utility), G

PL/SQL functions for inspecting SQL, H.3

secure application roles

DVSYS.DBMS_MACADM (configuration), E.5

DVSYS.DBMS_MACSEC_ROLES (configuration), F

DVSYS.DBMS_MACUTL (utility), G

G

general security reports, 11.5

GRANT statement

monitoring, 10.3

guidelines

ALTER SESSION privilege, I.3.6

ALTER SYSTEM privilege, I.3.6

command rules, 6.8

CREATE ANY JOB privilege, I.3.3

CREATE EXTERNAL JOB privilege, I.3.4

CREATE JOB privilege, I.3.3

DBMS_FILE_TRANSFER package, I.3.1

factors, 7.9

general security, I

Java stored procedures, I.3.7

LogMiner packages, I.3.5

Oracle software owner, I.2.2

performance effect, 7.10

realms, 4.13

recycle bin, I.3.2

root user access, I.2.1

rule sets, 5.9

secure application roles, 8.3

SELECT_CATALOG_ROLE role, I.3.2

SYSDBA access, I.2.3

SYSOPER access, I.2.4

trusted accounts and roles, I.1

UTL_FILE package, I.3.1

H

hackers

See intruders

Hierarchical System Privileges by Database Account Report, 11.5.2.3

host names

finding with DVF.F$DATABASE_HOSTNAME, H.2

I

identifiers, converting to legal Oracle with DVSYS.DBMS_MACUTL.TO_ORACLE_IDENTIFIER function, G.2

identities

See factors, identities

Identity Configuration Issues Report, 11.4.1.4

IDLE_TIME resource profile, 11.5.6.2

incomplete rule set, 11.4.1.2

role enablement, 11.4.1.7

initialization parameters

Allow System Parameters default rule set, 5.2

modified after installation, 2.1

modified by Oracle Database Vault, 2.1.1

reports, 11.5.6

insider threats

See intruders

installations

security considerations, I.3

intruders

Denial of Service attacks

finding tablespace quotas, 11.5.9.6

denial-of-service attacks

finding system resource limits, 11.5.6.3

eliminating audit trail, 11.5.5.10

monitoring security violations, 10.1

Oracle Database Vault addressing insider threats, 1.4

reports

AUDIT Privileges Report, 11.5.5.10

Objects Dependent on Dynamic SQL Report, 11.5.9.3

Privileges Distribution By Grantee, Owner Report, 11.5.4.2

Unwrapped PL/SQL Package Bodies Report, 11.5.9.4

SQL injection attacks, 11.5.9.3

tracking

with factor auditing, 7.3

with rule set auditing, 5.3

IP addresses

Client_IP default factor, 7.2

defined with factors, 7.1

J

Java Policy Grants Report, 11.5.9.1

Java stored procedures

EXECUTE ANY PROCEDURE privilege, I.3.7.1

guidelines on managing, I.3.7

realm protections, 4.9

L

Label Security Integration Audit Report, 11.4.2.4

labels

about, 7.5.1

M

maintenance on Oracle Database Vault, B.1

managing user accounts and profiles on own account, Can Maintain Own Accounts default rule set, 5.2

managing user accounts and profiles, Can Maintain Accounts/Profiles default rule set, 5.2

mapping identities, 7.5.2

monitoring

activities, 10

N

nested rules, 5.7.2

network protocol

finding with DVF.F$NETWORK_PROTOCOL, H.2

network protocol, Network_Protocol default factor, 7.2

NOAUDIT statement

monitoring, 10.3

Non-Owner Object Trigger Report, 11.5.9.7

nonsystem database accounts, 11.5.1.3

O

Object Access By PUBLIC Report, 11.5.1.1

Object Access Not By PUBLIC Report, 11.5.1.2

Object Dependencies Report, 11.5.1.4

object owners

nonexistent, 11.4.1.1

reports

Command Rule Configuration Issues Report, 11.4.1.1

object privilege reports, 11.5.1

objects

auditing policies, A.1

command rule objects

name, 6.4

owner, 6.4

processing, 6.6

dynamic SQL use, 11.5.9.3

monitoring, 10.3

object names

finding with DVSYS.DV_DICT_OBJ_NAME, H.3

object owners

finding with DVSYS.DV_DICT_OBJ_OWNER, H.3

object privileges

checking with DVSYS.DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function, G.2

