Skip Headers
Oracle® Database Vault Administrator's Guide
10g Release 2 (10.2)

Part Number B25166-04
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
View PDF

Index

A  B  C  D  E  F  G  H  I  J  L  M  N  O  P  Q  R  S  T  U  V  W 

Symbols

% wildcard, 9.1.3

A

access control policy
configuring with tools and components
Oracle Label Security PL/SQL APIs, 1.2.6
Oracle Policy Manager, 1.2.6
reports
Core Database Vault Audit Report, 9.2.2.5
access control run-time PL/SQL procedures and functions, D.1
Access to Sensitive Objects Report, 9.3.3.2
accounts. See database accounts
Accounts With DBA Roles Report, 9.3.5.2
Accounts with SYSDBA/SYSOPER Privilege Report, 9.3.3.4
ALTER DATABASE statement
monitoring, 10.4
ALTER ROLE statement
monitoring, 10.1
ALTER SESSION privilege
reports, ALTER SYSTEM or ALTER SESSION Report, 9.3.5.5
trace files, enabling, G.1
ALTER SESSION statement
guidelines on managing privileges, F.3.6
ALTER SYSTEM or ALTER SESSION Report, 9.3.5.5
ALTER SYSTEM privilege
reports, ALTER SYSTEM or ALTER SESSION Report, 9.3.5.5
ALTER SYSTEM statement
controlling with command rules, 5.1
guidelines on managing privileges, F.3.6
ALTER TABLE statement
monitoring, 10.4
ALTER USER statement
monitoring, 10.1
ANY privileges, C.3.3
ANY System Privileges for Database Accounts Report, 9.3.2.4
API packages, E
applications
custom, APIs for, E
ASM. See Automatic Storage Management
audit policy change
monitoring, 10.1
AUDIT privilege, 9.3.5.10
AUDIT Privileges Report, 9.3.5.10
AUDIT_SYS_OPERATIONS initialization parameter, 1.7.2.1
AUDIT_TRAIL initialization parameter
effect on auditing policy, A.1
effect on Core Database Audit Report, 9.3.8
effect on monitoring database, 10.1
example of setting, A.1
auditing
Core Database Audit Report, 9.3.8
DVSYS.DBMS_MACUTL fields, E.3.1
factors
options, 4.2
intruders
using factors, 4.2
using rule sets, 6.2
realms
DVSYS.DBMS_MACUTL fields, E.3.1
options, 3.2
reports, 9.2.2
rule sets
DVSYS.DBMS_MACUTL fields, E.3.1
options, 6.2
secure application roles
audit records, 7.8
troubleshooting, G.1
views used to audit events, C.5
See also auditing policies
auditing policies
about, A.1
custom events
about, A.2
audit trail, A.2
listing, A.2
monitoring changes to, 10.1, A.1
settings, A.1
See also auditing, AUDIT_TRAIL initialization parameter
authentication
Authentication_Method default factor, 4.8
command rules, 5.1
method, finding with DVF.F$AUTHENTICATION_METHOD, D.2
realm functions, E.1.1
authorizations, realms, 3.5
Automatic Storage Management (ASM)
command-line utilities, affected by Oracle Database Vault, 1.7.1
AVSYS account, C.4

B

BECOME USER Report, 9.3.5.4
BECOME USER system privilege
about, 9.3.5.4

C

catalog-based roles, 9.3.5.9
child factors. See factors
clients
finding IP address with DVF.F$CLIENT_IP, D.2
code groups
DVSYS.DBMS_MACUTL fields, E.3.1
ID, retrieving with DVSYS.DBMS_MACUTL functions, E.3.2
retrieving value with DVSYS.DBMS_MACUTL functions, E.3.2
Command Rule Audit Report, 9.2.2.2
Command Rule Configuration Issues Report, 9.2.1.1
command rules
about, 5.1
audit event, custom, A.2
creating, 5.2
default command rules, 5.6
deleting, 5.3
diagnosing behavior, G.1
editing, 5.2
example, 5.5
functions
DVSYS.DBMS_MACADM (configuration), E.1.4
DVSYS.DBMS_MACUTL (utility), E.3
guidelines, 5.7
how command rules work, 5.4
objects
name, 5.2
owner, 5.2
performance effect, 5.8
process flow, 5.4
reports, 5.9
rule sets
how different from command rules, 5.1
selecting, 5.2
used with, 5.1
troubleshooting
general diagnostic advice, G.1
with auditing report, 9.2.2.2
views, C.5
See also rule sets
compliance
Oracle Database Vault addressing, 1.3
computer name
finding with DVF.F$MACHINE, D.2
Machine default factor, 4.8
configuration
changes, monitoring, 10.1
See also DVSYS.DBMS_MACADM package
CONNECT events, controlling with command rules, 5.1
core database
troubleshooting with Core Database Vault Audit Report, 9.2.2.5
Core Database Audit Report, 9.3.8
Core Database Vault Audit Report, 9.2.2.5
CPU_PER_SESSION resource profile, 9.3.6.2
CREATE ANY JOB privilege, F.3.3
CREATE ANY JOB statement
guidelines on managing privileges, F.3.3
CREATE EXTERNAL JOB privilege, F.3.4
CREATE JOB privilege, F.3.3
CREATE JOB statement
guidelines on managing privileges, F.3.3
CREATE ROLE statement
monitoring, 10.1
CREATE TABLE statement
monitoring, 10.4
CREATE USER statement
monitoring, 10.1
custom applications, APIs for, E

