Index

A B C D E F G H I J L M N O P Q R S T U V W X

A

access control policy
- reports
  - Core Database Vault Audit Report 27.5.5
Access to Sensitive Objects Report 27.6.3.2
accounts
- See: database accounts
Accounts With DBA Roles Report 27.6.5.2
Accounts with SYSDBA/SYSOPER Privilege Report 27.6.3.4
ad hoc tools
- preventing use of 7.8.1
administrators
- DBA operations in Oracle Database Vault 13
ADRCI utility
- Database Vault E.1.7.3
alerts
- Enterprise Manager Cloud Control 13.4.2
ALTER ROLE statement
- monitoring 26.1
ALTER SESSION command rules 6.1.3.2, 17.7
- about 6.1.3.2
ALTER SESSION event command rules
- creating 17.3
- updating 17.11
ALTER SESSION privilege
- enabling trace files E.1.5
- reports, ALTER SYSTEM or ALTER SESSION Report 27.6.5.5
ALTER SESSION statement
- guidelines on managing privileges D.6.5.1
ALTER SYSTEM command rules
- deleting system event command rules 17.8
ALTER SYSTEM event command rules
- creating 17.4
- updating 17.12
ALTER SYSTEM or ALTER SESSION Report 27.6.5.5
ALTER SYSTEM privilege
- reports, ALTER SYSTEM or ALTER SESSION Report 27.6.5.5
ALTER SYSTEM statement
- guidelines on managing privileges D.6.5.1
ALTER USER statement
- monitoring 26.1
ANY System Privileges for Database Accounts Report 27.6.2.4
application containers
- Oracle Database Vault 1.8.7
AUDIT_TRAIL$ system table
- affected by AUDIT_TRAIL initialization parameter A.2.2
- archiving A.3.2
- format A.2.2
- purging A.3.3
auditing
- about A.1.1
- archiving Database Vault audit trail A.3.2
  - about A.3.1
- Core Database Audit Report 27.6.8
- DBMS_MACUTL fields 21.1.1
- purging Database Vault audit trail A.3.3
  - about A.3.1
- realms
  - DBMS_MACUTL fields 21.1.1
  - options 4.3
- reports 27.5
- rule sets
  - DBMS_MACUTL fields 21.1.1
  - options 5.4
- secure application roles
  - audit records 8.10
auditing, authorizations for
- about 13.16.1
- DBA_DV_AUDIT_ADMIN_AUTH view 25.4
- DBA_DV_AUDIT_VIEWER_AUTH view 25.5
- DBMS_MACADM.AUTHORIZE_ADMIN_VIEWER procedure 22.1.9
- DBMS_MACADM.AUTHORIZE_AUDIT_ADMIN procedure 22.1.8
- DBMS_MACADM.UNAUTHORIZE_ADMIN_USER procedure 22.1.37
- DBMS_MACADM.UNAUTHORIZE_ADMIN_VIEWER procedure 22.1.38
- granting AUDIT_ADMIN authorization 13.16.2.1
- granting AUDIT_VIEWER authorization 13.16.3.1
- Oracle Audit realm 4.2.9
- revoking AUDIT_ADMIN authorization 13.16.2.2
- revoking AUDIT_VIEWER authorization 13.16.3.2
auditing policies
- about A
- audit events
  - about A.2.1
- custom events
  - audit trail A.2.2
- events that are tracked A.2.1
- monitoring changes to 26.1
audit policy change
- monitoring 26.1
AUDIT privilege 27.6.5.10
AUDIT Privileges Report 27.6.5.10
AUDSYS.DV$CONFIGURATION_AUDIT view 25.56
AUDSYS.DV$ENFORCEMENT_AUDIT view 25.57
authentication
- Authentication_Method default factor 7.2
- command rules 6.1.1
- method, finding with DVF.F$AUTHENTICATION_METHOD 18.3.2
- realm procedures 15.1
authorizations
- Oracle Data Pump activities 13.5.1
- realms 4.7
- scheduling database jobs 13.6.1
- SQL Firewall activities 13.3.1
AUTHORIZE_MAINTENANCE_USER procedure 22.1.15

B

backup accounts 14.4
BECOME USER Report 27.6.5.4
BECOME USER system privilege
- about 27.6.5.4
break-glass accounts
- See: backup accounts
break-glass protocol 13.10.1

