Index

A  B  C  D  E  F  G  H  I  J  L  M  N  O  P  Q  R  S  T  U  V  W  X  

A

  • access control policy
    • reports
      • Core Database Vault Audit Report 1
  • Access to Sensitive Objects Report 1
  • accounts
    • See: database accounts
  • Accounts With DBA Roles Report 1
  • Accounts with SYSDBA/SYSOPER Privilege Report 1
  • ad hoc tools
    • preventing use of 1
  • administrators
    • DBA operations in Oracle Database Vault 1
    • restricting different types 1
  • ADRCI utility
    • Database Vault 1
  • alerts
    • email alert in rule set 1
    • Enterprise Manager Cloud Control 1
  • ALTER ROLE statement
    • monitoring 1
  • ALTER SESSION command rules
    • about 1
  • ALTER SESSION event command rules
    • creating 1
    • updating 1
  • ALTER SESSION privilege
    • enabling trace files 1
    • reports, ALTER SYSTEM or ALTER SESSION Report 1
  • ALTER SESSION statement
    • guidelines on managing privileges 1
  • ALTER SYSTEM command rules
    • deleting system event command rules 1
  • ALTER SYSTEM event command rules
    • creating 1
    • updating 1
  • ALTER SYSTEM or ALTER SESSION Report 1
  • ALTER SYSTEM privilege
    • reports, ALTER SYSTEM or ALTER SESSION Report 1
  • ALTER SYSTEM statement
    • guidelines on managing privileges 1
  • ALTER USER statement
    • monitoring 1
  • ANY System Privileges for Database Accounts Report 1
  • application security
    • finding privilege use by users 1
  • AUDIT_SYS_OPERATIONS initialization parameter 1
  • AUDIT_TRAIL$ system table
    • affected by AUDIT_TRAIL initialization parameter 1
    • archiving 1
    • format 1
    • purging 1
  • auditing
    • about 1
    • archiving Database Vault audit trail
      • about 1
    • Core Database Audit Report 1
    • DBMS_MACUTL fields 1
    • factors
      • options 1
    • intruders
      • using factors 1
    • Oracle Database audit settings 1
    • purging Database Vault audit trail
      • about 1
    • realms
      • DBMS_MACUTL fields 1
      • options 1
    • reports 1
    • rule sets
      • DBMS_MACUTL fields 1
      • options 1
    • secure application roles
      • audit records 1
  • auditing policies
    • about 1
    • audit events
      • about 1
    • custom events
      • audit trail 1
    • events that are tracked 1
    • monitoring changes to 1
  • audit policy change
    • monitoring 1
  • AUDIT privilege 1
  • AUDIT Privileges Report 1
  • authentication
    • Authentication_Method default factor 1
    • command rules 1
    • method, finding with DVF.F$AUTHENTICATION_METHOD 1
    • realm procedures 1
  • authorizations
    • Oracle Data Pump activities 1
    • realms 1
    • scheduling database jobs 1
  • AUTHORIZE_MAINTENANCE_USER procedure 1

B

  • backup accounts 1
  • BECOME USER Report 1
  • BECOME USER system privilege
    • about 1
  • break-glass accounts
    • See: backup accounts

C

  • catalog-based roles 1
  • CDB_DV_STATUS view 1
  • CDBs
    • functionality in Oracle Database Vault 1
    • privilege profiles 1
    • realms
      • authorizations 1
    • rule sets 1
  • clients
    • finding IP address with DVF.F$CLIENT_IP 1
  • code groups
    • retrieving value with DBMS_MACUTL functions 1
  • Command Rule Audit Report 1
  • Command Rule Configuration Issues Report 1
  • command rules
    • about 1
    • creating 1
    • data dictionary view 1
    • data masking 1
    • default command rules 1
    • deleting 1
    • editing 1
    • functions
      • DBMS_MACUTL (utility) 1
    • guidelines 1
    • how command rules work 1
    • modifying enablement status 1
    • objects
      • name 1
      • owner 1
    • performance effect 1
    • procedures
      • DBMS_MACADM (configuration) 1
    • process flow 1
    • propagating configuration to other databases 1
    • reports 1
    • rule sets
      • selecting 1
      • used with 1
    • simulation mode 1
    • troubleshooting
      • with auditing report 1
    • tutorial 1
    • views 1 , 2
    • with PDBs 1
  • compliance
    • Oracle Database Vault addressing 1
  • computer name
    • finding with DVF.F$MACHINE 1
    • Machine default factor 1
  • configuration
    • monitoring changes 1
    • views
      • DVSYS.DV$CONFIGURATION_AUDIT 1
      • DVSYS.DV$ENFORCEMENT_AUDIT 1
      • SYS.DV$CONFIGURATION_AUDIT 1
  • CONFIGURE_DV procedure
    • about 1
    • registering Database Vault with 1 , 2
  • CONNECT command rules
    • about 1
    • example 1
  • CONNECT events, controlling with command rules 1
  • connection pooling
    • finding unnecessarily granted privileges 1
  • context profiles
    • privilege analysis 1
  • core database
    • troubleshooting with Core Database Vault Audit Report 1
  • Core Database Audit Report 1
  • Core Database Vault Audit Trail Report 1
  • CPU_PER_SESSION resource profile 1
  • CREATE ANY JOB privilege 1
  • CREATE ANY JOB statement
    • guidelines on managing privileges 1
  • CREATE EXTERNAL JOB privilege 1
  • CREATE JOB privilege 1
  • CREATE JOB statement
    • guidelines on managing privileges 1
  • CREATE ROLE statement
    • monitoring 1
  • CREATE USER statement
    • monitoring 1
  • CTXSYS schema realm protection 1