D

data definition language (DDL)
statement
controlling with command rules, 5.1
data dictionary
adding DV_ACCTMGR role to realm, 2.3.1
Data Guard
command-line utilities, Oracle Database Vault effects on, 1.7.1
data manipulation language (DML)
statement
checking with DVSYS.DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED function, E.3.2
controlling with command rules, 5.1
data Oracle Database Vault recognizes. See factors
Database Account Default Password Report, 9.3.7.1
Database Account Status Report, 9.3.7.2
database accounts
AVSYS, C.4
counting privileges of, 9.3.4.1
creation scenarios, C.4.1, C.4.1
DBSNMP, 3.12
default Oracle Database Vault, C.4.1
DVSYS, C.4
LBACSYS, C.4
monitoring, 10.1
reports
Accounts With DBA Roles Report, 9.3.5.2
ALTER SYSTEM or ALTER SESSION Report, 9.3.5.5
ANY System Privileges for Database Accounts Report, 9.3.2.4
AUDIT Privileges Report, 9.3.5.10
BECOME USER Report, 9.3.5.4
Database Account Default Password Report, 9.3.7.1
Database Account Status Report, 9.3.7.2
Database Accounts With Catalog Roles Report, 9.3.5.9
Direct and Indirect System Privileges By Database Account Report, 9.3.2.2
Direct Object Privileges Report, 9.3.1.3
Direct System Privileges By Database Account Report, 9.3.2.1
Hierarchical System Privileges by Database Account Report, 9.3.2.3
Object Access By PUBLIC Report, 9.3.1.1
Object Access Not By PUBLIC Report, 9.3.1.2
OS Security Vulnerability Privileges, 9.3.5.11
Password History Access Report, 9.3.5.6
Privileges Distribution By Grantee Report, 9.3.4.1, 9.3.4.1, 9.3.4.1
Privileges Distribution By Grantee, Owner Report, 9.3.4.2, 9.3.4.2
Privileges Distribution By Grantee, Owner, Privilege Report, 9.3.4.3, 9.3.4.3
Roles/Accounts That Have a Given Role Report, 9.3.5.8
Security Policy Exemption Report, 9.3.5.3
WITH ADMIN Privilege Grants Report, 9.3.5.1
WITH GRANT Privileges Report, 9.3.5.7
solution for lockouts, B.1
suggested, C.4
SYSMAN, 3.12
Database Accounts With Catalog Roles Report, 9.3.5.9
database configuration
monitoring changes, 10.4
database definition language (DDL)
statements
controlling with command rules, 5.1
database domains, Database_Domain default factor, 4.8
database objects
Oracle Database Vault, C
reports
Object Dependencies Report, 9.3.1.4
See also objects
database options, installing, B.1
database roles
about, C.3
counting privileges of, 9.3.4.1
default Oracle Database Vault, C.3
DV_ACCTMGR
about, C.3.3
adding to Data Dictionary realm, 2.3.1
DV_ADMIN, C.3.2
DV_OWNER, C.3.1
DV_PUBLIC, C.3.4
DV_REALM_OWNER, C.3.6
DV_REALM_RESOURCE, C.3.7
DV_SECANALYST, C.3.5
enabled, determining with DVSYS.ROLE_IS_ENABLED, D.1.5
monitoring, 10.1
Oracle Database Vault, default, C.3
reports
Accounts With DBA Roles Report, 9.3.5.2
ALTER SYSTEM or ALTER SESSION Report, 9.3.5.5
AUDIT Privileges Report, 9.3.5.10
BECOME USER Report, 9.3.5.4
Database Accounts With Catalog Roles Report, 9.3.5.9
OS Security Vulnerability Privileges, 9.3.5.11
Privileges Distribution By Grantee Report, 9.3.4.1
Roles/Accounts That Have a Given Role Report, 9.3.5.8
Security Policy Exemption Report, 9.3.5.3
WITH ADMIN Privilege Grants Report, 9.3.5.1
separation of duty enforcement, 1.7.5
database schemas
grouped. See realms
database sessions, 4.2
controlling with Allow Sessions default rule set, 6.8
factor evaluation, 4.6.1
session user name, Proxy_User default factor, 4.8
Database Vault. See Oracle Database Vault
databases
dbconsole
checking process, 2.2
starting process, 2.2
defined with factors, 4.1
domain, Domain default factor, 4.8
event monitoring, G.1
host names, Database_Hostname default factor, 4.8
instance, retrieving information with functions, E.1.2
instances
Database_Instance default factor, 4.8
names, finding with DVF.F$DATABASE_INSTANCE, D.2
number, finding with DVSYS.DV_INSTANCE_NUM, D.3
IP addresses
Database_IP default factor, 4.8
retrieving with DVF.F$DATABASE_IP, D.2
listener, starting, B.3
log file location, 2.2
monitoring events, G.1
names
Database_Name default factor, 4.8
retrieving with DVF.F$DATABASE_NAME, D.2
retrieving with DVSYS.DV_DATABASE_NAME, D.3
parameters
Security Related Database Parameters Report, 9.3.6.1
roles that do not exist, 9.2.1.7
schema creation, finding with DVF.F$IDENTIFICATION_TYPE, D.2
schema creation, Identification_Type default factor, 4.8
startup, DVSYS.DBMS_MACUTL fields, E.3.1
structural changes, monitoring, 10.4
user name, Session_User default factor, 4.8
DBA_DV_CODE view, C.5
DBA_DV_COMMAND_RULE view, C.5
DBA_DV_FACTOR view, C.5
DBA_DV_FACTOR_LINK view, C.5
DBA_DV_FACTOR_TYPE view, C.5
DBA_DV_IDENTITY view, C.5
DBA_DV_IDENTITY_MAP view, C.5
DBA_DV_MAC_POLICY view, C.5
DBA_DV_MAC_POLICY_FACTOR view, C.5
DBA_DV_POLICY_LABEL view, C.5
DBA_DV_PUB_PRIVS view, C.5
DBA_DV_REALM view, C.5
DBA_DV_REALM_AUTH view, C.5
DBA_DV_REALM_OBJECT view, C.5
DBA_DV_ROLE view, C.5
DBA_DV_RULE view, C.5
DBA_DV_RULE_SET view, C.5
DBA_DV_RULE_SET_RULE view, C.5
DBA_DV_USER_PRIVS view, C.5
DBA_DV_USER_PRIVS_ALL view, C.5
dbconsole process
checking status, 2.2
starting, 2.2
DBMS_FILE_TRANSFER package, guidelines on managing, F.3.1
DELETE_CATALOG_ROLE role, 9.3.5.9
denial-of-service (DoS) attacks
reports
System Resource Limits Report, 9.3.6.3
Tablespace Quotas Report, 9.3.9.6
Direct and Indirect System Privileges By Database Account Report, 9.3.2.2
Direct Object Privileges Report, 9.3.1.3
direct system privileges, 9.3.2.3
Direct System Privileges By Database Account Report, 9.3.2.1
disabling system features with Disabled default rule set, 6.8
domains
defined with factors, 4.1
finding database domain with DVF.F$DATABASE_DOMAIN, D.2
finding with DVF.F$DOMAIN, D.2
DROP ROLE statement
monitoring, 10.1
DROP TABLE statement
monitoring, 10.4
DROP USER statement
monitoring, 10.1
DV_ACCTMGR role