C

catalog-based roles 27.6.5.9
CDB_DV_STATUS view 25.2
CDBs
- Database Vault operations control 13.10.1
- preventing local users from blocking operations 13.11.1
- realms 4.1.3
  - authorizations 4.7
- rule sets 5.2
CDBS
- PDB access by infrastructure DBAs 13.10.1
client identifiers
- function to return 18.3.10
clients
- finding IP address with DVF.F$CLIENT_IP 18.3.3
code groups
- retrieving value with DBMS_MACUTL functions 21.2
Command Rule Audit Report 27.5.2
Command Rule Configuration Issues Report 27.4.1
command rules 6.1.1, 6.3, 6.4
- See also: rule sets
- about 6.1.1
- creating 6.4
- data dictionary view 6.11
- data masking 13.15.4
- default command rules 6.2
- deleting 6.6
- editing 6.4
- functions
  - DBMS_MACUTL (utility) 21
- guidelines 6.9
- how command rules work 6.7
- modifying 6.5
- objects
  - name 6.4
  - owner 6.4
- performance effect 6.10
- procedures
  - DBMS_MACADM (configuration) 17
- process flow 6.7
- propagating configuration to other databases 13.4.1
- reports 6.11
- rule sets
  - selecting 6.4
  - used with 6.1.1
- simulation mode 10.1
- troubleshooting
  - with auditing report 27.5.2
- tutorial 6.8
- views 6.11, 25.7
- with PDBs 6.1.2
common objects, preventing local users from blocking operations
- about 13.11.1
common objects, preventing local users from blocking operations of
- procedure for 13.11.2
common objects, restricting local user access to
- DBMS_MACADM.ALLOW_COMMON_OPERATION procedure 22.1.3
- finding status of 25.47
compliance
- Oracle Database Vault addressing 1.4
computer name
- finding with DVF.F$MACHINE 18.3.17
- Machine default factor 7.2
configuration
- monitoring changes 26.1
- views
  - AUDSYS.DV$CONFIGURATION_AUDIT 25.56
  - DVSYS.DV$CONFIGURATION_AUDIT 25.44
  - DVSYS.DV$ENFORCEMENT_AUDIT 25.45
configuration and enablement
- multitenant, about 3.2.1
CONFIGURE_DV procedure
- about 22.2
- configuring and enabling Database Vault with 3.2.3, 3.2.4
configuring and enabling Oracle Database Vault 3.1
CONNECT command rules
- about 6.1.3.1
- example 6.1.3.1
CONNECT events, controlling with command rules 6.1.1
core database
- troubleshooting with Core Database Vault Audit Report 27.5.5
Core Database Audit Report 27.6.8
Core Database Vault Audit Trail Report 27.5.5
CPU_PER_SESSION resource profile 27.6.6.2
CREATE ANY JOB privilege D.6.3
CREATE ANY JOB statement
- guidelines on managing privileges D.6.3
CREATE EXTERNAL JOB privilege D.6.4
CREATE JOB privilege D.6.3
CREATE JOB statement
- guidelines on managing privileges D.6.3
CREATE ROLE statement
- monitoring 26.1
CREATE USER statement
- monitoring 26.1
CTXSYS schema realm protection 4.2.4