realms

functions for registering, E.1

object name, 4.5

object owner, 4.5

object type, 4.5

reports

Access to Sensitive Objects Report, 11.5.3.2

Accounts with SYSDBA/SYSOPER Privilege Report, 11.5.3.4

Direct Object Privileges Report, 11.5.1.3

Execute Privileges to Strong SYS Packages Report, 11.5.3.1

Non-Owner Object Trigger Report, 11.5.9.7

Object Access By PUBLIC Report, 11.5.1.1

Object Access Not By PUBLIC Report, 11.5.1.2

Object Dependencies Report, 11.5.1.4

Objects Dependent on Dynamic SQL Report, 11.5.9.3

OS Directory Objects Report, 11.5.9.2

privilege, 11.5.1

Public Execute Privilege To SYS PL/SQL Procedures Report, 11.5.3.3

sensitive, 11.5.3

System Privileges By Privilege Report, 11.5.2.5

types

finding with DVSYS.DV_DICT_OBJ_TYPE, H.3

views, DBA_DV_REALM_OBJECT, D.4

P

parameters

modified after installation, 2.1

reports

Security Related Database Parameters Report, 11.5.6.1

parent factors

See factors

Password History Access Report, 11.5.5.6

passwords

forgotten, solution for, B.1

reports, 11.5.7

Database Account Default Password Report, 11.5.7.1

Password History Access Report, 11.5.5.6

Username/Password Tables Report, 11.5.9.5

patches

security consideration, I.3

performance

rule sets, order of rule run, 5.7.2

performance effect

command rules, 6.9

realms, 4.14

reports

Resource Profiles Report, 11.5.6.2

System Resource Limits Report, 11.5.6.3

rule sets, 5.10

secure application roles, 8.7

performance tools

Database Control, realms, 4.14

Oracle Enterprise Manager

command rules, 6.9

factors, 7.10

realms, 4.14

rule sets, 5.10

secure application roles, 8.7

Oracle Enterprise Manager Database Control

command rules, 6.9

factors, 7.10

rule sets, 5.10

secure application roles, 8.7

STATSPACK utility

command rules, 6.9

factors, 7.10

realms, 4.14

rule sets, 5.10

secure application roles, 8.7

TKPROF utility

command rules, 6.9

factors, 7.10

realms, 4.14

rule sets, 5.10

secure application roles, 8.7

PL/SQL

packages

summarized, H.4

unwrapped bodies, 11.5.9.4

Unwrapped PL/SQL Package Bodies Report, 11.5.9.4

PL/SQL factor functions, H.2

policy changes, monitoring, 10.3, 10.4

port number

finding, 3.1

Oracle Database Vault, 3.1

privileges

ANY privileges, D.2.6

auditing policies, A.1

checking with DVSYS.DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function, G.2

least privilege principle

violations to, 11.5.9.1

monitoring

GRANT statement, 10.3

REVOKE statement, 10.3

Oracle Database Vault restricting, 2.2

reports

Accounts With DBA Roles Report, 11.5.5.2

ALTER SYSTEM or ALTER SESSION Report, 11.5.5.5

ANY System Privileges for Database Accounts Report, 11.5.2.4

AUDIT Privileges Report, 11.5.5.10

Database Accounts With Catalog Roles Report, 11.5.5.9

Direct and Indirect System Privileges By Database Account Report, 11.5.2.2

Direct System Privileges By Database Account Report, 11.5.2.1

Hierarchical System Privileges By Database Account Report, 11.5.2.3

listed, 11.5.4

OS Directory Objects Report, 11.5.9.2

Privileges Distribution By Grantee Report, 11.5.4.1

Privileges Distribution By Grantee, Owner Report, 11.5.4.2

Privileges Distribution By Grantee, Owner, Privilege Report, 11.5.4.3

WITH ADMIN Privilege Grants Report, 11.5.5.1

WITH GRANT Privileges Report, 11.5.5.7

roles

checking with DVSYS.DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function, G.2

system

checking with DVSYS.DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function, G.2