about, C.3.3
adding to Data Dictionary realm, 2.3.1
DV_ADMIN role, C.3.2
DV_OWNER role, C.3.1
DV_PUBLIC role, C.3.4
DV_REALM_OWNER role, C.3.6
DV_REALM_RESOURCE role, C.3.7
DV_SECANALYST role, C.3.5
DVA. See Oracle Database Vault Administrator
DVCA. See Oracle Database Vault Configuration Assistant
DVF account
auditing policy, A.1
database accounts
DVF, C.4
DVF schema, D.2
about, C.2.2
auditing policy, A.1
DVSYS account, C.4
auditing policy, A.1
DVSYS schema
about, C.2.1
auditing policy, A.1
command rules, 5.2
DV_OWNER role, C.3.1
factor validation methods, 4.2
DVSYS.DBMS_MACADM package
about, E.1
command rule functions, listed, E.1.4
factor functions, listed, E.1.2
Oracle Label Security policy functions, listed, E.1.6
realm functions, listed, E.1.1
rule set functions, listed, E.1.3
secure application role functions, listed, E.1.5
DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM function, E.1.1.1, E.1.1.2, E.1.1.3, E.1.1.4
DVSYS.DBMS_MACADM.ADD_FACTOR_LINK function, E.1.2.1
DVSYS.DBMS_MACADM.ADD_OBJECT_TO_REALM function, E.1.1.5
DVSYS.DBMS_MACADM.ADD_POLICY_FACTOR function, E.1.2.2
DVSYS.DBMS_MACADM.ADD_RULE_TO_RULE_SET function, E.1.3.1, E.1.3.2, E.1.3.3
DVSYS.DBMS_MACADM.CHANGE_IDENTITY_FACTOR function, E.1.2.3
DVSYS.DBMS_MACADM.CHANGE_IDENTITY_VALUE function, E.1.2.4
DVSYS.DBMS_MACADM.CREATE_COMMAND_RULE function, E.1.4.1
DVSYS.DBMS_MACADM.CREATE_DOMAIN_IDENTITY function, E.1.2.5
DVSYS.DBMS_MACADM.CREATE_FACTOR function, E.1.2.6
DVSYS.DBMS_MACADM.CREATE_FACTOR_TYPE function, E.1.2.7
DVSYS.DBMS_MACADM.CREATE_IDENTITY function, E.1.2.8
DVSYS.DBMS_MACADM.CREATE_IDENTITY_MAP function, E.1.2.9
DVSYS.DBMS_MACADM.CREATE_MAC_POLICY function, E.1.6.1
DVSYS.DBMS_MACADM.CREATE_POLICY_LABEL function, E.1.6.2
DVSYS.DBMS_MACADM.CREATE_REALM function, E.1.1.6
DVSYS.DBMS_MACADM.CREATE_ROLE function, E.1.5.1
DVSYS.DBMS_MACADM.CREATE_RULE function, E.1.3.4
DVSYS.DBMS_MACADM.CREATE_RULE_SET function, E.1.3.5
DVSYS.DBMS_MACADM.DELETE_AUTH_FROM_REALM function, E.1.1.7
DVSYS.DBMS_MACADM.DELETE_COMMAND_RULE function, E.1.4.2
DVSYS.DBMS_MACADM.DELETE_FACTOR function, E.1.2.10
DVSYS.DBMS_MACADM.DELETE_FACTOR_LINK function, E.1.2.11
DVSYS.DBMS_MACADM.DELETE_FACTOR_TYPE function, E.1.2.12
DVSYS.DBMS_MACADM.DELETE_IDENTITY function, E.1.2.13
DVSYS.DBMS_MACADM.DELETE_IDENTITY_MAP function, E.1.2.14
DVSYS.DBMS_MACADM.DELETE_MAC_POLICY_CASCADE function, E.1.6.3
DVSYS.DBMS_MACADM.DELETE_OBJECT_FROM_REALM function, E.1.1.8
DVSYS.DBMS_MACADM.DELETE_POLICY_FACTOR function, E.1.6.4
DVSYS.DBMS_MACADM.DELETE_POLICY_LABEL function, E.1.6.5
DVSYS.DBMS_MACADM.DELETE_REALM function, E.1.1.9
DVSYS.DBMS_MACADM.DELETE_REALM_CASCADE function, E.1.1.10
DVSYS.DBMS_MACADM.DELETE_ROLE function, E.1.5.2
DVSYS.DBMS_MACADM.DELETE_RULE function, E.1.3.6
DVSYS.DBMS_MACADM.DELETE_RULE_FROM_RULE_SET function, E.1.3.7
DVSYS.DBMS_MACADM.DELETE_RULE_SET function, E.1.3.8
DVSYS.DBMS_MACADM.DROP_DOMAIN_IDENTITY function, E.1.2.15
DVSYS.DBMS_MACADM.GET_INSTANCE_INFO function, E.1.2.16
DVSYS.DBMS_MACADM.GET_SESSION_INFO function, E.1.2.17
DVSYS.DBMS_MACADM.RENAME_FACTOR function, E.1.2.18
DVSYS.DBMS_MACADM.RENAME_FACTOR_TYPE function, E.1.2.19
DVSYS.DBMS_MACADM.RENAME_REALM function, E.1.1.11
DVSYS.DBMS_MACADM.RENAME_ROLE function, E.1.5.3
DVSYS.DBMS_MACADM.RENAME_RULE function, E.1.3.9
DVSYS.DBMS_MACADM.RENAME_RULE_SET function, E.1.3.10
DVSYS.DBMS_MACADM.SET_PRESERVE_CASE function
command rules, E.1.4.3
factors, E.1.2.20
Oracle Label Security policies, E.1.6.6
realms, E.1.1.12
rule sets, E.1.3.11
secure application roles, E.1.5.4
DVSYS.DBMS_MACADM.SYNC_RULES function, E.1.3.12
DVSYS.DBMS_MACADM.UPDATE_COMMAND_RULE function, E.1.4.4
DVSYS.DBMS_MACADM.UPDATE_FACTOR function, E.1.2.21
DVSYS.DBMS_MACADM.UPDATE_FACTOR_TYPE function, E.1.2.22
DVSYS.DBMS_MACADM.UPDATE_IDENTITY function, E.1.2.23
DVSYS.DBMS_MACADM.UPDATE_MAC_POLICY function, E.1.6.7
DVSYS.DBMS_MACADM.UPDATE_REALM function, E.1.1.13
DVSYS.DBMS_MACADM.UPDATE_REALM_AUTH function, E.1.1.14
DVSYS.DBMS_MACADM.UPDATE_ROLE function, E.1.5.5
DVSYS.DBMS_MACADM.UPDATE_RULE function, E.1.3.13
DVSYS.DBMS_MACADM.UPDATE_RULE_SET function, E.1.3.14
DVSYS.DBMS_MACSEC_ROLES package
about, E.2
functions, listed, E.2
DVSYS.DBMS_MACSEC_ROLES.CAN_SET_ROLE function, E.2.1
DVSYS.DBMS_MACSEC_ROLES.SET_ROLE function, E.2.2
DVSYS.DBMS_MACUTL package
about, E.3
fields (constants), listed, E.3.1
functions, listed, E.3.2
DVSYS.DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED function, E.3.2.1
DVSYS.DBMS_MACUTL.GET_CODE_ID function, E.3.2.2
DVSYS.DBMS_MACUTL.GET_CODE_VALUE function, E.3.2.3
DVSYS.DBMS_MACUTL.GET_DAY function, E.3.2.8
DVSYS.DBMS_MACUTL.GET_FACTOR_CONTEXT function, E.3.2.4
DVSYS.DBMS_MACUTL.GET_HOUR function, E.3.2.7
DVSYS.DBMS_MACUTL.GET_MESSAGE_LABEL function, E.3.2.18, E.3.2.19
DVSYS.DBMS_MACUTL.GET_MINUTE function, E.3.2.6
DVSYS.DBMS_MACUTL.GET_MONTH function, E.3.2.9
DVSYS.DBMS_MACUTL.GET_SECOND function, E.3.2.5
DVSYS.DBMS_MACUTL.GET_SQL_TEXT function, E.3.2.11
DVSYS.DBMS_MACUTL.GET_YEAR function, E.3.2.10
DVSYS.DBMS_MACUTL.IN_CALL_STACK function, E.3.2.12
DVSYS.DBMS_MACUTL.IS_ALPHA function, E.3.2.13
DVSYS.DBMS_MACUTL.IS_DIGIT function, E.3.2.14
DVSYS.DBMS_MACUTL.IS_DVSYS_OWNER function, E.3.2.15
DVSYS.DBMS_MACUTL.IS_OLS_INSTALLED function, E.3.2.16
DVSYS.DBMS_MACUTL.IS_OLS_INSTALLED_VARCHAR function, E.3.2.17
DVSYS.DBMS_MACUTL.RAISE_UNAUTHORIZED_OPERATION function, E.3.2.20
DVSYS.DBMS_MACUTL.TO_ORACLE_IDENTIFIER function, E.3.2.21
DVSYS.DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function, E.3.2.22
DVSYS.DBMS_MACUTL.USER_HAS_ROLE function, E.3.2.23
DVSYS.DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function, E.3.2.24
DVSYS.DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function, E.3.2.25