D

Database Account Default Password Report 27.6.7.1
database accounts
- backup DV_OWNER and DV_ACCTMGR 14.4
- counting privileges of 27.6.4.1
- DBSNMP
  - granted DV_MONITOR role 14.2.10
- DVSYS 14.3.2
- LBACSYS 14.3.2
- monitoring 26.1
- reports
  - Accounts With DBA Roles Report 27.6.5.2
  - ALTER SYSTEM or ALTER SESSION Report 27.6.5.5
  - ANY System Privileges for Database Accounts Report 27.6.2.4
  - AUDIT Privileges Report 27.6.5.10
  - BECOME USER Report 27.6.5.4
  - Database Account Default Password Report 27.6.7.1
  - Database Account Status Report 27.6.7.2
  - Database Accounts With Catalog Roles Report 27.6.5.9
  - Direct and Indirect System Privileges By Database Account Report 27.6.2.2
  - Direct Object Privileges Report 27.6.1.3
  - Direct System Privileges By Database Account Report 27.6.2.1
  - Hierarchical System Privileges by Database Account Report 27.6.2.3
  - Object Access By PUBLIC Report 27.6.1.1
  - Object Access Not By PUBLIC Report 27.6.1.2
  - OS Security Vulnerability Privileges 27.6.5.11
  - Password History Access Report 27.6.5.6
  - Privileges Distribution By Grantee, Owner, Privilege Report 27.6.4.3
  - Privileges Distribution By Grantee, Owner Report 27.6.4.2
  - Privileges Distribution By Grantee Report 27.6.4.1
  - Roles/Accounts That Have a Given Role Report 27.6.5.8
  - Security Policy Exemption Report 27.6.5.3
  - WITH ADMIN Privilege Grants Report 27.6.5.1
  - WITH GRANT Privileges Report 27.6.5.7
- solution for lockouts B.1
- suggested 14.3.3
Database Account Status Report 27.6.7.2
Database Accounts With Catalog Roles Report 27.6.5.9
database administrative operations 13
database domains, Database_Domain default factor 7.2
database links
- function to return information about 18.3.11
database objects 14.1
- See also: objects
- Oracle Database Vault 14
- reports
  - Object Dependencies Report 27.6.1.4
database options, installing B.1
database roles
- about 14.2.1
- counting privileges of 27.6.4.1
- default Oracle Database Vault 14.2.1
- DV_ACCTMGR
  - about 14.2.4
- DV_ADMIN 14.2.5
- DV_AUDIT_CLEANUP 14.2.6
- DV_DATAPUMP_NETWORK_LINK 14.2.7
- DV_GOLDENGATE_ADMIN 14.2.8
- DV_GOLDENGATE_REDO_ACCESS 14.2.9
- DV_MONITOR 14.2.10
- DV_OWNER 14.2.11
- DV_PATCH_ADMIN 14.2.12
- DV_POLICY_OWNER 14.2.13
- DV_SECANALYST 14.2.14
- DV_XSTREAM_ADMIN 14.2.15
- enabled, determining with ROLE_IS_ENABLED 18.2.7
- granting Database Vault roles to users 14.2.3
- monitoring 26.1
- Oracle Database Vault, default 14.2.1
- reports
  - Accounts With DBA Roles Report 27.6.5.2
  - ALTER SYSTEM or ALTER SESSION Report 27.6.5.5
  - AUDIT Privileges Report 27.6.5.10
  - BECOME USER Report 27.6.5.4
  - Database Accounts With Catalog Roles Report 27.6.5.9
  - OS Security Vulnerability Privileges 27.6.5.11
  - Privileges Distribution By Grantee Report 27.6.4.1
  - Roles/Accounts That Have a Given Role Report 27.6.5.8
  - Security Policy Exemption Report 27.6.5.3
  - WITH ADMIN Privilege Grants Report 27.6.5.1
- separation of duty enforcement 2.3
databases
- defined with factors 7.1
- domain, Domain default factor 7.2
- event monitoring E.1.1
- grouped schemas
  - See realms 4.1.1
- host names, Database_Hostname default factor 7.2
- instance, retrieving information with functions 18.1
- instances
  - Database_Instance default factor 7.2
  - names, finding with DVF.F$DATABASE_INSTANCE 18.3.6
  - number, finding with DV_INSTANCE_NUM 16.2.3
- IP addresses
  - Database_IP default factor 7.2
  - retrieving with DVF.F$DATABASE_IP 18.3.7
- monitoring events E.1.1
- names
  - Database_Name default factor 7.2
  - retrieving with DV_DATABASE_NAME 16.2.4
  - retrieving with DVF.F$DATABASE_NAME 18.3.8
- parameters
  - Security Related Database Parameters Report 27.6.6.1
- roles that do not exist 27.4.7
- schema creation, finding with DVF.F$IDENTIFICATION_TYPE 18.3.14
- schema creation, Identification_Type default factor 7.2
- user name, Session_User default factor 7.2
database sessions 7.4.2
- controlling with Allow Sessions default rule set 5.3
- factor evaluation 7.7.1
- session user name, Proxy_User default factor 7.2
Database Vault
- See: Oracle Database Vault
- MACADM procedure for deleting operations exception 22.1.21
Database Vault Account Management realm 4.2.2
Database Vault command rule protections 6.1.1
Database Vault operations control
- adding users and packages to exception list, how works 13.10.2
- adding users and packages to exception list, procedure 13.10.4
- deleting users and packages from exception list 13.10.5
- disabling 13.10.6
- enabling 13.10.3
- MACADM procedure enabling operations control 22.1.27
- MACADM procedure for adding operations exception 22.1.1
- MACADM procedure for disabling operations control 22.1.22
Database Vault realm protection 4.1.1