views

DBA_DV_PUB_PRIVS, D.4

DBA_DV_USER_PRIVS, D.4

DBA_DV_USER_PRIVS_ALL, D.4

Privileges Distribution By Grantee Report, 11.5.4.1

Privileges Distribution By Grantee, Owner Report, 11.5.4.2

Privileges Distribution By Grantee, Owner, Privilege Report, 11.5.4.3

privileges using external password, 11.5.3.4

problems, diagnosing, J.1

profiles, 11.5.6

proxy users

finding with DVF.F$PROXYUSER, H.2

Public Execute Privilege To SYS PL/SQL Procedures Report, 11.5.3.3

Q

quotas

tablespace, 11.5.9.6

R

RAC

See Oracle Real Application Clusters (RAC)

Realm Audit Report, 11.4.2.1

Realm Authorization Configuration Issues Report, 11.4.1.5

realms

about, 4.1

audit events, custom, A.4.1

authentication-related functions, E.1

authorization

how realm authorizations work, 4.10

process flow, 4.10

troubleshooting, J.2

updating with DVSYS.DBMS_MACADM.UPDATE_REALM_AUTH, E.1

authorizations

grantee, 4.6

rule set, 4.6

creating, 4.3

default realms, 4.2

deleting, 4.8

disabling, 4.7

DV_REALM_OWNER role, D.2.3

DV_REALM_RESOURCE role, D.2.4

editing, 4.4

effect on other Oracle Database Vault components, 4.12

enabling, 4.7

example, 4.11

functions

DVSYS.DBMS_MACADM (configuration), E.1, E.1

DVSYS.DBMS_MACUTL (utility), G

DVSYS.DBMS_MACUTL fields (constants), G.1

guidelines, 4.13

how realms work, 4.9

Java stored procedures, 4.9

object-related functions, E.1

performance effect, 4.14

process flow, 4.9

realm authorizations

about, 4.6

realm secured objects

deleting, 4.5

editing, 4.5

object name, 4.5

object owner, 4.5

object type, 4.5

realm system authorizations

creating, 4.6

deleting, 4.6

editing, 4.6

realm-secured objects, 4.5

reports, 4.15

roles

DV_REALM_OWNER, D.2.3

DV_REALM_RESOURCE, D.2.4

secured object, 11.4.1.5

territory a realm protects, 4.5

troubleshooting, J.2, J.3

updating with DVSYS.DBMS_MACADM.UPDATE_REALM, E.1

views

DBA_DV_CODE, D.4

DBA_DV_REALM, D.4

DBA_DV_REALM_AUTH, D.4

DBA_DV_REALM_OBJECT, D.4, D.4

See also rule sets

RECOVERY_CATALOG_OWNER role, 11.5.5.9

recycle bin, guidelines on managing, I.3.2

REMOTE_LOGIN_PASSWORDFILE initialization parameter, 2.1.1

REMOTE_OS_AUTHENT initialization parameter, 2.1.1

REMOTE_OS_ROLES initialization parameter, 2.1.1

reporting menu

report results page, 11.3

parameter, 11.3

reports

about, 11.1

Access to Sensitive Objects Report, 11.5.3.2

Accounts With DBA Roles Report, 11.5.5.2

Accounts with SYSDBA/SYSOPER Privilege Report, 11.5.3.4

ALTER SYSTEM or ALTER SESSION Report, 11.5.5.5

ANY System Privileges for Database Accounts Report, 11.5.2.4

AUDIT Privileges Report, 11.5.5.10

auditing, 11.4.2

BECOME USER Report, 11.5.5.4

categories of, 11.1

Command Rule Audit Report, 11.4.2.2