E

enabling system features with Enabled default rule set, 6.8
encrypted information, 9.3.9.5
enterprise identities, Enterprise_Identity default factor, 4.8
Enterprise Manager. See Oracle Enterprise Manager
errors
DVSYS.DBMS_MACUTL.RAISE_UNAUTHORIZED_OPERATION function, E.3.2
factor error options, 4.2
rule set error options, 6.2
troubleshooting, G
event handler
rule sets, 6.2
example of using Oracle Database Vault, 2.3
examples
command rules, 5.5
database account creation scenarios, C.4.1
factors, 4.7
realms, 3.10
rule sets, 6.7
secure application roles, 7.6
EXECUTE ANY PROCEDURE privilege, securing for external C callouts, F.3.8.1
EXECUTE ANY PROCEDURE privilege, securing for Java stored procedures, F.3.7.1
Execute Privileges to Strong SYS Packages Report, 9.3.3.1
EXECUTE_CATALOG_ROLE role, 9.3.5.9
EXEMPT ACCESS POLICY system privilege, 9.3.5.3
external C callouts
EXECUTE ANY PROCEDURE privilege, F.3.8.1
security considerations, F.3.8

F

Factor Audit Report, 9.2.2.3
Factor Configuration Issues Report, 9.2.1.2
Factor Without Identities Report, 9.2.1.3
factors
about, 4.1
assignment, 4.2
disabled rule set, 9.2.1.2
incomplete rule set, 9.2.1.2
validate, 4.2
assignment operation, 9.2.2.3
audit events, custom, A.2
audit options, 4.2
child factors
about, 4.2
Factor Configuration Issues Report, 9.2.1.2
mapping, 4.4.2, 4.4.2
creating, 4.2
default factors, 4.8
deleting, 4.5
domain, finding with DVF.F$DOMAIN, D.2
editing, 4.3
error options, 4.2
evaluate, 4.2
evaluation operation, 9.2.2.3
example, 4.7
factor type
about, 4.2
selecting, 4.2
factor-identity pair mapping, 4.4.2
functionality, 4.6
functions
DVSYS.DBMS_MACADM (configuration), E.1.2
DVSYS.DBMS_MACUTL (utility), E.3
DVSYS.DBMS_MACUTL fields (constants), E.3.1
guidelines, 4.9
identifying using child factors, 4.4.2
identities
about, 4.2
adding to factor, 4.4
assigning, 4.2
configuring, 4.4.1
creating, 4.4.1
database session, 4.2
deleting, 4.4.1
determining with DVSYS.GET_FACTOR, 4.2
editing, 4.4.1
enterprise-wide users, D.2
how factor identities work, 4.2
labels, 4.2, 4.4.1
mapping, 4.2, 4.4.2
Oracle Label Security labels, 4.2
reports, 4.11
resolving, 4.2
retrieval methods, 4.2
setting dynamically, D.1.1
trust levels, 4.2, 4.4.1
with Oracle Label Security, 4.2
initialization, command rules, 5.1
invalid audit options, 9.2.1.2
label, 9.2.1.2
naming, 4.2
parent factors, 4.2
performance effect, 4.10
process flow, 4.6
reports, 4.11
retrieving, 4.6.2
retrieving with DVSYS.GET_FACTOR, D.1.2
rule sets
selecting, 4.2
used with, 4.1
setting, 4.6.3
setting with DVSYS.SET_FACTOR, D.1.1
troubleshooting
auditing report, 9.2.2.3
configuration problems, G.3
tips, G.2
type (category of factor), 4.2
validating, 4.2
values (identities), 4.1
views
DBA_DV_CODE, C.5
DBA_DV_FACTOR_LINK, C.5
DBA_DV_FACTOR_TYPE, C.5
DBA_DV_IDENTITY, C.5
DBA_DV_IDENTITY_MAP, C.5
DBA_DV_MAC_POLICY_FACTOR, C.5
ways to assign, 4.2
See also rule sets
functions
command rules
DVSYS.DBMS_MACADM (configuration), E.1.4
DVSYS.DBMS_MACUTL (utility), E.3
DVSYS schema enabling, D.1
factors
DVSYS.DBMS_MACADM (configuration), E.1.2
DVSYS.DBMS_MACUTL (utility), E.3
Oracle Label Security policy
DVSYS.DBMS_MACADM (configuration), E.1.6
realms
DVSYS.DBMS_MACADM (configuration), E.1.1
DVSYS.DBMS_MACUTL (utility), E.3
rule sets
DVSYS.DBMS_MACADM (configuration), E.1.3
DVSYS.DBMS_MACUTL (utility), E.3
PL/SQL functions for inspecting SQL, D.3
secure application roles
DVSYS.DBMS_MACADM (configuration), E.1.5
DVSYS.DBMS_MACSEC_ROLES (configuration), E.2
DVSYS.DBMS_MACUTL (utility), E.3