Database Vault realm protections 4.1.1
data definition language (DDL)
- statement
  - controlling with command rules 6.1.1
Data Definition Language (DDL) statements
- Database Vault authorization
  - DBA_DV_DDL_AUTH view 25.11
  - granting 22.1.13
  - revoking 22.1.42
Data Dictionary realm
- data masking 13.15.2
data manipulation language (DML)
- statement
  - checking with DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED function 21.2
  - controlling with command rules 6.1.1
data masking
- about 13.15.1
- adding users to realms for 13.15.3
- creating command rule for 13.15.4
- errors that can appear 13.15.1
data Oracle Database Vault recognizes
- See: factors
DBA_DV_APP_EXCEPTION view 25.3
DBA_DV_AUDIT_ADMIN_AUTH view 25.4
DBA_DV_AUDIT_VIEWER_AUTH view 25.5
DBA_DV_CODE view 25.6
DBA_DV_COMMAND_RULE view 6.11, 25.7
DBA_DV_DATAPUMP_AUTH view 25.8
DBA_DV_DBCAPTURE_AUTH view 25.9
DBA_DV_DBREPLAY_AUTH view 25.10
DBA_DV_DDL_AUTH view 25.11
DBA_DV_DICTIONARY_ACCTS view 25.12
DBA_DV_FACTOR_LINK 25.15
DBA_DV_FACTOR_LINK view 25.15
DBA_DV_FACTOR_TYPE view 25.14
DBA_DV_FACTOR view 25.13
DBA_DV_IDENTITY_MAP view 25.17
DBA_DV_IDENTITY view 25.16
DBA_DV_JOB_AUTH view 25.18
DBA_DV_MAC_POLICY_FACTOR view 25.20
DBA_DV_MAC_POLICY view 25.19
DBA_DV_MAINTENANCE_AUTH view 25.21
DBA_DV_ORADEBUG view 25.22
DBA_DV_PATCH_ADMIN_AUDIT view 25.23
DBA_DV_POLICY_LABEL view 25.25
DBA_DV_POLICY_OBJECT view 25.26
DBA_DV_POLICY_OWNER view 25.27
DBA_DV_POLICY view 25.24
DBA_DV_PREPROCESSOR_AUTH view 25.28
DBA_DV_PROXY_AUTH view 25.29
DBA_DV_PUB_PRIVS view 25.30
DBA_DV_REALM_AUTH view 25.32
DBA_DV_REALM_OBJECT view 25.33
DBA_DV_REALM view 25.31
DBA_DV_ROLE view 25.34
DBA_DV_RULE_SET_RULE view 25.37
DBA_DV_RULE_SET view 25.36
DBA_DV_RULE view 25.35
DBA_DV_SIMULATION_LOG view 25.38
DBA_DV_SQL_FIREWALL_AUTH view 25.40
DBA_DV_STATUS view 25.39
DBA_DV_TTS_AUTH view 25.41
DBA_DV_USER_PRIVS_ALL view 25.43
DBA_DV_USER_PRIVS view 25.42
DBA_USERS_WITH_DEFPWD data dictionary view
- access to in Oracle Database Vault 2.4
DBA role
- impact of Oracle Database Vault installation 2.4
DBMS_FILE_TRANSFER package, guidelines on managing D.6.2.1
DBMS_MACADM.ADD_APP_EXCEPTION procedure 22.1.1
DBMS_MACADM.ADD_AUTH_TO_REALM procedure 15.1
DBMS_MACADM.ADD_CMD_RULE_TO_POLICY procedure 23.1, 23.5
DBMS_MACADM.ADD_FACTOR_LINK procedure 18.1.1
DBMS_MACADM.ADD_NLS_DATA
- procedure C.1
DBMS_MACADM.ADD_NLS_DATA procedure 22.1.2
DBMS_MACADM.ADD_OBJECT_TO_REALM procedure 15.2
DBMS_MACADM.ADD_OWNER_TO_POLICY procedure 23.2
DBMS_MACADM.ADD_POLICY_FACTOR procedure 18.1.2
DBMS_MACADM.ADD_REALM_TO_POLICY procedure 23.3
DBMS_MACADM.ADD_RULE_TO_RULE_SET procedure 16.1.1
DBMS_MACADM.ALLOW_COMMON_OPERATION procedure 22.1.3
DBMS_MACADM.AUTH_DATAPUMP_CREATE_USER procedure 22.1.4
DBMS_MACADM.AUTH_DATAPUMP_GRANT_ROLE procedure 22.1.6
DBMS_MACADM.AUTH_DATAPUMP_GRANT_SYSPRIV procedure 22.1.7
DBMS_MACADM.AUTH_DATAPUMP_GRANT procedure 22.1.5
DBMS_MACADM.AUTHORIZE_AUDIT_ADMIN procedure 22.1.8
DBMS_MACADM.AUTHORIZE_AUDIT_VIEWER procedure 22.1.9
DBMS_MACADM.AUTHORIZE_DATAPUMP_USER procedure 22.1.10, 22.1.39
DBMS_MACADM.AUTHORIZE_DBCAPTURE procedure 22.1.11
DBMS_MACADM.AUTHORIZE_DBREPLAY procedure 22.1.12
DBMS_MACADM.AUTHORIZE_DDL procedure 22.1.13
DBMS_MACADM.AUTHORIZE_DIAGNOSTIC_ADMIN procedure 22.1.14
DBMS_MACADM.AUTHORIZE_PREPROCESSOR procedure 22.1.16
DBMS_MACADM.AUTHORIZE_PROXY_USER procedure 22.1.17
DBMS_MACADM.AUTHORIZE_SCHEDULER_USER procedure 22.1.18
DBMS_MACADM.AUTHORIZE_SQL_FIREWALL procedure 22.1.19
DBMS_MACADM.AUTHORIZE_TTS_USER procedure 22.1.20
DBMS_MACADM.CHANGE_IDENTITY_FACTOR procedure 18.1.3
DBMS_MACADM.CHANGE_IDENTITY_VALUE procedure 18.1.4
DBMS_MACADM.CREATE_COMMAND_RULE procedure 17.1
DBMS_MACADM.CREATE_CONNECT_COMMAND_RULE procedure 17.2
DBMS_MACADM.CREATE_DOMAIN_IDENTITY procedure 18.1.5
DBMS_MACADM.CREATE_FACTOR_TYPE procedure 18.1.7
DBMS_MACADM.CREATE_FACTOR procedure 18.1.6
DBMS_MACADM.CREATE_IDENTITY_MAP procedure 18.1.9
DBMS_MACADM.CREATE_IDENTITY procedure 18.1.8
DBMS_MACADM.CREATE_MAC_POLICY procedure 20.1
DBMS_MACADM.CREATE_POLICY_LABEL procedure 20.2
DBMS_MACADM.CREATE_POLICY procedure 23.4
DBMS_MACADM.CREATE_REALM procedure 15.3
DBMS_MACADM.CREATE_ROLE procedure 19.1.1
DBMS_MACADM.CREATE_RULE_SET procedure 16.1.3
DBMS_MACADM.CREATE_RULE procedure 16.1.2
DBMS_MACADM.CREATE_SESSION_EVENT_CMD_RULE procedure 17.3
DBMS_MACADM.CREATE_SYSTEM_EVENT_CMD_RULE procedure 17.4
DBMS_MACADM.DELETE_APP_EXCEPTION procedure 22.1.21
DBMS_MACADM.DELETE_AUTH_FROM_REALM procedure 15.4
DBMS_MACADM.DELETE_COMMAND_RULE procedure 17.5
DBMS_MACADM.DELETE_CONNECT_COMMAND_RULE procedure 17.6
DBMS_MACADM.DELETE_FACTOR_LINK procedure 18.1.11
DBMS_MACADM.DELETE_FACTOR_TYPE procedure 18.1.12
DBMS_MACADM.DELETE_FACTOR procedure 18.1.10