Command Rule Configuration Issues Report, 11.4.1.1

Core Database Audit Report, 11.5.8

Core Database Vault Audit Trail Report, 11.4.2.5

Database Account Default Password Report, 11.5.7.1

Database Account Status Report, 11.5.7.2

Database Accounts With Catalog Roles Report, 11.5.5.9

Direct and Indirect System Privileges By Database Account Report, 11.5.2.2

Direct Object Privileges Report, 11.5.1.3

Direct System Privileges By Database Account Report, 11.5.2.1

Execute Privileges to Strong SYS Packages Report, 11.5.3.1

Factor Audit Report, 11.4.2.3

Factor Configuration Issues Report, 11.4.1.2

Factor Without Identities, 11.4.1.3

general security, 11.5

Hierarchical System Privileges by Database Account Report, 11.5.2.3

Identity Configuration Issues Report, 11.4.1.4

Java Policy Grants Report, 11.5.9.1

Label Security Integration Audit Report, 11.4.2.4

Non-Owner Object Trigger Report, 11.5.9.7

Object Access By PUBLIC Report, 11.5.1.1

Object Access Not By PUBLIC Report, 11.5.1.2

Object Dependencies Report, 11.5.1.4

Objects Dependent on Dynamic SQL Report, 11.5.9.3

OS Directory Objects Report, 11.5.9.2

OS Security Vulnerability Privileges, 11.5.5.11

Password History Access Report, 11.5.5.6

permissions for running, 11.2

privilege management, 11.5.4

Privileges Distribution By Grantee Report, 11.5.4.1

Privileges Distribution By Grantee, Owner Report, 11.5.4.2

Privileges Distribution By Grantee, Owner, Privilege Report, 11.5.4.3

Public Execute Privilege To SYS PL/SQL Procedures Report, 11.5.3.3

Realm Audit Report, 11.4.2.1

Realm Authorization Configuration Issues Report, 11.4.1.5

Resource Profiles Report, 11.5.6.2

Roles/Accounts That Have a Given Role Report, 11.5.5.8

Rule Set Configuration Issues Report, 11.4.1.6

running, 11.3

Secure Application Configuration Issues Report, 11.4.1.7

Secure Application Role Audit Report, 11.4.2.6

Security Policy Exemption Report, 11.5.5.3

Security Related Database Parameters, 11.5.6.1

security vulnerability, 11.5.9

System Privileges By Privilege Report, 11.5.2.5

System Resource Limits Report, 11.5.6.3

Tablespace Quotas Report, 11.5.9.6

Unwrapped PL/SQL Package Bodies Report, 11.5.9.4

Username /Password Tables Report, 11.5.9.5

WITH ADMIN Privileges Grants Report, 11.5.5.1

WITH GRANT Privileges Report, 11.5.5.7

required parameters page

% wildcard, 11.3

Resource Profiles Report, 11.5.6.2

resources

reports

Resource Profiles Report, 11.5.6.2

System Resource Limits Report, 11.5.6.3

REVOKE statement

monitoring, 10.3

roles

catalog-based, 11.5.5.9

Database Vault default roles, D.2.1

privileges, checking with DVSYS.DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function, G.2