G

general security reports, 9.3
GRANT statement
monitoring, 10.1
guidelines
ALTER SESSION privilege, F.3.6
ALTER SYSTEM privilege, F.3.6
command rules, 5.7
CREATE ANY JOB privilege, F.3.3
CREATE EXTERNAL JOB privilege, F.3.4
CREATE JOB privilege, F.3.3
DBMS_FILE_TRANSFER package, F.3.1
factors, 4.9
general security, F
Java stored procedures, F.3.7
LogMiner packages, F.3.5
Oracle software owner, F.2.2
performance effect, 4.10
realms, 3.13
recycle bin, F.3.2
root user access, F.2.1
rule sets, 6.9
secure application roles, 7.3
SELECT_CATALOG_ROLE role, F.3.2
SYSDBA access, F.2.3
SYSOPER access, F.2.4
trusted accounts and roles, F.1
UTL_FILE package, F.3.1

H

hackers. See intruders
Hierarchical System Privileges by Database Account Report, 9.3.2.3
host names
finding with DVF.F$DATABASE_HOSTNAME, D.2

I

identifiers, converting to legal Oracle with DVSYS.DBMS_MACUTL.TO_ORACLE_IDENTIFIER function, E.3.2
identities. See factors, identities
Identity Configuration Issues Report, 9.2.1.4
IDLE_TIME resource profile, 9.3.6.2
incomplete rule set, 9.2.1.2
realm authorization, 9.2.1.5
role enablement, 9.2.1.7
initialization parameters
Check Trigger Init Parameters default rule set, 6.8
modified after installation, 1.7.2
modified by Oracle Database Vault, 1.7.2.1
reports, 9.3.6
insider threats. See intruders
intruders
Denial of Service attacks
finding tablespace quotas, 9.3.9.6
denial-of-service attacks
finding system resource limits, 9.3.6.3
eliminating audit trail, 9.3.5.10
monitoring security violations, 10.3
Oracle Database Vault addressing insider threats, 1.4
reports
AUDIT Privileges Report, 9.3.5.10
Objects Dependent on Dynamic SQL Report, 9.3.9.3
Privileges Distribution By Grantee, Owner Report, 9.3.4.2
Unwrapped PL/SQL Package Bodies Report, 9.3.9.4
SQL injection attacks, 9.3.9.3
tracking
with factor auditing, 4.2
with rule set auditing, 6.2
IP addresses
Client_IP default factor, 4.8
defined with factors, 4.1

J

Java Policy Grants Report, 9.3.9.1
Java stored procedures
EXECUTE ANY PROCEDURE privilege, F.3.7.1
guidelines on managing, F.3.7
realm protections, 3.8

L

Label Security Integration Audit Report, 9.2.2.4
labels
about, 4.4.1
See also Oracle Label Security
languages
finding with DVF.F$LANG, D.2
finding with DVF.F$LANGUAGE, D.2
name
Lang default factor, 4.8
Language default factor, 4.8
LBACSYS account
about, C.4
auditing policy, A.1
factor integration with OLS policy requirement, 8.3.3
See also Oracle Label Security
LBACSYS schema
auditing policy, A.1
listener, starting, B.3
locked out accounts, solution for, B.1
log files
database process, 2.2
logging on
Oracle Database Vault
Oracle Database Vault Owner account, 2.2
reports, Core Database Audit Report, 9.3.8
valid account and password required, 1.7.4
LogMiner packages
guidelines, F.3.5
lsnrctl process, starting, B.3

M

maintenance on Oracle Database Vault, B.1
managing user accounts and profiles on own account, Can Maintain Own Accounts default rule set, 6.8
managing user accounts and profiles, Can Maintain Accounts/Profiles default rule set, 6.8
mapping identities, 4.4.2
mixed-case identifiers
preserving with functions
command rules, E.1.4
factors, E.1.2
Oracle Label Security policies, E.1.6
rule sets, E.1.3
secure application roles, E.1.5
monitoring
activities, 10.1

N

network protocol
finding with DVF.F$NETWORK_PROTOCOL, D.2
network protocol, Network_Protocol default factor, 4.8
NOAUDIT statement
monitoring, 10.1
Non-Owner Object Trigger Report, 9.3.9.7
nonsystem database accounts, 9.3.1.3

O

O7_DICTIONARY_ACCESSIBILITY initialization parameter
with realms, 3.8
Object Access By PUBLIC Report, 9.3.1.1
Object Access Not By PUBLIC Report, 9.3.1.2
Object Dependencies Report, 9.3.1.4
object owners
nonexistent, 9.2.1.1
reports
Command Rule Configuration Issues Report, 9.2.1.1
object privilege reports, 9.3.1
objects
auditing policies, A.1
command rule objects
name, 5.2
owner, 5.2
processing, 5.4
restrictions, 5.2
dynamic SQL use, 9.3.9.3
monitoring, 10.1
object names
finding with DVSYS.DV_DICT_OBJ_NAME, D.3
object owners
finding with DVSYS.DV_DICT_OBJ_OWNER, D.3
object privileges
checking with DVSYS.DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function, E.3.2
realms
functions for registering, E.1.1
object name, 3.4
object owner, 3.4
object type, 3.4
reports
Access to Sensitive Objects Report, 9.3.3.2
Accounts with SYSDBA/SYSOPER Privilege Report, 9.3.3.4
Direct Object Privileges Report, 9.3.1.3
Execute Privileges to Strong SYS Packages Report, 9.3.3.1
Non-Owner Object Trigger Report, 9.3.9.7
Object Access By PUBLIC Report, 9.3.1.1
Object Access Not By PUBLIC Report, 9.3.1.2
Object Dependencies Report, 9.3.1.4
Objects Dependent on Dynamic SQL Report, 9.3.9.3
OS Directory Objects Report, 9.3.9.2
privilege, 9.3.1
Public Execute Privilege To SYS PL/SQL Procedures Report, 9.3.3.3
sensitive, 9.3.3
System Privileges By Privilege Report, 9.3.2.5
types
finding with DVSYS.DV_DICT_OBJ_TYPE, D.3
views, DBA_DV_REALM_OBJECT, C.5
See also database objects
Objects Dependent on Dynamic SQL Report, 9.3.9.3
OEM. See Oracle Enterprise Manager (OEM)
OLS. See Oracle Label Security
operating systems
reports
OS Directory Objects Report, 9.3.9.2
OS Security Vulnerability Privileges Report, 9.3.5.11
vulnerabilities, 9.3.5.11
ora_name_list_t, concatenating with DVSYS.DBMS_MACUTL.GET_SQL_TEXT function, E.3.2
Oracle Audit Vault
AVSYS database account, C.4
Oracle Data Guard
command-line utilities, Oracle Database Vault effects on, 1.7.1
Oracle Data Pump
utilities, affected by Oracle Database Vault, 1.7.1
Oracle Database Vault
about, 1.1
components, 1.2, 1.2.1
disabling, B
effect on other products, 1.7.1
enabling, B
error tracking, G
frequently asked questions, 1.1
integrating with other Oracle products, 8
maintenance, B.1
troubleshooting, G
Oracle Database Vault Administrator
logging on, 2.2
session time setting, 2.1
starting, 2.2
time-out value, 2.1
Oracle Database Vault Configuration Assistant (DVCA)
about, 1.2.4
running, B.4.1
Oracle Database Vault Owner account
example of logging on with, 2.2
Oracle database.See databases
Oracle Enterprise Manager
DBSNMP account, 3.12
default realm used for, 3.12
performance tools, 3.14
SYSMAN account, 3.12
Oracle Enterprise User Security, integrating with Oracle Database Vault, 8.1
Oracle Internet Directory Distinguished Name, Proxy_Enterprise_Identity default factor, 4.8
Oracle Label Security
audit events, custom, A.2
checking if installed using DVSYS.DBMS_MACUTL functions, E.3.2
database option, 1.2.6
functions
DVSYS.DBMS_MACADM (configuration), E.1.6
DVSYS.DBMS_MACUTL (utility), E.3.1
how Database Vault integrates with, 8.3.1
initialization, command rules, 5.1
integration with Oracle Database Vault
example, 8.3.4
Label Security Integration Audit Report, 9.2.2.4, 9.2.2.4
procedure, 8.3.3
requirements, 8.3.2
labels
about, 4.4.1
determining with GET_FACTOR_LABEL, D.1.6
invalid label identities, 9.2.1.4
policies
accounts that bypass, 9.3.5.3
monitoring policy changes, 10.1
nonexistent, 9.2.1.2
Oracle Policy Manager, 1.2.6
views
DBA_DV_MAC_POLICY, C.5
DBA_DV_MAC_POLICY_FACTOR, C.5
DBA_DV_POLICY_LABEL, C.5
See also LABACSYS account
Oracle Policy Manager
used with Oracle Label Security, 1.2.6
Oracle Real Application Clusters (RAC)
compatibility with Oracle Database Vault, 1.1
enabling and disabling Oracle Database Vault, B.1
multiple factor identities, 4.2
svrctl utility, affected by Oracle Database Vault, 1.7.1
Oracle Recovery Manager (RMAN)
backup scripts, 8.4.2.1
command line utility, affected by Oracle Database Vault, 1.7.1
enabling SYSDBA for, 8.4
password exposure, preventing, 8.4.2.2
securing file permissions for, 8.4.2.1
Oracle software owner, guidelines on managing, F.2.2
Oracle Technology Network (OTN), Preface
Oracle Virtual Private Database (VPD)
accounts that bypass, 9.3.5.3
GRANT EXECUTE privileges with Grant VPD Administration default rule set, 6.8
orapwd password file utility, 1.7.4
OS Directory Objects Report, 9.3.9.2
OS Security Vulnerability Privileges Report, 9.3.5.11
OS_AUTHENT_PREFIX initialization parameter, 1.7.2.1
OS_ROLES initialization parameter, 1.7.2.1