DBMS_MACADM.DELETE_IDENTITY_MAP procedure 18.1.14
DBMS_MACADM.DELETE_IDENTITY procedure 18.1.13
DBMS_MACADM.DELETE_MAC_POLICY_CASCADE procedure 20.3
DBMS_MACADM.DELETE_OBJECT_FROM_REALM procedure 15.5
DBMS_MACADM.DELETE_OWNER_FROM_POLICY procedure 23.6
DBMS_MACADM.DELETE_POLICY_FACTOR procedure 20.4
DBMS_MACADM.DELETE_POLICY_LABEL procedure 20.5
DBMS_MACADM.DELETE_REALM_CASCADE procedure 15.7
DBMS_MACADM.DELETE_REALM_FROM_POLICY procedure 23.7
DBMS_MACADM.DELETE_REALM procedure 15.6
DBMS_MACADM.DELETE_ROLE procedure 19.1.2
DBMS_MACADM.DELETE_RULE_FROM_RULE_SET procedure 16.1.5
DBMS_MACADM.DELETE_RULE_SET procedure 16.1.6
DBMS_MACADM.DELETE_RULE procedure 16.1.4
DBMS_MACADM.DELETE_SESSION_EVENT_CMD_RULE procedure 17.7
DBMS_MACADM.DELETE_SYSTEM_EVENT_CMD_RULE procedure 17.8
DBMS_MACADM.DISABLE_APP_PROTECTION procedure 22.1.22
DBMS_MACADM.DISABLE_DV_DICTIONARY_ACCTS procedure 22.1.24
DBMS_MACADM.DISABLE_DV_PATCH_ADMIN_AUDIT procedure 22.1.25
DBMS_MACADM.DISABLE_DV procedure 22.1.23
DBMS_MACADM.DISABLE_ORADEBUG procedure 22.1.26
DBMS_MACADM.DROP_DOMAIN_IDENTITY procedure 18.1.15
DBMS_MACADM.DROP_POLICY procedure 23.8
DBMS_MACADM.ENABLE_DV_DICTIONARY_ACCTS procedure 22.1.29
DBMS_MACADM.ENABLE_DV procedure
- about 22.1.28
- configuring and enabling Database Vault with 3.2.2, 3.2.3, 3.2.4
DBMS_MACADM.ENABLE_ORADEBUG procedure 22.1.31
DBMS_MACADM.ENSABLE_DV_PATCH_ADMIN_AUDIT procedure 22.1.30
DBMS_MACADM.GET_INSTANCE_INFO function 18.1.17
DBMS_MACADM.GET_SESSION_INFO function 18.1.16
DBMS_MACADM.RENAME_FACTOR_TYPE procedure 18.1.19
DBMS_MACADM.RENAME_FACTOR procedure 18.1.18
DBMS_MACADM.RENAME_POLICY procedure 23.9
DBMS_MACADM.RENAME_REALM procedure 15.8
DBMS_MACADM.RENAME_ROLE procedure 19.1.3
DBMS_MACADM.RENAME_RULE_SET procedure 16.1.8
DBMS_MACADM.RENAME_RULE procedure 16.1.7
DBMS_MACADM.SET_DV_TRACE_LEVEL procedure 22.1.32
DBMS_MACADM.UNAUTH_DATAPUMP_CREATE_USER procedure 22.1.33
DBMS_MACADM.UNAUTH_DATAPUMP_GRANT_ROLE procedure 22.1.35
DBMS_MACADM.UNAUTH_DATAPUMP_GRANT_SYSPRIV procedure 22.1.36
DBMS_MACADM.UNAUTH_DATAPUMP_GRANT procedure 22.1.34
DBMS_MACADM.UNAUTHORIZE_AUDIT_ADMIN procedure 22.1.37
DBMS_MACADM.UNAUTHORIZE_AUDIT_VIEWER procedure 22.1.38
DBMS_MACADM.UNAUTHORIZE_DBCAPTURE procedure 22.1.40
DBMS_MACADM.UNAUTHORIZE_DBREPLAY procedure 22.1.41
DBMS_MACADM.UNAUTHORIZE_DDL procedure 22.1.42
DBMS_MACADM.UNAUTHORIZE_DIAGNOSTIC_ADMIN procedure 22.1.43
DBMS_MACADM.UNAUTHORIZE_PREPROCESSOR procedure 22.1.45
DBMS_MACADM.UNAUTHORIZE_PROXY_USER procedure 22.1.46
DBMS_MACADM.UNAUTHORIZE_SCHEDULER_USER procedure 22.1.47
DBMS_MACADM.UNAUTHORIZE_SQL_FIREWALL procedure 22.1.48
DBMS_MACADM.UNAUTHORIZE_TTS_USER procedure 22.1.49
DBMS_MACADM.UPDATE_COMMAND_RULE procedure 17.9
DBMS_MACADM.UPDATE_CONNECT_COMMAND_RULE procedure 17.10
DBMS_MACADM.UPDATE_FACTOR_TYPE procedure 18.1.21
DBMS_MACADM.UPDATE_FACTOR procedure 18.1.20
DBMS_MACADM.UPDATE_IDENTITY procedure 18.1.22
DBMS_MACADM.UPDATE_MAC_POLICY procedure 20.6
DBMS_MACADM.UPDATE_POLICY_DESCRIPTION procedure 23.10
DBMS_MACADM.UPDATE_POLICY_STATE procedure 23.11
DBMS_MACADM.UPDATE_REALM_AUTH procedure 15.10
DBMS_MACADM.UPDATE_REALM procedure 15.9
DBMS_MACADM.UPDATE_ROLE procedure 19.1.4
DBMS_MACADM.UPDATE_RULE_SET procedure 16.1.10
DBMS_MACADM.UPDATE_RULE procedure 16.1.9
DBMS_MACADM.UPDATE_SESSION_EVENT_CMD_RULE procedure 17.11
DBMS_MACADM.UPDATE_SYSTEM_EVENT_CMD_RULE procedure 17.12
DBMS_MACADM package
- about 24.1
- command rule procedures, listed 17
- factor procedures, listed 18.1
- Oracle Label Security policy procedures, listed 20
- realm procedures, listed 15
- rule set procedures, listed 16.1
- secure application role procedures, listed 19.1
DBMS_MACADM PL/SQL package contents 24.1
DBMS_MACSEC_ROLES.CAN_SET_ROLE function 19.2.1
DBMS_MACSEC_ROLES.SET_ROLE procedure 19.2.2
DBMS_MACSEC_ROLES package
- about 19.2
- functions, listed 19.2
DBMS_MACUTL.CHECK_DVSYS_DML_ALLOWED procedure 21.2.1
DBMS_MACUTL.CONTAINS_HOST function 21.2.2
DBMS_MACUTL.GET_CODE_VALUE function 21.2.3
DBMS_MACUTL.GET_DAY function 21.2.8
DBMS_MACUTL.GET_DV_TRACE_LEVEL function 21.2.4
DBMS_MACUTL.GET_HOUR function 21.2.7
DBMS_MACUTL.GET_MINUTE function 21.2.6
DBMS_MACUTL.GET_MONTH function 21.2.9
DBMS_MACUTL.GET_SECOND function 21.2.5
DBMS_MACUTL.GET_TRACE_LEVEL function 21.2.10
DBMS_MACUTL.GET_YEAR function 21.2.11
DBMS_MACUTL.IS_ALPHA function 21.2.12
DBMS_MACUTL.IS_CLIENT_IP_CONTAINED function 21.2.13
DBMS_MACUTL.IS_DIGIT function 21.2.14
DBMS_MACUTL.IS_DVSYS_OWNER function 21.2.15
DBMS_MACUTL.IS_OLS_INSTALLED_VARCHAR function 21.2.17
DBMS_MACUTL.IS_OLS_INSTALLED function 21.2.16
DBMS_MACUTL.ROLE_GRANTED_ENABLED_VARCHAR function 21.2.18
DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function 21.2.19
DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function 21.2.21