D

  • Database Account Default Password Report 1
  • database accounts
    • backup DV_OWNER and DV_ACCTMGR 1
    • configuring Database Vault accounts as enterprise users 1
    • counting privileges of 1
    • DBSNMP
      • changing password 1
      • granted DV_MONITOR role 1
    • DVSYS 1
    • LBACSYS 1
    • monitoring 1
    • reports
      • Accounts With DBA Roles Report 1
      • ALTER SYSTEM or ALTER SESSION Report 1
      • ANY System Privileges for Database Accounts Report 1
      • AUDIT Privileges Report 1
      • BECOME USER Report 1
      • Database Account Default Password Report 1
      • Database Account Status Report 1
      • Database Accounts With Catalog Roles Report 1
      • Direct and Indirect System Privileges By Database Account Report 1
      • Direct Object Privileges Report 1
      • Direct System Privileges By Database Account Report 1
      • Hierarchical System Privileges by Database Account Report 1
      • Object Access By PUBLIC Report 1
      • Object Access Not By PUBLIC Report 1
      • OS Security Vulnerability Privileges 1
      • Password History Access Report 1
      • Privileges Distribution By Grantee, Owner, Privilege Report 1
      • Privileges Distribution By Grantee, Owner Report 1
      • Privileges Distribution By Grantee Report 1
      • Roles/Accounts That Have a Given Role Report 1
      • Security Policy Exemption Report 1
      • WITH ADMIN Privilege Grants Report 1
      • WITH GRANT Privileges Report 1
    • solution for lockouts 1
    • suggested 1
  • Database Account Status Report 1
  • Database Accounts With Catalog Roles Report 1
  • database administrative operations 1
  • database domains, Database_Domain default factor 1
  • database objects
    • Oracle Database Vault 1
    • reports
      • Object Dependencies Report 1
  • database options, installing 1
  • database roles
    • about 1
    • counting privileges of 1
    • default Oracle Database Vault 1
    • DV_ACCTMGR
      • about 1
    • DV_ADMIN 1
    • DV_AUDIT_CLEANUP 1
    • DV_DATAPUMP_NETWORK_LINK 1
    • DV_GOLDENGATE_ADMIN 1
    • DV_GOLDENGATE_REDO_ACCESS 1
    • DV_MONITOR 1
    • DV_OWNER 1
    • DV_PATCH_ADMIN 1
    • DV_POLICY_OWNER 1
    • DV_PUBLIC 1
    • DV_REALM_OWNER 1
    • DV_REALM_RESOURCE 1
    • DV_SECANALYST 1
    • DV_STREAMS_ADMIN 1
    • DV_XSTREAM_ADMIN 1
    • enabled, determining with ROLE_IS_ENABLED 1
    • granting Database Vault roles to users 1
    • monitoring 1
    • Oracle Database Vault, default 1
    • reports
      • Accounts With DBA Roles Report 1
      • ALTER SYSTEM or ALTER SESSION Report 1
      • AUDIT Privileges Report 1
      • BECOME USER Report 1
      • Database Accounts With Catalog Roles Report 1
      • OS Security Vulnerability Privileges 1
      • Privileges Distribution By Grantee Report 1
      • Roles/Accounts That Have a Given Role Report 1
      • Security Policy Exemption Report 1
      • WITH ADMIN Privilege Grants Report 1
    • separation of duty enforcement 1
  • databases
    • defined with factors 1
    • domain, Domain default factor 1
    • event monitoring 1
    • grouped schemas
      • See realms 1
    • host names, Database_Hostname default factor 1
    • instance, retrieving information with functions 1
    • instances
      • Database_Instance default factor 1
      • names, finding with DVF.F$DATABASE_INSTANCE 1
      • number, finding with DV_INSTANCE_NUM 1
    • IP addresses
      • Database_IP default factor 1
      • retrieving with DVF.F$DATABASE_IP 1
    • monitoring events 1
    • names
      • Database_Name default factor 1
      • retrieving with DV_DATABASE_NAME 1
      • retrieving with DVF.F$DATABASE_NAME 1
    • parameters
      • Security Related Database Parameters Report 1
    • roles that do not exist 1
    • schema creation, finding with DVF.F$IDENTIFICATION_TYPE 1
    • schema creation, Identification_Type default factor 1
    • user name, Session_User default factor 1
  • database sessions
    • controlling with Allow Sessions default rule set 1
    • factor evaluation 1
    • session user name, Proxy_User default factor 1
  • Database Vault
    • See: Oracle Database Vault
  • Database Vault Account Management realm 1
  • Database Vault command rule protections 1
  • Database Vault realm protection 1
  • Database Vault realm protections 1
  • data definition language (DDL)
    • statement
      • controlling with command rules 1
  • Data Definition Language (DDL) statements
    • Database Vault authorization
      • DBA_DV_DDL_AUTH view 1
      • granting 1
      • revoking 1
  • Data Dictionary realm
    • data masking 1
  • data manipulation language (DML)
    • statement
      • checking with DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED function 1
      • controlling with command rules 1
  • data masking
    • about 1
    • adding users to realms for 1
    • creating command rule for 1
    • errors that can appear 1
  • data Oracle Database Vault recognizes
    • See: factors
  • DBA_DV_CODE view 1
  • DBA_DV_COMMAND_RULE view 1 , 2
  • DBA_DV_DATAPUMP_AUTH view 1
  • DBA_DV_DDL_AUTH view 1
  • DBA_DV_DICTIONARY_ACCTS view 1
  • DBA_DV_FACTOR_LINK 1
  • DBA_DV_FACTOR_LINK view 1
  • DBA_DV_FACTOR_TYPE view 1
  • DBA_DV_FACTOR view 1
  • DBA_DV_IDENTITY_MAP view 1
  • DBA_DV_IDENTITY view 1
  • DBA_DV_JOB_AUTH view 1
  • DBA_DV_MAC_POLICY_FACTOR view 1
  • DBA_DV_MAC_POLICY view 1
  • DBA_DV_MAINTENANCE_AUTH view 1
  • DBA_DV_ORADEBUG view 1
  • DBA_DV_PATCH_ADMIN_AUDIT view 1
  • DBA_DV_POLICY_LABEL view 1
  • DBA_DV_POLICY_OBJECT view 1
  • DBA_DV_POLICY_OWNER view 1
  • DBA_DV_POLICY view 1
  • DBA_DV_PROXY_AUTH view 1
  • DBA_DV_PUB_PRIVS view 1
  • DBA_DV_REALM_AUTH view 1
  • DBA_DV_REALM_OBJECT view 1
  • DBA_DV_REALM view 1
  • DBA_DV_ROLE view 1
  • DBA_DV_RULE_SET_RULE view 1
  • DBA_DV_RULE_SET view 1
  • DBA_DV_RULE view 1
  • DBA_DV_SIMULATION_LOG view 1
  • DBA_DV_STATUS view 1
  • DBA_DV_TTS_AUTH view 1
  • DBA_DV_USER_PRIVS_ALL view 1
  • DBA_DV_USER_PRIVS view 1
  • DBA_USERS_WITH_DEFPWD data dictionary view
    • access to in Oracle Database Vault 1
  • DBA role
    • impact of Oracle Database Vault installation 1
  • DBMS_FILE_TRANSFER package, guidelines on managing 1
  • DBMS_MACADM.ADD_AUTH_TO_REALM procedure 1
  • DBMS_MACADM.ADD_CMD_RULE_TO_POLICY procedure 1 , 2
  • DBMS_MACADM.ADD_FACTOR_LINK procedure 1
  • DBMS_MACADM.ADD_NLS_DATA
    • procedure 1
  • DBMS_MACADM.ADD_NLS_DATA procedure 1
  • DBMS_MACADM.ADD_OBJECT_TO_REALM procedure 1
  • DBMS_MACADM.ADD_OWNER_TO_POLICY procedure 1
  • DBMS_MACADM.ADD_POLICY_FACTOR procedure 1
  • DBMS_MACADM.ADD_REALM_TO_POLICY procedure 1
  • DBMS_MACADM.ADD_RULE_TO_RULE_SET procedure 1
  • DBMS_MACADM.ASSIGN_ROLE procedure 1
  • DBMS_MACADM.AUTHORIZE_DATAPUMP_USER procedure 1 , 2
  • DBMS_MACADM.AUTHORIZE_DDL procedure 1
  • DBMS_MACADM.AUTHORIZE_PROXY_USER procedure 1
  • DBMS_MACADM.AUTHORIZE_SCHEDULER_USER procedure 1
  • DBMS_MACADM.AUTHORIZE_TTS_USER procedure 1
  • DBMS_MACADM.CHANGE_IDENTITY_FACTOR procedure 1
  • DBMS_MACADM.CHANGE_IDENTITY_VALUE procedure 1
  • DBMS_MACADM.CREATE_COMMAND_RULE procedure 1
  • DBMS_MACADM.CREATE_CONNECT_COMMAND_RULE procedure 1
  • DBMS_MACADM.CREATE_DOMAIN_IDENTITY procedure 1
  • DBMS_MACADM.CREATE_FACTOR_TYPE procedure 1
  • DBMS_MACADM.CREATE_FACTOR procedure 1
  • DBMS_MACADM.CREATE_IDENTITY_MAP procedure 1
  • DBMS_MACADM.CREATE_IDENTITY procedure 1
  • DBMS_MACADM.CREATE_MAC_POLICY procedure 1
  • DBMS_MACADM.CREATE_POLICY_LABEL procedure 1
  • DBMS_MACADM.CREATE_POLICY procedure 1
  • DBMS_MACADM.CREATE_REALM procedure 1
  • DBMS_MACADM.CREATE_ROLE procedure 1
  • DBMS_MACADM.CREATE_RULE_SET procedure 1
  • DBMS_MACADM.CREATE_RULE procedure 1
  • DBMS_MACADM.CREATE_SESSION_EVENT_CMD_RULE procedure 1
  • DBMS_MACADM.CREATE_SYSTEM_EVENT_CMD_RULE procedure 1
  • DBMS_MACADM.DELETE_AUTH_FROM_REALM procedure 1
  • DBMS_MACADM.DELETE_COMMAND_RULE procedure 1
  • DBMS_MACADM.DELETE_CONNECT_COMMAND_RULE procedure 1
  • DBMS_MACADM.DELETE_FACTOR_LINK procedure 1
  • DBMS_MACADM.DELETE_FACTOR_TYPE procedure 1
  • DBMS_MACADM.DELETE_FACTOR procedure 1
  • DBMS_MACADM.DELETE_IDENTITY_MAP procedure 1
  • DBMS_MACADM.DELETE_IDENTITY procedure 1
  • DBMS_MACADM.DELETE_MAC_POLICY_CASCADE procedure 1