P

packages. See functions
parameters
modified after installation, 1.7.2
reports
Security Related Database Parameters Report, 9.3.6.1
parent factors. See factors
Password History Access Report, 9.3.5.6
passwords
forgotten, solution for, B.1
reports, 9.3.7
Database Account Default Password Report, 9.3.7.1
Password History Access Report, 9.3.5.6
Username/Password Tables Report, 9.3.9.5
performance effect
command rules, 5.8
realms, 3.14
reports
Resource Profiles Report, 9.3.6.2
System Resource Limits Report, 9.3.6.3
rule sets, 6.10
secure application roles, 7.7
performance tools
Database Control, realms, 3.14
Oracle Enterprise Manager
command rules, 5.8
factors, 4.10
realms, 3.14
rule sets, 6.10
secure application roles, 7.7
Oracle Enterprise Manager Database Control
command rules, 5.8
factors, 4.10
rule sets, 6.10
secure application roles, 7.7
STATSPACK
command rules, 5.8
factors, 4.10
realms, 3.14
rule sets, 6.10
secure application roles, 7.7
TKPROF
command rules, 5.8
factors, 4.10
realms, 3.14
rule sets, 6.10
secure application roles, 7.7
PL/SQL
functions, D.1
packages
summarized, D.4
unwrapped bodies, 9.3.9.4
Unwrapped PL/SQL Package Bodies Report, 9.3.9.4
procedures, D.1
PL/SQL factor functions, D.2
policy changes, monitoring, 10.1, 10.2
port number
finding, 2.2
Oracle Database Vault, 2.2
privileges
ANY privileges, C.3.3
auditing policies, A.1
checking with DVSYS.DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function, E.3.2
least privilege principle
violations to, 9.3.9.1
monitoring
GRANT statement, 10.1
REVOKE statement, 10.1
Oracle Database Vault restricting, 1.7.3
reports
Accounts With DBA Roles Report, 9.3.5.2
ALTER SYSTEM or ALTER SESSION Report, 9.3.5.5
ANY System Privileges for Database Accounts Report, 9.3.2.4
AUDIT Privileges Report, 9.3.5.10
Database Accounts With Catalog Roles Report, 9.3.5.9
Direct and Indirect System Privileges By Database Account Report, 9.3.2.2
Direct System Privileges By Database Account Report, 9.3.2.1
Hierarchical System Privileges By Database Account Report, 9.3.2.3
listed, 9.3.4
OS Directory Objects Report, 9.3.9.2
Privileges Distribution By Grantee Report, 9.3.4.1
Privileges Distribution By Grantee, Owner Report, 9.3.4.2
Privileges Distribution By Grantee, Owner, Privilege Report, 9.3.4.3
WITH ADMIN Privilege Grants Report, 9.3.5.1
WITH GRANT Privileges Report, 9.3.5.7
roles
checking with DVSYS.DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function, E.3.2
system
checking with DVSYS.DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function, E.3.2
views
DBA_DV_PUB_PRIVS, C.5
DBA_DV_USER_PRIVS, C.5
DBA_DV_USER_PRIVS_ALL, C.5
Privileges Distribution By Grantee Report, 9.3.4.1
Privileges Distribution By Grantee, Owner Report, 9.3.4.2
Privileges Distribution By Grantee, Owner, Privilege Report, 9.3.4.3
privileges using external password, 9.3.3.4
problems, diagnosing, G.1
profiles, 9.3.6
proxy users
finding with DVF.F$PROXYUSER, D.2
Public Execute Privilege To SYS PL/SQL Procedures Report, 9.3.3.3