DBMS_MACUTL.USER_HAS_ROLE function 21.2.20
DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function 21.2.22
DBMS_MACUTL package
- about 21
- constants (fields)
  - examples 21.1.2
  - listed 21.1.1
- procedures and functions, listed 21.2
DBMS_MACUTL PL/SQL package contents 24.3
DBSNMP schema realm protection 4.2.3
DBSNMP user account
- granted DV_MONITOR role 14.2.10
DDL operations
- DV_PATCH_ADMIN impact 13.2.2
- performing in Oracle Database Vault 13.2
- removal of default ('%', '%') 13.2.4
- restrictions 13.2.1
- upgrades impact 13.2.3
deinstallation B
DELETE_CATALOG_ROLE role 27.6.5.9
deleting event command rules 17.7
Denial of Service (DoS) attacks
- reports
  - System Resource Limits Report 27.6.6.3
  - Tablespace Quotas Report 27.6.9.6
diagnostic view and table queries
- MACADM procedure for authorization 22.1.14
- MACADM procedure for revoking authorization 22.1.43
Direct and Indirect System Privileges By Database Account Report 27.6.2.2
Direct Object Privileges Report 27.6.1.3
direct system privileges 27.6.2.3
Direct System Privileges By Database Account Report 27.6.2.1
disabling system features with Disabled default rule set 5.3
domains
- defined with factors 7.1
- finding database domain with DVF.F$DATABASE_DOMAIN 18.3.4
- finding with DVF.F$DOMAIN 18.3.9
DROP ROLE statement
- monitoring 26.1
DROP USER statement
- monitoring 26.1
dual key connection, dual key security
- See: two-person integrity (TPI)
DV_ACCTMGR role E.4.2
- about 14.2.4
- backup account 14.4
- creating profile to protect user granted this role 3.2.6
- Database Vault disabled 14.2.4
- GRANT and REVOKE operations affected by 14.2.4
- privileges associated with 14.2.4
- realm protection 4.2.2
- system privileges of 14.2.2
DV_ADMIN role
- about 14.2.5
- changing password for user granted DV_ADMIN 14.2.5
- Database Vault disabled 14.2.5, 14.2.11
- GRANT and REVOKE operations affected by 14.2.5
- privileges associated with 14.2.5
DV_AUDIT_CLEANUP role
- about 14.2.6
- Database Vault disabled 14.2.6, 14.2.10, 14.2.14
- GRANT and REVOKE operations affected by 14.2.6
- privileges associated with 14.2.6
- system privileges of 14.2.2
DV_DATAPUMP_NETWORK_LINK role
- about 14.2.7
- Database Vault disabled 14.2.7
- GRANT and REVOKE operations affected by 14.2.7
- privileges associated with 14.2.7
DV_GOLDENDATE_REDO role
- privileges associated with 14.2.9
DV_GOLDENDGATE_ADMIN role
- Database Vault disabled 14.2.8
DV_GOLDENGATE_ADMIN role 14.2.8
- GRANT and REVOKE operations affected by 14.2.8
- privileges associated with 14.2.8
DV_GOLDENGATE_REDO_ACCESS role 14.2.9
- Database Vault disabled 14.2.9
- GRANT and REVOKE operations affected by 14.2.9
DV_MONITOR role
- about 14.2.10
- Database Vault disabled 14.2.10
- GRANT and REVOKE operations affected by 14.2.10
- privileges associated with 14.2.10
- system privileges of 14.2.2
DV_OWNER role E.4.1
- about 14.2.11
- backup account 14.4
- changing password for user granted DV_OWNER 14.2.11
- creating profile to protect user granted this role 3.2.6
- Database Vault disabled 14.2.11
- GRANT and REVOKE operations affected by 14.2.11
- privileges associated with 14.2.11
- system privileges of 14.2.2
DV_PATCH_ADMIN role 14.2.12
- Database Vault disabled 14.2.12
- DDL operations impact 13.2.2
- GRANT and REVOKE operations affected by 14.2.12
- privileges associated with 14.2.12
- SYS user 13.19
DV_POLICY_OWNER role
- about 14.2.13
- GRANT and REVOKE operations affected by 14.2.13
- privileges associated with 14.2.13
- system privileges of 14.2.2
DV_SECANALYST role
- about 14.2.14
- Database Vault disabled 14.2.14
- GRANT and REVOKE operations affected by 14.2.14
- privileges associated with 14.2.14
- system privileges of 14.2.2
DV_XSTREAM_ADMIN role 14.2.15
- Database Vault disabled 14.2.15
- GRANT and REVOKE operations affected by 14.2.15
- privileges associated with 14.2.15
DVF account
- database accounts 14.3.2
DVF PL/SQL interface contents 24.5
DVF schema 18.3
- about 14.1.2
- DBA_DV_DICTIONARY_ACCTS view 25.12
- PDBs 14.1.2
- protecting 22.1.24
- realm protection 4.2.1
DVSYS.DBA_DV_COMMON_OPERATION_STATUS view 25.47
DVSYS.DBA_DV_FACTOR_LINK view 25.15
DVSYS.DV$CONFIGURATION_AUDIT view 25.44
DVSYS.DV$ENFORCEMENT_AUDIT view 25.45
DVSYS.DV$REALM view 25.46
DVSYS.POLICY_OWNER_POLICY view 25.49
DVSYS.POLICY_OWNER_REALM_AUTH view 25.51
DVSYS.POLICY_OWNER_REALM_OBJECT view 25.52
DVSYS.POLICY_OWNER_REALM view 25.50
DVSYS.POLICY_OWNER_RULE_SET_RULE view 25.55
DVSYS.POLICY_OWNER_RULE_SET view 25.54
DVSYS.POLICY_OWNER_RULE view 25.53
DVSYS account 14.3.2
DVSYS schema
- about 14.1.1
- DBA_DV_DICTIONARY_ACCTS view 25.12
- DV_OWNER role 14.2.11
- DV_POLICY_OWNER role 14.2.13
- PDBs 14.1.1, 14.2.1
- protecting 22.1.24
- realm protection 4.2.1