  • DBMS_MACADM.DELETE_OBJECT_FROM_REALM procedure 1
  • DBMS_MACADM.DELETE_OWNER_FROM_POLICY procedure 1
  • DBMS_MACADM.DELETE_POLICY_FACTOR procedure 1
  • DBMS_MACADM.DELETE_POLICY_LABEL procedure 1
  • DBMS_MACADM.DELETE_REALM_CASCADE procedure 1
  • DBMS_MACADM.DELETE_REALM_FROM_POLICY procedure 1
  • DBMS_MACADM.DELETE_REALM procedure 1
  • DBMS_MACADM.DELETE_ROLE procedure 1
  • DBMS_MACADM.DELETE_RULE_FROM_RULE_SET procedure 1
  • DBMS_MACADM.DELETE_RULE_SET procedure 1
  • DBMS_MACADM.DELETE_RULE procedure 1
  • DBMS_MACADM.DELETE_SESSION_EVENT_CMD_RULE procedure 1
  • DBMS_MACADM.DELETE_SYSTEM_EVENT_CMD_RULE procedure 1
  • DBMS_MACADM.DISABLE_DV_DICTIONARY_ACCTS procedure 1
  • DBMS_MACADM.DISABLE_DV_PATCH_ADMIN_AUDIT procedure 1
  • DBMS_MACADM.DISABLE_DV procedure 1
  • DBMS_MACADM.DISABLE_ORADEBUG procedure 1
  • DBMS_MACADM.DROP_DOMAIN_IDENTITY procedure 1
  • DBMS_MACADM.DROP_POLICY procedure 1
  • DBMS_MACADM.ENABLE_DV_DICTIONARY_ACCTS procedure 1
  • DBMS_MACADM.ENABLE_DV procedure
    • about 1
    • registering Database Vault with 1 , 2 , 3
  • DBMS_MACADM.ENABLE_ORADEBUG procedure 1
  • DBMS_MACADM.ENSABLE_DV_PATCH_ADMIN_AUDIT procedure 1
  • DBMS_MACADM.GET_INSTANCE_INFO function 1
  • DBMS_MACADM.GET_SESSION_INFO function 1
  • DBMS_MACADM.RENAME_FACTOR_TYPE procedure 1
  • DBMS_MACADM.RENAME_FACTOR procedure 1
  • DBMS_MACADM.RENAME_POLICY procedure 1
  • DBMS_MACADM.RENAME_REALM procedure 1
  • DBMS_MACADM.RENAME_ROLE procedure 1
  • DBMS_MACADM.RENAME_RULE_SET procedure 1
  • DBMS_MACADM.RENAME_RULE procedure 1
  • DBMS_MACADM.UNASSIGN_ROLE procedure 1
  • DBMS_MACADM.UNAUTHORIZE_DDL procedure 1
  • DBMS_MACADM.UNAUTHORIZE_PROXY_USER procedure 1
  • DBMS_MACADM.UNAUTHORIZE_SCHEDULER_USER procedure 1
  • DBMS_MACADM.UNAUTHORIZE_TTS_USER procedure 1
  • DBMS_MACADM.UPDATE_COMMAND_RULE procedure 1
  • DBMS_MACADM.UPDATE_CONNECT_COMMAND_RULE procedure 1
  • DBMS_MACADM.UPDATE_FACTOR_TYPE procedure 1
  • DBMS_MACADM.UPDATE_FACTOR procedure 1
  • DBMS_MACADM.UPDATE_IDENTITY procedure 1
  • DBMS_MACADM.UPDATE_MAC_POLICY procedure 1
  • DBMS_MACADM.UPDATE_POLICY_DESCRIPTION procedure 1
  • DBMS_MACADM.UPDATE_POLICY_STATE procedure 1
  • DBMS_MACADM.UPDATE_REALM_AUTH procedure 1
  • DBMS_MACADM.UPDATE_REALM procedure 1
  • DBMS_MACADM.UPDATE_ROLE procedure 1
  • DBMS_MACADM.UPDATE_RULE_SET procedure 1
  • DBMS_MACADM.UPDATE_RULE procedure 1
  • DBMS_MACADM.UPDATE_SESSION_EVENT_CMD_RULE procedure 1
  • DBMS_MACADM.UPDATE_SYSTEM_EVENT_CMD_RULE procedure 1
  • DBMS_MACADM package
    • about 1
    • command rule procedures, listed 1
    • factor procedures, listed 1
    • Oracle Label Security policy procedures, listed 1
    • realm procedures, listed 1
    • rule set procedures, listed 1
    • secure application role procedures, listed 1
  • DBMS_MACADM PL/SQL package contents 1
  • DBMS_MACSEC_ROLES.CAN_SET_ROLE function 1
  • DBMS_MACSEC_ROLES.SET_ROLE procedure 1
  • DBMS_MACSEC_ROLES package
    • about 1
    • functions, listed 1
  • DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED procedure 1
  • DBMS_MACUTL.GET_CODE_VALUE function 1
  • DBMS_MACUTL.GET_DAY function 1
  • DBMS_MACUTL.GET_HOUR function 1
  • DBMS_MACUTL.GET_MINUTE function 1
  • DBMS_MACUTL.GET_MONTH function 1
  • DBMS_MACUTL.GET_SECOND function 1
  • DBMS_MACUTL.GET_YEAR function 1
  • DBMS_MACUTL.IS_ALPHA function 1
  • DBMS_MACUTL.IS_DIGIT function 1
  • DBMS_MACUTL.IS_DVSYS_OWNER function 1
  • DBMS_MACUTL.IS_OLS_INSTALLED_VARCHAR function 1
  • DBMS_MACUTL.IS_OLS_INSTALLED function 1
  • DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function 1
  • DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function 1
  • DBMS_MACUTL.USER_HAS_ROLE function 1
  • DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function 1
  • DBMS_MACUTL package
    • about 1
    • constants (fields)
      • examples 1
      • listed 1
    • procedures and functions, listed 1
  • DBMS_MACUTL PL/SQL package contents 1
  • DBMS_PRIVILEGE_CAPTURE PL/SQL package 1
  • DBSNMP schema realm protection 1
  • DBSNMP user account
    • changing password 1
    • granted DV_MONITOR role 1
  • deinstallation 1
  • deinstalling Oracle Database Vault 1
  • DELETE_CATALOG_ROLE role 1
  • deleting event command rules 1
  • Denial of Service (DoS) attacks
    • reports
      • System Resource Limits Report 1
      • Tablespace Quotas Report 1
  • Direct and Indirect System Privileges By Database Account Report 1
  • Direct Object Privileges Report 1
  • direct system privileges 1
  • Direct System Privileges By Database Account Report 1
  • disabling system features with Disabled default rule set 1
  • domains
    • defined with factors 1
    • finding database domain with DVF.F$DATABASE_DOMAIN 1
    • finding with DVF.F$DOMAIN 1
  • DROP ROLE statement
    • monitoring 1
  • DROP USER statement
    • monitoring 1
  • dual key connection, dual key security
    • See: two-person integrity (TPI)
  • DV_ACCTMGR role
    • about 1
    • backup account 1
    • Database Vault disabled 1
    • GRANT and REVOKE operations affected by 1
    • privileges associated with 1
    • realm protection 1
  • DV_ADMIN role
    • about 1
    • changing password for user granted DV_ADMIN 1
    • Database Vault disabled 1 , 2
    • GRANT and REVOKE operations affected by 1
    • privileges associated with 1
  • DV_AUDIT_CLEANUP role
    • about 1
    • Database Vault disabled 1 , 2 , 3
    • GRANT and REVOKE operations affected by 1
    • privileges associated with 1
  • DV_DATAPUMP_NETWORK_LINK role
    • about 1
    • Database Vault disabled 1
    • GRANT and REVOKE operations affected by 1
    • privileges associated with 1
  • DV_GOLDENDATE_REDO role
    • privileges associated with 1
  • DV_GOLDENDGATE_ADMIN role
    • Database Vault disabled 1
  • DV_GOLDENGATE_ADMIN role
    • GRANT and REVOKE operations affected by 1
    • privileges associated with 1
  • DV_GOLDENGATE_REDO_ACCESS role
    • Database Vault disabled 1
    • GRANT and REVOKE operations affected by 1
  • DV_MONITOR role
    • about 1
    • Database Vault disabled 1
    • GRANT and REVOKE operations affected by 1
    • privileges associated with 1
  • DV_OWNER role
    • about 1
    • backup account 1
    • changing password for user granted DV_OWNER 1
    • Database Vault disabled 1
    • GRANT and REVOKE operations affected by 1
    • privileges associated with 1
  • DV_PATCH_ADMIN role
    • Database Vault disabled 1
    • GRANT and REVOKE operations affected by 1
    • privileges associated with 1
  • DV_POLICY_OWNER role
    • about 1
    • GRANT and REVOKE operations affected by 1
    • privileges associated with 1
  • DV_PUBLIC role 1
  • DV_REALM_OWNER role
    • Database Vault disabled 1
    • GRANT and REVOKE operations affected by 1
    • privileges associated with 1
  • DV_REALM_RESOURCE role
    • Database Vault disabled 1
    • GRANT and REVOKE operations affected by 1
    • privileges associated with 1
  • DV_SECANALYST role
    • about 1
    • Database Vault disabled 1
    • GRANT and REVOKE operations affected by 1
    • privileges associated with 1
  • DV_STREAMS_ADMIN role
    • Database Vault disabled 1
    • GRANT and REVOKE operations affected by 1
    • privileges associated with 1
  • DV_XSTREAM_ADMIN role
    • Database Vault disabled 1
    • GRANT and REVOKE operations affected by 1
    • privileges associated with 1
  • DVF account
    • auditing policy 1
    • database accounts 1
  • DVF PL/SQL interface contents 1
  • DVF schema
    • about 1
    • auditing policy 1
    • DBA_DV_DICTIONARY_ACCTS view 1
    • PDBs 1
    • protecting 1
    • realm protection 1
  • DVSYS.DBA_DV_FACTOR_LINK view 1
  • DVSYS.DV$CONFIGURATION_AUDIT view 1
  • DVSYS.DV$ENFORCEMENT_AUDIT view 1
  • DVSYS.DV$REALM view 1
  • DVSYS.POLICY_OWNER_POLICY view 1
  • DVSYS.POLICY_OWNER_REALM_AUTH view 1
  • DVSYS.POLICY_OWNER_REALM_OBJECT view 1
  • DVSYS.POLICY_OWNER_REALM view 1
  • DVSYS.POLICY_OWNER_RULE_SET_RULE view 1
  • DVSYS.POLICY_OWNER_RULE_SET view 1
  • DVSYS.POLICY_OWNER_RULE view 1
  • DVSYS account 1
  • DVSYS schema
    • about 1
    • auditing policy 1
    • CDBs 1
    • DBA_DV_DICTIONARY_ACCTS view 1
    • DV_OWNER role 1
    • DV_POLICY_OWNER role 1
    • PDBs 1 , 2
    • protecting 1
    • realm protection 1