Q

quotas
tablespace, 9.3.9.6

R

RAC. See Oracle Real Application Clusters (RAC)
Realm Audit Report, 9.2.2.1
Realm Authorization Configuration Issues Report, 9.2.1.5
realms
about, 3.1
audit events, custom, A.2
authentication-related functions, E.1.1
authorization
how realm authorizations work, 3.9
process flow, 3.9
troubleshooting, G.2
updating with DVSYS.DBMS_MACADM.UPDATE_REALM_AUTH, E.1.1
authorizations
grantee, 3.5
rule set, 3.5
creating, 3.2
default realms, 3.12
deleting, 3.7
disabling, 3.6
DV_REALM_OWNER role, C.3.6
DV_REALM_RESOURCE role, C.3.7
editing, 3.3
effect on other Oracle Database Vault components, 3.11
enabling, 3.6
example, 3.10
functions
DVSYS.DBMS_MACADM (configuration), E.1.1, E.1.1
DVSYS.DBMS_MACUTL (utility), E.3
DVSYS.DBMS_MACUTL fields (constants), E.3.1
guidelines, 3.13
how realms work, 3.8
Java stored procedures, 3.8
mixed-case, setting with DVSYS.DBMS_MACADM.SET_PRESERVE_CASE, E.1.1
object-related functions, E.1.1
performance effect, 3.14
process flow, 3.8
realm authorizations
about, 3.5
realm secured objects
deleting, 3.4
editing, 3.4
object name, 3.4
object owner, 3.4
object type, 3.4
realm system authorizations
creating, 3.5
deleting, 3.5
editing, 3.5
realm-secured objects, 3.4
reports, 3.15
roles
DV_REALM_OWNER, C.3.6
DV_REALM_RESOURCE, C.3.7
secured object, 9.2.1.5
territory a realm protects, 3.4
troubleshooting, G.2, G.3
updating with DVSYS.DBMS_MACADM.UPDATE_REALM, E.1.1
views
DBA_DV_CODE, C.5
DBA_DV_REALM, C.5
DBA_DV_REALM_AUTH, C.5
DBA_DV_REALM_OBJECT, C.5, C.5
See also rule sets
RECOVERY_CATALOG_OWNER role, 9.3.5.9
recycle bin, guidelines on managing, F.3.2
REMOTE_LOGIN_PASSWORDFILE initialization parameter, 1.7.2.1
REMOTE_OS_AUTHENT initialization parameter, 1.7.2.1
REMOTE_OS_ROLES initialization parameter, 1.7.2.1
reporting menu
report results page, 9.1.3
parameter, 9.1.3
reports
about, 9.1.1
Access to Sensitive Objects Report, 9.3.3.2
Accounts With DBA Roles Report, 9.3.5.2
Accounts with SYSDBA/SYSOPER Privilege Report, 9.3.3.4
ALTER SYSTEM or ALTER SESSION Report, 9.3.5.5
ANY System Privileges for Database Accounts Report, 9.3.2.4
AUDIT Privileges Report, 9.3.5.10
auditing, 9.2.2
BECOME USER Report, 9.3.5.4
categories of, 9.1.1
Command Rule Audit Report, 9.2.2.2
Command Rule Configuration Issues Report, 9.2.1.1
Core Database Audit Report, 9.3.8
Core Database Vault Audit Report, 9.2.2.5
Database Account Default Password Report, 9.3.7.1
Database Account Status Report, 9.3.7.2
Database Accounts With Catalog Roles Report, 9.3.5.9
Direct and Indirect System Privileges By Database Account Report, 9.3.2.2
Direct Object Privileges Report, 9.3.1.3
Direct System Privileges By Database Account Report, 9.3.2.1
Execute Privileges to Strong SYS Packages Report, 9.3.3.1
Factor Audit Report, 9.2.2.3
Factor Configuration Issues Report, 9.2.1.2
Factor Without Identities, 9.2.1.3
general security, 9.3
Hierarchical System Privileges by Database Account Report, 9.3.2.3
Identity Configuration Issues Report, 9.2.1.4
Java Policy Grants Report, 9.3.9.1
Label Security Integration Audit Report, 9.2.2.4
Non-Owner Object Trigger Report, 9.3.9.7
Object Access By PUBLIC Report, 9.3.1.1
Object Access Not By PUBLIC Report, 9.3.1.2
Object Dependencies Report, 9.3.1.4
Objects Dependent on Dynamic SQL Report, 9.3.9.3
OS Directory Objects Report, 9.3.9.2
OS Security Vulnerability Privileges, 9.3.5.11
Password History Access Report, 9.3.5.6
permissions for running, 9.1.2
privilege management, 9.3.4
Privileges Distribution By Grantee Report, 9.3.4.1
Privileges Distribution By Grantee, Owner Report, 9.3.4.2
Privileges Distribution By Grantee, Owner, Privilege Report, 9.3.4.3
Public Execute Privilege To SYS PL/SQL Procedures Report, 9.3.3.3
Realm Audit Report, 9.2.2.1
Realm Authorization Configuration Issues Report, 9.2.1.5
Resource Profiles Report, 9.3.6.2
Roles/Accounts That Have a Given Role Report, 9.3.5.8
Rule Set Configuration Issues Report, 9.2.1.6
running, 9.1.3
Secure Application Configuration Issues Report, 9.2.1.7
Secure Application Role Audit Report, 9.2.2.6
Security Policy Exemption Report, 9.3.5.3
Security Related Database Parameters, 9.3.6.1
security vulnerability, 9.3.9
System Privileges By Privilege Report, 9.3.2.5
System Resource Limits Report, 9.3.6.3
Tablespace Quotas Report, 9.3.9.6
Unwrapped PL/SQL Package Bodies Report, 9.3.9.4
Username /Password Tables Report, 9.3.9.5
WITH ADMIN Privileges Grants Report, 9.3.5.1
WITH GRANT Privileges Report, 9.3.5.7
required parameters page
% wildcard, 9.1.3
Resource Profiles Report, 9.3.6.2
resources
reports
Resource Profiles Report, 9.3.6.2
System Resource Limits Report, 9.3.6.3
REVOKE statement
monitoring, 10.1
RMAN. See Oracle Recovery Manager (RMAN)
roles
catalog-based, 9.3.5.9
Database Vault default roles, C.3
privileges, checking with DVSYS.DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function, E.3.2
role enablement in incomplete rule set, 9.2.1.7
role-based system privileges, 9.3.2.3
See also secure application roles
Roles/Accounts That Have a Given Role Report, 9.3.5.8
root access, guidelines on managing, F.2.1
Rule Set Configuration Issues Report, 9.2.1.6
rule sets
about, 6.1
adding existing rules, 6.4.2
audit options, 6.2
command rules
disabled, 9.2.1.1
how different from rule sets, 5.1
selecting for, 5.2
used with, 5.1
CONNECT role configured incorrectly, solution for, B.1
creating, 6.2
rules in, 6.4.1
default rule sets, 6.8
deleting
rule set, 6.5
rules from, 6.4.1, 6.4.1
disabled for
factor assignment, 9.2.1.2
realm authorization, 9.2.1.5
editing
rule sets, 6.3
rules in, 6.4.1
error options, 6.2
evaluation of rules, 6.4
evaluation options, 6.2
event handlers, 6.2
events firing, finding with DVSYS.DV_SYSEVENT, D.3
examples, 6.7
factors, selecting for, 4.2
factors, used with, 4.1
fail code, 6.2
fail message, 6.2
functions
DVSYS.DBMS_MACADM (configuration), E.1.3, E.1.3
DVSYS.DBMS_MACUTL (utility), E.3
DVSYS.DBMS_MACUTL fields (constants), E.3.1
PL/SQL functions for rule sets, D.3
guidelines, 6.9
how rule sets work, 6.6
incomplete, 9.2.1.1
naming, 6.2
performance effect, 6.10
process flow, 6.6
reports, 6.11
template creation, 6.2
troubleshooting, G.2, G.3
views
DBA_DV_RULE, C.5
DBA_DV_RULE_SET, C.5
DBA_DV_RULE_SET_RULE, C.5
See also command rules, factors, realms, rules, secure application roles
rules
about, 6.4
creating, 6.4.1
deleting from rule set, 6.4.1
editing, 6.4.1
existing rules, adding to rule set, 6.4.2
removing from rule set, 6.4.1
troubleshooting, G.2
views
DBA_DV_RULE, C.5
DBA_DV_RULE_SET_RULE, C.5
See also rule sets