E

ENABLE_APP_PROTECTION procedure 22.1.27
enabling system features with Enabled default rule set 5.3
encrypted information 27.6.9.5
enterprise identities, Enterprise_Identity default factor 7.2
Enterprise Manager
- See: Oracle Enterprise Manager
Enterprise User Security, integrating with Oracle Database Vault
- about 11.5.1
- configuring 11.5.2
- configuring Database Vault accounts as Enterpriser User accounts 11.5.3
event handler
- rule sets 5.4
example 6.1.3.2
examples 7.7.4
- See also: tutorials
- DBMS_MACUTL constants 21.1.2
- realms 4.12
- separation of duty matrix D.1.3
- trace files E.1.7.4, E.1.7.5, E.1.7.6
EXECUTE_CATALOG_ROLE role 27.6.5.9
- impact of Oracle Database Vault installation 2.4
Execute Privileges to Strong SYS Packages Report 27.6.3.1
EXEMPT ACCESS POLICY system privilege 27.6.5.3
exporting data
- See: Oracle Data Pump

F

Factor Audit Report 27.5.3
Factor Configuration Issues Report 27.4.4
factor identities
- modifying 7.4.7
factors
- about 7.1
- assignment
  - disabled rule set 27.4.4
  - incomplete rule set 27.4.4
- assignment operation 27.5.3
- audit events, custom A.2.1
- child factors
  - Factor Configuration Issues Report 27.4.4
  - mapping 7.4.6.1
- creating 7.3
- data dictionary views 7.11
- DBA_DV_FACTOR view 25.13
- DBA_DV_SIMULATION_LOG view 25.38
- DBMS_MACUTL constants, example of 21.1.4
- default factors 7.2
- deleting 7.6
- domain, finding with DVF.F$DOMAIN 18.3.9
- evaluation operation 27.5.3
- factor-identity pair mapping 7.4.6.2
- functionality 7.7
- functions
  - DBMS_MACUTL (utility) 21
  - DBMS_MACUTL constants (fields) 21.1.1
- guidelines 7.9
- identifying using child factors 7.4.6.1
- identities
  - about 7.4.1, 7.4.2
  - adding to factor 7.4
  - configuring 7.4.5
  - creating 7.4.5
  - database session 7.4.2
  - data dictionary views 7.11
  - deleting 7.4.8
  - enterprise-wide users 18.3.9
  - how factor identities work 7.4.2
  - mapping, about 7.4.6.1
  - mapping, procedure 7.4.6.2
  - reports 7.11
  - setting dynamically 18.2.2
  - trust levels 7.4.2, 7.4.5
  - with Oracle Label Security 7.4.2
- identity maps, deleting 7.4.6.3
- initialization, command rules 6.1.1
- invalid audit options 27.4.4
- label 27.4.4
- modifying 7.5
- performance effect 7.10
- procedures
  - DBMS_MACADM (configuration) 18.1
- process flow 7.7
- reports 7.11
- retrieving 7.7.3
- retrieving with GET_FACTOR 18.2.3
- setting 7.7.4
- setting with SET_FACTOR 18.2.2
- troubleshooting
  - auditing report 27.5.3
  - configuration problems E.3
  - tips E.2
- values (identities) 7.1
- views
  - DBA_DV_FACTOR_LINK 25.15
  - DBA_DV_FACTOR_TYPE 25.14
  - DBA_DV_IDENTITY 25.16
  - DBA_DV_IDENTITY_MAP 25.17
  - DBA_DV_MAC_POLICY_FACTOR 25.20
- ways to assign 7.4.2
Factor Without Identities Report 27.4.5
FLASHBACK TABLE SQL statement 4.1.1
functions
- command rules
  - DBMS_MACUTL (utility) 21
- DVSYS schema enabling 18.2
- factors
  - DBMS_MACUTL (utility) 21
- Oracle Label Security policy
  - DBMS_MACADM (configuration) 20
- realms
  - DBMS_MACUTL (utility) 21
- rule sets
  - DBMS_MACADM (configuration) 16.1
  - DBMS_MACUTL (utility) 21
  - PL/SQL functions for inspecting SQL 16.2
- secure application roles
  - DBMS_MACADM (configuration) 19.1
  - DBMS_MACSEC_ROLES (configuration) 19.2
  - DBMS_MACUTL (utility) 21