E

  • email alert in rule set 1
  • enabling system features with Enabled default rule set 1
  • encrypted information 1
  • enterprise identities, Enterprise_Identity default factor 1
  • Enterprise Manager
    • See: Oracle Enterprise Manager
  • enterprise user security
    • configuring Database Vault accounts for 1
  • errors
    • factor error options 1
  • event handler
    • rule sets 1
  • example 1
  • examples
    • DBMS_MACUTL constants 1
    • realms 1
    • separation of duty matrix 1
    • trace files 1 , 2 , 3
  • EXECUTE_CATALOG_ROLE role
    • impact of Oracle Database Vault installation 1
  • Execute Privileges to Strong SYS Packages Report 1
  • EXEMPT ACCESS POLICY system privilege 1
  • exporting data
    • See: Oracle Data Pump
  • external network services, fine-grained access to
    • example using email alert 1

F

  • Factor Audit Report 1
  • Factor Configuration Issues Report 1
  • factors
    • about 1
    • assignment
      • disabled rule set 1
      • incomplete rule set 1
      • validate 1
    • assignment operation 1
    • audit events, custom 1
    • audit options 1
    • child factors
      • about 1
      • Factor Configuration Issues Report 1
      • mapping 1
    • creating 1
    • creating names 1
    • data dictionary views 1
    • DBA_DV_FACTOR view 1
    • DBA_DV_SIMULATION_LOG view 1
    • DBMS_MACUTL constants, example of 1
    • default factors 1
    • deleting 1
    • domain, finding with DVF.F$DOMAIN 1
    • error options 1
    • evaluate 1
    • evaluation operation 1
    • factor-identity pair mapping 1
    • factor type
      • about 1
      • selecting 1
    • functionality 1
    • functions
      • DBMS_MACUTL (utility) 1
      • DBMS_MACUTL constants (fields) 1
    • guidelines 1
    • identifying using child factors 1
    • identities
      • about 1 , 2
      • adding to factor 1
      • assigning 1
      • configuring 1
      • creating 1
      • database session 1
      • data dictionary views 1
      • deleting 1
      • enterprise-wide users 1
      • how factor identities work 1
      • labels 1
      • mapping, about 1
      • mapping, identified 1
      • mapping, procedure 1
      • mapping, tutorial 1
      • Oracle Label Security labels 1
      • reports 1
      • resolving 1
      • retrieval methods 1
      • setting dynamically 1
      • trust levels 1 , 2
      • with Oracle Label Security 1
    • initialization, command rules 1
    • invalid audit options 1
    • label 1
    • naming conventions 1
    • Oracle Virtual Private Database, attaching factors to 1
    • parent factors 1
    • performance effect 1
    • procedures
      • DBMS_MACADM (configuration) 1
    • process flow 1
    • reports 1
    • retrieving 1
    • retrieving with GET_FACTOR 1
    • rule sets
      • selecting 1
    • setting 1
    • setting with SET_FACTOR 1
    • troubleshooting
      • auditing report 1
      • configuration problems 1
      • tips 1
    • type (category of factor) 1
    • validating 1
    • values (identities) 1
    • views
      • DBA_DV_FACTOR_LINK 1
      • DBA_DV_FACTOR_TYPE 1
      • DBA_DV_IDENTITY 1
      • DBA_DV_IDENTITY_MAP 1
      • DBA_DV_MAC_POLICY_FACTOR 1
    • ways to assign 1
  • Factor Without Identities Report 1
  • FLASHBACK TABLE SQL statement 1
  • functions
    • command rules
      • DBMS_MACUTL (utility) 1
    • DVSYS schema enabling 1
    • factors
      • DBMS_MACUTL (utility) 1
    • Oracle Label Security policy
      • DBMS_MACADM (configuration) 1
    • realms
      • DBMS_MACUTL (utility) 1
    • rule sets
      • DBMS_MACADM (configuration) 1
      • DBMS_MACUTL (utility) 1
      • PL/SQL functions for inspecting SQL 1
    • secure application roles
      • DBMS_MACADM (configuration) 1
      • DBMS_MACSEC_ROLES (configuration) 1
      • DBMS_MACUTL (utility) 1

G

  • general security reports 1
  • GRANT statement
    • monitoring 1
  • guidelines
    • ALTER SESSION privilege 1
    • ALTER SYSTEM privilege 1
    • backup DV_OWNER and DV_ACCTMGR accounts 1
    • command rules 1
    • CREATE ANY JOB privilege 1
    • CREATE EXTERNAL JOB privilege 1
    • CREATE JOB privilege 1
    • DBMS_FILE_TRANSFER package 1
    • factors 1
    • general security 1
    • LogMiner packages 1
    • managing DV_OWNER and DV_ACCTMGR accounts 1
    • operating system access 1
    • Oracle software owner 1
    • performance effect 1
    • realms 1
    • root access 1
    • root user access 1
    • rule sets 1
    • secure application roles 1
    • SYSDBA access 1
    • SYSDBA privilege, limiting 1
    • SYSOPER access 1
    • SYSTEM schema and application tables 1
    • SYSTEM user account 1
    • trusted accounts and roles 1
    • using Database Vault in a production environment 1
    • UTL_FILE package 1

H

  • hackers
    • See: security attacks
  • Hierarchical System Privileges by Database Account Report 1
  • host names
    • finding with DVF.F$DATABASE_HOSTNAME 1

I

  • identities
    • See: factors, identities
  • Identity Configuration Issues Report 1
  • IDLE_TIME resource profile 1
  • IMP_FULL_DATABASE role
    • impact of Oracle Database Vault installation 1
  • importing data
    • See: Oracle Data Pump
  • incomplete rule set
    • role enablement 1
  • Information Lifecycle Management
    • authorizations, about 1
    • granting users authorization for 1
    • revoking authorization from users 1
  • initialization parameters
    • Allow System Parameters default rule set 1
    • modified after installation 1
    • modified by Oracle Database Vault 1
    • reports 1
  • insider threats
    • See: intruders
  • installations
    • Database Vault and Label Security in a multitenant environment 1
    • security considerations 1
  • intruders
    • compromising privileged accounts 1
  • IP addresses
    • Client_IP default factor 1
    • defined with factors 1

J

  • Java Policy Grants Report 1
  • jobs, scheduling
    • See: Oracle Scheduler

L

  • labels
    • about 1
  • Label Security Integration Audit Report 1
  • languages
    • adding to Oracle Database Vault 1
    • finding with DVF.F$LANG 1
    • finding with DVF.F$LANGUAGE 1
    • name
      • Lang default factor 1
      • Language default factor 1
  • LBACSYS account
    • about 1
    • auditing policy 1
  • LBACSYS schema
    • auditing policy 1
    • realm protection 1
  • locked out accounts, solution for 1
  • log files
    • Database Vault log files 1
  • logging on
    • reports, Core Database Audit Report 1
  • LogMiner packages
    • guidelines 1