S

schemas
DVF, C.2.2
DVSYS, C.2.1
Secure Application Configuration Issues Report, 9.2.1.7
Secure Application Role Audit Report, 9.2.2.6
secure application roles
about, 7.1
creating, 7.2
deleting, 7.4
DVSYS.DBMS_MACSEC_ROLES.SET_ROLE function, 7.2
example, 7.6
functionality, 7.5
functions
DVSYS.DBMS_MACADM (configuration), E.1.5, E.1.5
DVSYS.DBMS_MACSEC_ROLES (configuration), E.2
DVSYS.DBMS_MACSEC_ROLES package, E.2
DVSYS.DBMS_MACUTL (utility), E.3, E.3.2
DVSYS.DBMS_MACUTL fields (constants), E.3.1
guidelines on managing, 7.3
performance effect, 7.7
reports, 7.8
Rule Set Configuration Issues Report, 9.2.1.6
troubleshooting, G.3
troubleshooting with auditing report, 9.2.2.6
views
DBA_DV_ROLE, C.5
See also roles, rule sets
secure role applications
audit event, custom, A.2
security policies
monitoring changes, 10.2
security policies, Oracle Database Vault addressing, 1.5
Security Policy Exemption Report, 9.3.5.3
Security Related Database Parameters Report, 9.3.6.1
security violations
monitoring attempts, 10.3
security vulnerabilities
how Database Vault addresses, 1.6
operating systems, 9.3.5.11
reports, 9.3.9
Security Related Database Parameters Report, 9.3.6.1
root operating system directory, 9.3.9.2
SELECT statement
controlling with command rules, 5.1
SELECT_CATALOG_ROLE role, 9.3.5.9
sensitive objects reports, 9.3.3
separation of duty concept
command rules, 5.6
database accounts, C.4
database accounts, suggested, C.4
database roles, 1.7.5
Database Vault Account Manager role, C.4
Oracle Database Vault enforcing, 1.1
realms, 1.6
restricting privileges, 1.7.3
roles, C.3
sessions
audit events, custom, A.2
DVSYS.DBMS_MACUTL fields, E.3.1
finding session user with DVF.F$SESSION_USER, D.2
retrieving information with functions, E.1.2
SQL injection attacks, detecting with Object Dependent on Dynamic SQL Report, 9.3.9.3
SQL text, finding with DVSYS.DV_SQL_TEXT, D.3
SQL92_SECURITY initialization parameter, 1.7.2.1
subfactors. See child factors under factors topic
SYS schema
command rules, 5.2
SYSDBA access
effect on other products by Oracle Database Vault, 1.7.1
guidelines on managing, F.2.3
password file authentication, 1.7.4
SYSOPER access
guidelines on managing, F.2.4
password file authentication, 1.7.4
system features
disabling with Disabled rule set, 6.8
enabling with Enabled rule set, 6.8
system privileges
checking with DVSYS.DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function, E.3.2
reports
System Privileges By Privileges Report, 9.3.2.5
System Privileges By Privilege Report, 9.3.2.5
System Resource Limits Report, 9.3.6.3
system root access, guideline on managing, F.2.1

T

tablespace quotas, 9.3.9.6
Tablespace Quotas Report, 9.3.9.6
templates, for rule sets, 6.2
third party products, affected by Oracle Database Vault, B.1
time data
DVSYS.DBMS_MACUTL functions, E.3.2
trace files
about, G.1
enabling, G.1
Transparent Data Encryption, used with Oracle Database Vault, 8.2
triggers
different from object owner account, 9.3.9.7
reports, Non-Owner Object Trigger Report, 9.3.9.7
troubleshooting
access security sessions, 9.2.2.5
auditing reports, using, 9.2.2
command rules, G.1
events, G.1
factors, G.2
general diagnostic tips, G.2
locked out accounts, B.1
passwords, forgotten, B.1
realms, G.2
rule sets, G.2
rules, G.2
secure application roles, 9.2.2.6
trust levels
about, 4.4.1
determining for identities with DVSYS.GET_TRUST_LEVEL_FOR_IDENTITY, D.1.4
determining with DVSYS.GET_TRUST_LEVEL, D.1.3
factor identity, 4.4.1
factors, 4.4.1
for factor and identity requested, D.1.4
identities, 4.2
of current session identity, D.1.3
trusted users
accounts and roles that should be limited, F.2
default for Oracle Database Vault, F.1
tutorial, 2.3

U

Unwrapped PL/SQL Package Bodies Report, 9.3.9.4
user names
reports, Username/Password Tables Report, 9.3.9.5
USER_HISTORY$ table, 9.3.5.6
Username/Password Tables Report, 9.3.9.5
users
auditing policies, A.1
enterprise identities, finding with DVF.F$PROXY_ENTERPRISE_IDENTITY, D.2
enterprise-wide identities, finding with DVF.F$ENTERPRISE_IDENTITY, D.2
finding proxy user with DVF.F$PROXYUSER, D.2
finding session user with DVF.F$SESSION_USER, D.2
login user name, finding with DVSYS.DV_LOGIN_USER, D.3
utility functions. See DVSYS.DBMS_MACUTL package
UTL_FILE object, 9.3.1.4
UTL_FILE package, guidelines on managing, F.3.1

V

views
Oracle Database Vault-specific views, C.5
See also names beginning with DBA_DV
VPD. See Oracle Virtual Private Database (VPD)

W

wildcard, %, 9.1.3
WITH ADMIN Privileges Grants Report, 9.3.5.1
WITH ADMIN status, 9.3.2.1, 9.3.2.2
WITH GRANT clause, 9.3.5.7
WITH GRANT Privileges Report, 9.3.5.7