role enablement in incomplete rule set, 11.4.1.7

role-based system privileges, 11.5.2.3

Roles/Accounts That Have a Given Role Report, 11.5.5.8

root access, guidelines on managing, I.2.1

Rule Set Configuration Issues Report, 11.4.1.6

rule sets

about, 5.1

adding existing rules, 5.5.2

audit options, 5.3

command rules

disabled, 11.4.1.1

selecting for, 6.4

used with, 6.1

CONNECT role configured incorrectly, solution for, B.1

creating, 5.3

rules in, 5.5.1

default rule sets, 5.2

deleting

rule set, 5.6

rules from, 5.5.1, 5.5.1

disabled for

factor assignment, 11.4.1.2

realm authorization, 11.4.1.5

editing

rule sets, 5.4

rules in, 5.5.1

error options, 5.3

evaluation of rules, 5.5

evaluation options, 5.3

event handlers, 5.3

events firing, finding with DVSYS.DV_SYSEVENT, H.3

examples, 5.8

factors, selecting for, 7.3

factors, used with, 7.1

fail code, 5.3

fail message, 5.3

functions

DVSYS.DBMS_MACADM (configuration), E.2, E.2

DVSYS.DBMS_MACUTL (utility), G

DVSYS.DBMS_MACUTL fields (constants), G.1

PL/SQL functions for rule sets, H.3

guidelines, 5.9

how rule sets work, 5.7.1

incomplete, 11.4.1.1

naming, 5.3

nested rules, 5.7.3

order of rules run

performance, 5.7.2

setting, 5.7.2

performance effect, 5.10

process flow, 5.7.1

reports, 5.11

rules that exclude one user, 5.7.4

template creation, 5.3

troubleshooting, J.2, J.3

views

DBA_DV_RULE, D.4

DBA_DV_RULE_SET, D.4

DBA_DV_RULE_SET_RULE, D.4

See also command rules, factors, realms, rules, secure application roles

rules

about, 5.5

creating, 5.5.1

deleting from rule set, 5.5.1

editing, 5.5.1

existing rules, adding to rule set, 5.5.2

nested in rule sets, 5.7.2

nested within a rule set, 5.7.3

removing from rule set, 5.5.1

troubleshooting, J.2

views

DBA_DV_RULE, D.4

DBA_DV_RULE_SET_RULE, D.4

See also rule sets

S

schemas

DVF, D.1.2

DVSYS, D.1.1

Secure Application Configuration Issues Report, 11.4.1.7

secure application role, 8.1

Secure Application Role Audit Report, 11.4.2.6

secure application roles

creating, 8.2

deleting, 8.4

DVSYS.DBMS_MACSEC_ROLES.SET_ROLE function, 8.2

example, 8.6

functionality, 8.5

functions

DVSYS.DBMS_MACADM (configuration), E.5, E.5

DVSYS.DBMS_MACSEC_ROLES (configuration), F

DVSYS.DBMS_MACSEC_ROLES package, F

DVSYS.DBMS_MACUTL (utility), G, G.2

DVSYS.DBMS_MACUTL fields (constants), G.1

guidelines on managing, 8.3

performance effect, 8.7

reports, 8.8

Rule Set Configuration Issues Report, 11.4.1.6

troubleshooting, J.3

troubleshooting with auditing report, 11.4.2.6

views

DBA_DV_ROLE, D.4

T

tablespace quotas, 11.5.9.6

Tablespace Quotas Report, 11.5.9.6

templates, for rule sets, 5.3

third party products, affected by Oracle Database Vault, B.1

time data

DVSYS.DBMS_MACUTL functions, G.2

trace files

about, J.1

enabling, J.1

Transparent Data Encryption, used with Oracle Database Vault, 9.2

triggers

different from object owner account, 11.5.9.7

reports, Non-Owner Object Trigger Report, 11.5.9.7

troubleshooting

access security sessions, 11.4.2.5

auditing reports, using, 11.4.2

command rules, J.1

events, J.1

factors, J.2

general diagnostic tips, J.2

locked out accounts, B.1

passwords, forgotten, B.1

realms, J.2

rule sets, J.2

rules, J.2

secure application roles, 11.4.2.6

trust levels

about, 7.5.1

determining for identities with DVSYS.GET_TRUST_LEVEL_FOR_IDENTITY, H.1.4

determining with DVSYS.GET_TRUST_LEVEL, H.1.3

factor identity, 7.5.1

factors, 7.5.1

for factor and identity requested, H.1.4

identities, 7.3

of current session identity, H.1.3

trusted users

accounts and roles that should be limited, I.2

default for Oracle Database Vault, I.1

tutorial, 3.2

U

Unwrapped PL/SQL Package Bodies Report, 11.5.9.4

user names

reports, Username/Password Tables Report, 11.5.9.5

USER_HISTORY$ table, 11.5.5.6

Username/Password Tables Report, 11.5.9.5

users

auditing policies, A.1

enterprise identities, finding with DVF.F$PROXY_ENTERPRISE_IDENTITY, H.2

enterprise-wide identities, finding with DVF.F$ENTERPRISE_IDENTITY, H.2

finding proxy user with DVF.F$PROXYUSER, H.2

finding session user with DVF.F$SESSION_USER, H.2

utility functions

See DVSYS.DBMS_MACUTL package

UTL_FILE object, 11.5.1.4

UTL_FILE package, guidelines on managing, I.3.1

V

views

Oracle Database Vault-specific views, D.4

W

wildcard, %, 11.3

WITH ADMIN Privileges Grants Report, 11.5.5.1

WITH ADMIN status, 11.5.2.1, 11.5.2.2

WITH GRANT clause, 11.5.5.7

WITH GRANT Privileges Report, 11.5.5.7