M

  • managing user accounts and profiles
    • Can Maintain Accounts/Profiles default rule set 1
  • managing user accounts and profiles on own account, Can Maintain Own Accounts default rule set 1
  • mandatory realms
    • about 1
  • mapping identities 1
  • MDDATA schema realm protection 1
  • MDSYS schema realm protection 1
  • monitoring
    • activities 1
  • multitenant container databases
    • See: CDBs
  • My Oracle Support
    • about 1

N

  • naming conventions
    • factors 1
    • realms 1
    • rules 1
    • rule sets 1
  • network protocol
    • finding with DVF.F$NETWORK_PROTOCOL 1
  • network protocol, Network_Protocol default factor 1
  • NOAUDIT statement
    • monitoring 1
  • Non-Owner Object Trigger Report 1
  • nonsystem database accounts 1

O

  • Object Access By PUBLIC Report 1
  • Object Access Not By PUBLIC Report 1
  • Object Dependencies Report 1
  • object owners
    • nonexistent 1
    • reports
      • Command Rule Configuration Issues Report 1
  • object privilege reports 1
  • objects
    • command rule objects
      • name 1
      • owner 1
      • processing 1
    • dynamic SQL use 1
    • mandatory realms 1
    • monitoring 1
    • object names
      • finding with DV_DICT_OBJ_NAME 1
    • object owners
      • finding with DV_DICT_OBJ_OWNER 1
    • realms
      • object name 1
      • object owner 1
      • object type 1
      • procedures for registering 1
    • reports
      • Access to Sensitive Objects Report 1
      • Accounts with SYSDBA/SYSOPER Privilege Report 1
      • Direct Object Privileges Report 1
      • Execute Privileges to Strong SYS Packages Report 1
      • Non-Owner Object Trigger Report 1
      • Object Access By PUBLIC Report 1
      • Object Access Not By PUBLIC Report 1
      • Object Dependencies Report 1
      • Objects Dependent on Dynamic SQL Report 1
      • OS Directory Objects Report 1
      • privilege 1
      • Public Execute Privilege To SYS PL/SQL Procedures Report 1
      • sensitive 1
      • System Privileges By Privilege Report 1
    • restricting user access to using mandatory realms 1
    • types
      • finding with DV_DICT_OBJ_TYPE 1
    • views, DBA_DV_REALM_OBJECT 1
  • Objects Dependent on Dynamic SQL Report 1
  • object types
    • supported for Database Vault realm protection 1
  • OEM
    • See: Oracle Enterprise Manager (OEM)
  • OEM_MONITOR schema realm protection 1
  • OLS
    • See: Oracle Label Security
  • operating system access
    • guideline for using with Database Vault 1
  • operating systems
    • reports
      • OS Directory Objects Report 1
      • OS Security Vulnerability Privileges Report 1
    • vulnerabilities 1
  • ORA$DEPENDENCY profile 1
  • ORA-00942 error 1
  • ORA-01301 error 1
  • ORA-06512 error 1 , 2
  • ORA-24247 error 1
  • ORA-47305 error 1
  • ORA-47400 error 1 , 2
  • ORA-47401 error 1 , 2
  • ORA-47408 error 1
  • ORA-47409 error 1
  • ORA-47500 error 1
  • ORA-47503 error 1
  • ORA-47920 error 1
  • Oracle Database Vault
    • about 1
    • components 1 , 2
    • deinstalling 1
    • disabling
      • procedures for 1
      • reasons for 1
    • enabling
      • procedures for 1
    • integrating with other Oracle products 1
    • Oracle Database installation, affect on 1
    • post-installation procedures 1
    • privileges to use 1
    • registering
      • using DBCA 1
    • reinstalling 1
    • roles
      • privileges of 1
  • Oracle Database Vault Administrator (DVA)
    • logging on from Oracle Enterprise Manager Cloud Control 1
  • Oracle Database Vault Administrator pages 1
  • Oracle Database Vault policies
    • about 1
    • creating 1
    • data dictionary views 1
    • default 1
    • deleting 1
    • in multitenant environment 1
    • modifying 1
  • Oracle Database Vault realm 1
  • Oracle Database Vault registration
    • about 1
    • common users to manage specific PDBs 1
    • common user to manage CDB root 1
    • non-multitenant environment 1
    • plugging in a Database Vault-enabled database 1
    • verifying configuration and enablement 1
  • Oracle Data Guard
    • integrating Database Vault with 1
  • Oracle Data Pump
    • archiving the Oracle Database Vault audit trail with 1
    • authorizing transportable tablespace operations for Database Vault 1
    • DBA_DV_DATAPUMP_AUTH view 1
    • DBA_DV_TTS_AUTH view 1
    • DBMS_MACADM.AUTHORIZE_TTS_USER 1
    • DBMS_MACADM.UNAUTHORIZE_TTS_USER 1
    • granting authorization to use with Database Vault 1
    • guidelines before performing an export or import 1
    • levels of authorization required
      • Oracle Data Pump only 1
      • transportable tablespaces 1
    • MACADM procedures for authorization 1
    • realm protection 1
    • revoking standard authorization 1
    • revoking transportable tablespace authorization 1
    • using with Oracle Database Vault 1
  • Oracle Default Component Protection Realm 1
  • Oracle Default Schema Protection Realm 1
  • Oracle Enterprise Manager
    • DBSNMP account
      • changing password 1
      • granted DV_MONITOR role 1
    • using Oracle Database Vault with 1
  • Oracle Enterprise Manager Cloud Control
    • monitoring Database Vault for attempted violations 1
    • propagating Database Vault configurations to other databases 1
    • starting Oracle Database Vault from 1
  • Oracle Enterprise Manager realm 1
  • Oracle Enterprise User Security, integrating with Oracle Database Vault 1
  • Oracle Flashback Technology 1 , 2
  • Oracle GoldenGate
    • Database Vault role used for
      • DV_GOLDENGATE_ADMIN 1
      • DV_GOLDENGATE_REDO_ACCESS 1
    • in an Oracle Database Vault environment 1
  • Oracle Internet Directory, registering with DBCA 1
  • Oracle Internet Directory Distinguished Name, Proxy_Enterprise_Identity default factor 1
  • Oracle Label Security
    • using OLS_LABEL_DOMINATES function in rule expressions 1
  • Oracle Label Security (OLS)
    • audit events, custom 1
    • checking if installed using DBMS_MACUTL functions 1
    • data dictionary views 1
    • functions
      • DBMS_MACUTL (utility) 1
    • how Database Vault integrates with 1
    • initialization, command rules 1
    • integration with Oracle Database Vault
      • example 1
      • Label Security Integration Audit Report 1
      • procedure 1
      • requirements 1
    • labels
      • about 1
      • determining with GET_FACTOR_LABEL 1
      • invalid label identities 1
    • policies
      • accounts that bypass 1
      • monitoring policy changes 1
      • nonexistent 1
    • procedures
      • DBMS_MACADM (configuration) 1
    • reports 1
    • views
      • DBA_DV_MAC_POLICY 1
      • DBA_DV_MAC_POLICY_FACTOR 1
      • DBA_DV_POLICY_LABEL 1
  • Oracle MetaLink
    • See: My Oracle Support
  • Oracle OLAP realm protection 1
  • Oracle Real Application Clusters
    • configuring Database Vault on RAC nodes 1
    • deinstalling Oracle Database Vault from 1
    • multiple factor identities 1
  • Oracle Recovery Manager (RMAN)
    • in an Oracle Database Vault environment 1
  • Oracle Scheduler
    • DBA_DV_JOB_AUTH view 1
    • granting Oracle Database Vault authorization 1
    • realm protection 1
    • revoking Oracle Database Vault authorization 1
    • SCHEDULER_ADMIN role, impact of Oracle Database Vault installation 1
    • using with Oracle Database Vault 1
  • Oracle software owner, guidelines on managing 1
  • Oracle Spatial realm protection 1
  • Oracle Streams
    • Database Vault role used for 1
  • Oracle System Privilege and Role Management Realm 1
  • Oracle Text realm protection 1
  • Oracle Virtual Private Database (VPD)
    • accounts that bypass 1
    • factors, attaching to 1
    • GRANT EXECUTE privileges with Grant VPD Administration default rule set 1
    • using Database Vault factors with Oracle Label Security 1
  • ORADEBUG utility
    • about 1
    • DBA_DV_ORADEBUG view 1
    • PL/SQL procedure for disabling in Database Vault 1
    • PL/SQL procedure for enabling in Database Vault 1
    • using with Database Vault 1
  • OS_ROLES initialization parameter 1
  • OS Directory Objects Report 1
  • OS Security Vulnerability Privileges Report 1
  • OUTlN schema realm protection 1

P

  • parameters
    • modified after installation 1
    • reports
      • Security Related Database Parameters Report 1
  • parent factors
    • See: factors
  • Password History Access Report 1
  • passwords
    • forgotten, solution for 1
    • reports
      • Database Account Default Password Report 1
      • Password History Access Report 1
      • Username/Password Tables Report 1
    • resetting for DV_ACCTMGR user 1
    • resetting for DV_OWNER user 1
  • patches
    • auditing DV_PATCH_ADMIN user 1
    • DBMS_MACADM.DISABLE_DV_PATCH_ADMIN_AUDIT procedure 1
    • DBMS_MACADM.ENSABLE_DV_PATCH_ADMIN_AUDIT procedure 1
    • DV_PATCH_ADMIN requirement for 1
    • security consideration 1
    • two-person integrity used for 1
  • PDBs
    • command rules in 1
    • disabling tracing
      • all database sessions 1
      • current database session 1
    • DVF schema 1
    • DVSYS schema 1 , 2
    • enabling tracing
      • all database sessions 1
      • current database session 1
    • plugging Database Vault-enabled PDB to CDB 1
    • privilege analysis 1
  • performance effect
    • command rules 1
    • realms 1
    • reports
      • Resource Profiles Report 1
      • System Resource Limits Report 1
    • rule sets 1
    • secure application roles 1
    • static evaluation for rule sets 1
  • performance tools
    • Automatic Workload Repository (AWR)
      • command rules 1
      • factors 1
      • Oracle Enterprise Manager
        • performance tools 1
      • performance tools
        • Cloud Control, realms 1
        • Oracle Enterprise Manager
          • realms 1
      • realms 1
      • rule sets 1
      • secure application roles 1
    • Oracle Enterprise Manager
      • command rules 1
      • factors 1
      • performance tools
        • Oracle Enterprise Manager Cloud Control
          • command rules 1
      • rule sets 1
      • secure application roles 1
    • Oracle Enterprise Manager Cloud Control
      • factors 1
      • rule sets 1
      • secure application roles 1
    • TKPROF utility
      • command rules 1
      • factors 1
      • realms 1
      • rule sets 1
      • secure application roles 1
  • PL/SQL
    • packages
      • unwrapped bodies 1
      • Unwrapped PL/SQL Package Bodies Report 1
  • PL/SQL factor functions 1
  • pluggable databases
    • See: PDBs
  • policies
    • See: Oracle Database Vault policies
  • POLICY_OWNER_COMMAND_RULE view 1
  • policy changes, monitoring 1
  • post-installation procedures 1
  • privilege analysis
    • about 1
    • accessing reports in Cloud Control 1
    • benefits 1
    • CDBs 1
    • creating
      • about 1
      • in Cloud Control 1
      • usingDBMS_PRIVILEGE_CAPTURE.CREATE_CAPTURE 1
    • creating role in Cloud Control 1
    • data dictionary views 1
    • DBMS_PRIVILEGE_CAPTURE PL/SQL package 1
    • disabling
      • about 1
      • in Cloud Control 1
      • using DBMS_PRIVILEGE_CAPTURE.DISABLE_CAPTURE 1
    • dropping
      • about 1
      • in Cloud Control 1
      • using DBMS_PRIVILEGE_CAPTURE.DROP_CAPTURE 1
    • enabling
      • about 1
      • in Cloud Control 1
      • using DBMS_PRIVILEGE_CAPTURE.ENABLE_CAPTURE 1
    • examples of creating and enabling 1
    • general steps for managing 1
    • generating regrant scripts 1
    • generating reports
      • about 1
      • in Cloud Control 1
      • using DBMS_PRIVILEGE_CAPTURE.GENERATE_REPORT 1
    • generating revoke scripts 1
    • logon users 1
    • pre-compiled database objects 1
    • privilege uses captured 1
    • requirements for using 1
    • restrictions 1
    • revoking and re-granting in Cloud Control 1
    • revoking and regranting using scripts 1
    • tutorial 1
    • tutorial for ANY privileges 1
    • use cases
      • finding application pool privileges 1
      • finding overly privileged users 1
  • privileges
    • checking with DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function 1
    • existing users and roles, Database Vault affect on 1
    • least privilege principle
      • violations to 1
    • monitoring
      • GRANT statement 1
      • REVOKE statement 1
    • Oracle Database Vault restricting 1
    • prevented from existing users and roles 1
    • reports
      • Accounts With DBA Roles Report 1
      • ALTER SYSTEM or ALTER SESSION Report 1
      • ANY System Privileges for Database Accounts Report 1
      • AUDIT Privileges Report 1
      • Database Accounts With Catalog Roles Report 1
      • Direct and Indirect System Privileges By Database Account Report 1
      • Direct System Privileges By Database Account Report 1
      • Hierarchical System Privileges By Database Account Report 1
      • listed 1
      • OS Directory Objects Report 1
      • Privileges Distribution By Grantee, Owner, Privilege Report 1
      • Privileges Distribution By Grantee, Owner Report 1
      • Privileges Distribution By Grantee Report 1
      • WITH GRANT Privileges Report 1
    • restricting access using mandatory realms 1
    • roles
      • checking with DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function 1
    • system
      • checking with DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function 1
    • views
      • DBA_DV_PUB_PRIVS 1
      • DBA_DV_USER_PRIVS 1
      • DBA_DV_USER_PRIVS_ALL 1
  • Privileges Distribution By Grantee, Owner, Privilege Report 1
  • Privileges Distribution By Grantee, Owner Report 1
  • Privileges Distribution By Grantee Report 1
  • privileges using external password 1
  • problems, diagnosing 1
  • procedures
    • command rules
      • .DBMS_MACADM (configuration) 1
    • factors
      • DBMS_MACADM (configuration) 1
    • realms
      • DBMS_MACADM (configuration) 1
  • production environments
    • guidelines for securing 1
  • profiles 1
  • proxy user authorization
    • Database Vault authorization
      • DBA_DV_PROXY_AUTH view 1
      • granting 1
      • revoking 1
  • PUBLIC access to realms 1
  • Public Execute Privilege To SYS PL/SQL Procedures Report 1
  • PUBLIC user account
    • impact of Oracle Database Vault installation 1

Q

  • quotas
    • tablespace 1

R

  • Realm Audit Report 1
  • Realm Authorization Configuration Issues Report 1
  • realm authorizations:multitenant environment 1
  • realms
    • about 1
    • adding roles to as grantees 1
    • audit events, custom 1
    • authentication-related procedures 1
    • authorization
      • enabling access to realm-protected objects 1
      • how realm authorizations work 1
      • process flow 1
      • troubleshooting 1
    • authorizations
      • grantee 1
      • rule set 1
    • authorizations in multitenant environment 1
    • creating 1
    • creating names 1
    • Database Vault Account Management realm 1
    • data dictionary views 1
    • data masking 1
    • DBMS_MACUTL constants, example of 1
    • default realms
      • listed 1
    • deleting 1
    • disabling 1
    • DV_REALM_OWNER role 1
    • DV_REALM_RESOURCE role 1
    • effect on other Oracle Database Vault components 1
    • enabling 1
    • enabling access to realm-protected objects 1
    • example 1
    • functions
      • DBMS_MACUTL (utility) 1
      • DBMS_MACUTL constants (fields) 1
    • guidelines 1
    • how realms work 1
    • mandatory realms 1
    • multitenant environment
      • about 1
    • naming conventions 1
    • object-related procedures 1
    • object types, supported 1
    • Oracle Database Vault realm 1
    • Oracle Default Component Protection Realm 1
    • Oracle Default Schema Protection Realm 1
    • Oracle Enterprise Manager realm 1
    • Oracle System Privilege and Role Management Realm 1
    • performance effect 1
    • procedures
      • DBMS_MACADM (configuration) 1
    • process flow 1
    • propagating configuration to other databases 1
    • protection after object is dropped 1
    • PUBLIC access 1
    • realm authorizations
      • about 1
    • realm secured objects
      • object name 1
      • object owner 1
      • object type 1
    • realm-secured objects 1
    • reports 1
    • roles
      • DV_REALM_OWNER 1
      • DV_REALM_RESOURCE 1
    • secured object 1
    • simulation mode 1
    • territory a realm protects 1
    • troubleshooting 1 , 2
    • tutorial 1
    • views
      • DBA_DV_CODE 1
      • DBA_DV_MAINTENANCE_AUTH 1
      • DBA_DV_POLICY 1
      • DBA_DV_POLICY_OBJECT 1
      • DBA_DV_POLICY_OWNER 1
      • DBA_DV_REALM 1
      • DBA_DV_REALM_OBJECT 1
      • DBS_DV_REALM_AUTH 1
      • DVSYS.POLICY_OWNER_COMMAND_RULE 1
      • DVSYS.POLICY_OWNER_POLICY 1
      • DVSYS.POLICY_OWNER_REALM 1
      • DVSYS.POLICY_OWNER_REALM_AUTH 1
      • DVSYS.POLICY_OWNER_REALM_OBJECT 1
      • DVSYS.POLICY_OWNER_RULE 1
      • DVSYS.POLICY_OWNER_RULE_SET 1
      • DVSYS.POLICY_OWNER_RULE_SET_RULE 1
  • recovering lost password 1 , 2
  • RECOVERY_CATALOG_OWNER role 1
  • RECYCLEBIN initialization parameter
    • default setting in Oracle Database Vault 1
  • registering Oracle Database Vault 1
  • reinstalling Oracle Database Vault 1
  • REMOTE_LOGIN_PASSWORDFILE initialization parameter 1
  • reports
    • about 1
    • Access to Sensitive Objects Report 1
    • Accounts With DBA Roles Report 1
    • Accounts with SYSDBA/SYSOPER Privilege Report 1
    • ALTER SYSTEM or ALTER SESSION Report 1
    • ANY System Privileges for Database Accounts Report 1
    • auditing 1
    • AUDIT Privileges Report 1
    • BECOME USER Report 1
    • categories of 1
    • Command Rule Audit Report 1
    • Command Rule Configuration Issues Report 1
    • Core Database Audit Report 1
    • Core Database Vault Audit Trail Report 1
    • Database Account Default Password Report 1
    • Database Account Status Report 1
    • Database Accounts With Catalog Roles Report 1
    • Direct and Indirect System Privileges By Database Account Report 1
    • Direct Object Privileges Report 1
    • Direct System Privileges By Database Account Report 1
    • Enterprise Manager Cloud Control 1
    • Execute Privileges to Strong SYS Packages Report 1
    • Factor Audit Report 1
    • Factor Configuration Issues Report 1
    • Factor Without Identities 1
    • general security 1
    • Hierarchical System Privileges by Database Account Report 1
    • Identity Configuration Issues Report 1
    • Java Policy Grants Report 1
    • Label Security Integration Audit Report 1
    • Non-Owner Object Trigger Report 1
    • Object Access By PUBLIC Report 1
    • Object Access Not By PUBLIC Report 1
    • Object Dependencies Report 1
    • Objects Dependent on Dynamic SQL Report 1
    • OS Directory Objects Report 1
    • OS Security Vulnerability Privileges 1
    • Password History Access Report 1
    • permissions for running 1
    • privilege management 1
    • Privileges Distribution By Grantee, Owner, Privilege Report 1
    • Privileges Distribution By Grantee, Owner Report 1
    • Privileges Distribution By Grantee Report 1
    • Public Execute Privilege To SYS PL/SQL Procedures Report 1
    • Realm Audit Report 1
    • Realm Authorization Configuration Issues Report 1
    • Resource Profiles Report 1
    • Roles/Accounts That Have a Given Role Report 1
    • Rule Set Configuration Issues Report 1
    • running 1
    • Secure Application Configuration Issues Report 1
    • Secure Application Role Audit Report 1
    • Security Policy Exemption Report 1
    • Security Related Database Parameters 1
    • security vulnerability 1
    • System Privileges By Privilege Report 1
    • System Resource Limits Report 1
    • Tablespace Quotas Report 1
    • Unwrapped PL/SQL Package Bodies Report 1
    • Username /Password Tables Report 1
    • WITH ADMIN Privileges Grants Report 1
    • WITH GRANT Privileges Report 1
  • Resource Profiles Report 1
  • resources
    • reports
      • Resource Profiles Report 1
      • System Resource Limits Report 1
  • REVOKE statement
    • monitoring 1
  • roles
    • adding to realms as grantees 1
    • catalog-based 1
    • Database Vault default roles 1
    • privilege analysis 1
    • privileges, checking with DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function 1
    • role-based system privileges 1
    • role enablement in incomplete rule set 1
  • Roles/Accounts That Have a Given Role Report 1
  • root access
    • guideline for using with Database Vault 1
    • guidelines on managing 1
  • rules
    • about 1
    • creating 1
    • creating names 1
    • data dictionary views 1
    • default 1
    • deleting 1
    • deleting from rule set 1
    • existing rules, adding to rule set 1
    • naming conventions 1
    • nested within a rule set 1
    • removing from rule set 1
    • reports 1
    • troubleshooting 1
    • views
      • DBA_DV_RULE 1
      • DBA_DV_RULE_SET_RULE 1
  • Rule Set Configuration Issues Report 1
  • rule sets
    • about 1
    • adding existing rules 1
    • auditing
      • intruders
        • using rule sets 1
    • audit options 1
    • command rules
      • disabled 1
      • selecting for 1
      • used with 1
    • creating
      • rules in 1
    • creating names 1
    • data dictionary views 1
    • DBMS_MACUTL constants, example of 1
    • default rules 1
    • default rule sets 1
    • deleting
      • rules from 1
    • disabled for
      • factor assignment 1
      • realm authorization 1
    • evaluation of rules 1
    • event handlers 1
    • events firing, finding with DV_SYSEVENT 1
    • factors, selecting for 1
    • fail code 1
    • fail message 1
    • functions
      • DBMS_MACADM (configuration) 1
      • DBMS_MACUTL (utility) 1
      • DBMS_MACUTL constants (fields) 1
      • PL/SQL functions for rule sets 1
    • guidelines 1
    • how rule sets work 1
    • incomplete 1
    • multitenant environment
      • about 1
    • naming conventions 1
    • nested rules 1
    • performance effect 1
    • procedures
      • DBMS_MACADM (configuration) 1
    • process flow 1
    • propagating configuration to other databases 1
    • removing references to objects 1
    • reports 1
    • rule sets
      • evaluation options 1
    • rules that exclude one user 1
    • security attacks
      • tracking
        • with rule set auditing 1
    • static evaluation 1
    • troubleshooting 1 , 2
    • views
      • DBA_DV_RULE 1
      • DBA_DV_RULE_SET 1
      • DBA_DV_RULE_SET_RULE 1
  • rules sets
    • audit event, custom 1

S

  • SCHEDULER_ADMIN role
    • impact of Oracle Database Vault installation 1
  • scheduling database jobs
    • CREATE EXTERNAL JOB privilege security consideration 1
  • scheduling jobs
    • See: Oracle Scheduler
  • schemas
    • DVF 1
    • DVSYS 1
  • Secure Application Configuration Issues Report 1
  • secure application role 1
  • Secure Application Role Audit Report 1
  • secure application roles
    • audit event, custom 1
    • creating 1
    • data dictionary view 1
    • DBMS_MACSEC_ROLES.SET_ROLE function 1
    • deleting 1
    • functionality 1
    • functions
      • DBMS_MACADM (configuration) 1
      • DBMS_MACSEC_ROLES (configuration) 1
      • DBMS_MACSEC_ROLES package 1
      • DBMS_MACUTL (utility) 1
      • DBMS_MACUTL constants (fields) 1
    • guidelines on managing 1
    • modifying 1
    • performance effect 1
    • procedure
      • DBMS_MACADM (configuration) 1
    • procedures and functions
      • DBMS_MACUTL (utility) 1
    • propagating configuration to other databases 1
    • reports
      • Rule Set Configuration Issues Report 1
    • troubleshooting 1
    • troubleshooting with auditing report 1
    • tutorial 1
    • views
      • DBA_DV_ROLE 1
  • security attacks
    • Denial of Service (DoS) attacks
      • finding system resource limits 1
    • Denial of Service attacks
      • finding tablespace quotas 1
    • eliminating audit trail 1
    • monitoring security violations 1
    • Oracle Database Vault addressing compromised privileged user accounts 1
    • reports
      • AUDIT Privileges Report 1
      • Objects Dependent on Dynamic SQL Report 1
      • Privileges Distribution By Grantee, Owner Report 1
      • Unwrapped PL/SQL Package Bodies Report 1
    • SQL injection attacks 1
    • tracking
      • with factor auditing 1
  • security policies, Oracle Database Vault addressing 1
  • Security Policy Exemption Report 1
  • Security Related Database Parameters Report 1
  • security violations
    • monitoring attempts 1
  • security vulnerabilities
    • how Database Vault addresses 1
    • operating systems 1
    • reports
      • Security Related Database Parameters Report 1
    • root operating system directory 1
  • SELECT_CATALOG_ROLE role 1
  • sensitive objects reports 1
  • separation of duty concept
    • about 1
    • command rules 1
    • database accounts 1
    • database accounts, suggested 1
    • database roles 1
    • Database Vault Account Manager role 1
    • documenting tasks 1
    • example matrix 1
    • how Oracle Database Vault addresses 1
    • realms 1
    • restricting privileges 1
    • roles 1
    • tasks in Oracle Database Vault environment 1
  • session event command rule
    • updating 1
  • session event command rules
    • creating for events 1
    • deleting 1
  • sessions
    • audit events, custom 1
    • DBMS_MACUTL fields 1
    • finding session user with DVF.F$SESSION_USER 1
    • restricting data based on 1
    • retrieving information with functions 1
  • simulation mode
    • about 1
    • use cases 1
  • SQL92_SECURITY initialization parameter 1
  • SQL injection attacks, detecting with Object Dependent on Dynamic SQL Report 1
  • SQL statements
    • default command rules that protect 1
  • SQL statements protected by 1
  • SQL text, finding with DV_SQL_TEXT 1
  • subfactors
    • See: child factors under factors topic
  • SYS_CONTEXT function
    • Boolean expressions used in privilege analysis 1
  • SYS.DV$CONFIGURATION_AUDIT view 1
  • SYS.DV$ENFORCEMENT_AUDIT view 1
  • SYS account
    • privilege analysis 1
  • SYSDBA access
    • guidelines on managing 1
  • SYSDBA privilege
    • limiting, importance of 1
  • SYSOPER access
    • guidelines on managing 1
  • system event command rule
    • updating 1
  • system event command rules
    • creating 1
    • deleting 1
  • system features
    • disabling with Disabled rule set 1
    • enabling with Enabled rule set 1
  • system privileges
    • checking with DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function 1
    • reports
      • System Privileges By Privileges Report 1
  • System Privileges By Privilege Report 1
  • System Resource Limits Report 1
  • system root access, guideline on managing 1
  • SYSTEM schema
    • application tables in 1
    • realm protection 1
  • SYSTEM user account
    • guidelines for using with Database Vault 1
  • SYS user account
    • adding to realm authorization 1

T

  • tablespace quotas 1
  • Tablespace Quotas Report 1
  • time data
    • DBMS_MACUTL functions 1
  • trace files
    • about 1
  • trace files, Oracle Database Vault
    • about 1
    • activities that can be traced 1
    • ADRCI utility 1
    • directory location for trace files 1
    • disabling for all sessions 1
    • disabling for current session 1
    • enabling for all sessions 1
    • enabling for current session 1
    • examples
      • highest level on realm violations 1
      • high level authorization 1
      • low level realm violations 1
    • finding trace file directory 1
    • levels of trace events 1
    • performance effect 1
    • querying
      • ADRCI utility 1
      • Linux grep command 1
  • traisimulationning mode
    • tutorial 1
  • Transparent Data Encryption, used with Oracle Database Vault 1
  • transportable tablespaces
    • authorizing for Oracle Data Pump operations in Database Vault 1
    • DBA_DV_TTS_AUTH view 1
    • DBMS_MACADM.AUTHORIZE_TTS_USER procedure 1
    • DBMS_MACADM.UNAUTHORIZE_TTS_USER procedure 1
  • triggers
    • different from object owner account 1
    • reports, Non-Owner Object Trigger Report 1
  • troubleshooting
    • access security sessions 1
    • auditing reports, using 1
    • factors 1
    • general diagnostic tips 1
    • locked out accounts 1
    • passwords, forgotten 1
    • realms 1
    • rules 1
    • rule sets 1
    • secure application roles 1
  • trusted users
    • accounts and roles that should be limited 1
    • default for Oracle Database Vault 1
  • trust levels
    • about 1
    • determining for identities with GET_TRUST_LEVEL_FOR_IDENTITY 1
    • determining with GET_TRUST_LEVEL 1
    • factor identity 1
    • factors 1
    • for factor and identity requested 1
    • identities 1
    • of current session identity 1
  • tutorials
    • access, granting with secure application roles 1
    • ad hoc tool access, preventing 1
    • configuring two-person integrity (TPI) 1
    • Database Vault factors with Virtual Private Database and Oracle Label Security 1
    • email alert in rule set 1
    • factors, mapping identities 1
    • Oracle Label Security integration with Oracle Database Vault 1
    • privilege analysis 1
    • privilege analysis for ANY privileges 1
    • restricting access based on session data 1
    • restricting user activities with command rules 1
    • schema, protecting with a realm 1
    • simulation mode 1
  • two-man rule security
    • See: two-person integrity (TPI)
  • two-person integrity (TPI)
    • about 1
    • configuring with a rule set 1

U

  • UNAUTHORIZE_MAINTENANCE_USER procedure 1
  • unified audit trail
    • how it works with Database Vault 1
    • protecting with a realm 1
  • Unwrapped PL/SQL Package Bodies Report 1
  • USER_HISTORY$ table 1
  • user authorization
    • Database Vault authorization for ILM
      • granting 1
      • revoking 1
    • Database Vault authorization for Information Lifecycle Management
      • granting 1
      • revoking 1
  • Username/Password Tables Report 1
  • user names
    • reports, Username/Password Tables Report 1
  • users
    • enterprise identities, finding with DVF.F$PROXY_ENTERPRISE_IDENTITY 1
    • enterprise-wide identities, finding with DVF.F$ENTERPRISE_IDENTITY 1
    • finding session user with DVF.F$SESSION_USER 1
    • login user name, finding with DV_LOGIN_USER 1
    • restricting access by factor identity 1
  • utility functions
    • See: .DBMS_MACUTL package
  • UTL_FILE object 1
  • UTL_FILE package, guidelines on managing 1

V

  • views
    • CDB_DV_STATUS 1
    • DBA_DV_CODE 1
    • DBA_DV_COMMAND_RULE 1
    • DBA_DV_DATAPUMP_AUTH 1
    • DBA_DV_DDL_AUTH 1
    • DBA_DV_DICTIONARY_ACCTS 1
    • DBA_DV_FACTOR 1
    • DBA_DV_FACTOR_TYPE 1
    • DBA_DV_IDENTITY 1
    • DBA_DV_IDENTITY_MAP 1
    • DBA_DV_JOB_AUTH 1
    • DBA_DV_MAINTENANCE_AUTH 1
    • DBA_DV_ORADEBUG 1
    • DBA_DV_PATCH_ADMIN_AUDIT 1
    • DBA_DV_POLICY 1
    • DBA_DV_POLICY_LABEL 1
    • DBA_DV_POLICY_OBJECT 1
    • DBA_DV_POLICY_OWNER 1
    • DBA_DV_PROXY_AUTH 1
    • DBA_DV_PUB_PRIVS 1
    • DBA_DV_REALM 1
    • DBA_DV_REALM_AUTH 1
    • DBA_DV_REALM_OBJECT 1
    • DBA_DV_ROLE 1
    • DBA_DV_RULE_SET 1
    • DBA_DV_RULE_SET_RULE 1
    • DBA_DV_SIMULATION_LOG 1
    • DBA_DV_STATUS 1
    • DBA_DV_TTS_AUTH 1
    • DBA_DV_USER_PRIVS 1
    • DBA_DV_USER_PRIVS_ALL 1
    • DVSYS.DV$CONFIGURATION_AUDIT 1
    • DVSYS.DV$ENFORCEMENT_AUDIT 1
    • DVSYS.DV$REALM 1
    • DVSYS.POLICY_OWNER_COMMAND_RULE 1
    • DVSYS.POLICY_OWNER_POLICY 1
    • DVSYS.POLICY_OWNER_REALM 1
    • DVSYS.POLICY_OWNER_REALM_AUTH 1
    • DVSYS.POLICY_OWNER_REALM_OBJECT 1
    • DVSYS.POLICY_OWNER_RULE 1
    • DVSYS.POLICY_OWNER_RULE_SET 1
    • DVSYS.POLICY_OWNER_RULE_SET_RULE 1
    • SYS.DV$CONFIGURATION_AUDIT 1
    • SYS.DV$ENFORCEMENT_AUDIT 1
  • VPD
    • See: Oracle Virtual Private Database (VPD)

W

  • WITH ADMIN Privileges Grants Report 1
  • WITH ADMIN status 1 , 2
  • WITH GRANT clause 1
  • WITH GRANT Privileges Report 1

X

  • XStream
    • Database Vault role used for 1
    • in an Oracle Database Vault environment 1