G

general security reports 27.6
GRANT statement
- monitoring 26.1
guidelines
- ALTER SESSION privilege D.6.5.1
- ALTER SYSTEM privilege D.6.5.1
- backup DV_OWNER and DV_ACCTMGR accounts 14.4
- command rules 6.9
- CREATE ANY JOB privilege D.6.3
- CREATE EXTERNAL JOB privilege D.6.4
- CREATE JOB privilege D.6.3
- DBMS_FILE_TRANSFER package D.6.2.1
- factors 7.9
- general security D
- operating system access D.2.4
- Oracle software owner D.4.2
- performance effect 7.10
- realms 4.14
- root access D.2.4
- root user access D.4.1
- rule sets 5.10
- secure application roles 8.2
- SYSDBA access D.4.3
- SYSDBA privilege, limiting D.2.3
- SYSOPER access D.4.4
- SYSTEM schema and application tables D.2.2
- SYSTEM user account D.2.1
- trusted accounts and roles D.3
- using Database Vault in a production environment D.5
- UTL_FILE package D.6.2.1

H

hackers
- See: security attacks
Hierarchical System Privileges by Database Account Report 27.6.2.3
host names
- finding with DVF.F$DATABASE_HOSTNAME 18.3.5

I

identities
- See: factors, identities
Identity Configuration Issues Report 27.4.6
IDLE_TIME resource profile 27.6.6.2
IMP_FULL_DATABASE role
- impact of Oracle Database Vault installation 2.4
importing data
- See: Oracle Data Pump
incomplete rule set 27.4.4
- role enablement 27.4.7
Information Lifecycle Management 4.1.1
- authorizations, about 13.7.1
- granting users authorization for 13.7.2
- revoking authorization from users 13.7.3
initialization parameters
- Allow System Parameters default rule set 5.3
- modified after installation 2.1
- modified by Oracle Database Vault 2.1
- reports 27.6.6
insider threats
- See: intruders
installations
- Database Vault and Label Security in a multitenant environment 3.2.7
- security considerations D.6
intruders
- See: security attacks
- compromising privileged accounts 1.5
IP addresses
- Client_IP default factor 7.2
- defined with factors 7.1

J

Java Policy Grants Report 27.6.9.1
jobs, scheduling
- See: Oracle Scheduler

L

labels 7.4.4
- See also: Oracle Label Security
- about 7.4.4
Label Security Integration Audit Report 27.5.4
languages
- adding to Oracle Database Vault C.1
- finding with DVF.F$LANG 18.3.15
- finding with DVF.F$LANGUAGE 18.3.16
- name
  - Lang default factor 7.2
  - Language default factor 7.2
LBACSYS account 14.3.2
- See also: Oracle Label Security
- about 14.3.2
LBACSYS schema
- realm protection 4.2.1
locked out accounts, solution for B.1
log files
- Database Vault log files A.2.2
logging on
- reports, Core Database Audit Report 27.6.8

M

managing user accounts and profiles
- Can Maintain Accounts/Profiles default rule set 5.3
managing user accounts and profiles on own account, Can Maintain Own Accounts default rule set 5.3
mandatory realms
- about 4.1.2
mapping identities 7.4.6.2
MDDATA schema realm protection 4.2.4
MDSYS schema realm protection 4.2.4
modules
- function to return information about 18.3.12
monitoring
- activities 26
multienant environment
- regular or strict mode 1.8.5
multitenant
- common objects 1.8.6
- Oracle Database Vault functionality in 1.8.1
multitenant container databases
- application containers 1.8.7
- Database Vault and operations control configured together 1.8.4
- Database Vault configured in one or more PDBs 1.8.2
- operations control enabled 1.8.3

N

naming conventions
- realms 4.3
- rules 5.5.3
- rule sets 5.4
network protocol
- finding with DVF.F$NETWORK_PROTOCOL 18.3.18
network protocol, Network_Protocol default factor 7.2
NOAUDIT statement
- monitoring 26.1
Non-Owner Object Trigger Report 27.6.9.7
nonsystem database accounts 27.6.1.3

O

Object Access By PUBLIC Report 27.6.1.1
Object Access Not By PUBLIC Report 27.6.1.2
Object Dependencies Report 27.6.1.4
object owners
- nonexistent 27.4.1
- reports
  - Command Rule Configuration Issues Report 27.4.1
object privilege reports 27.6.1
objects 25.33
- See also: database objects
- command rule objects
  - name 6.4
  - owner 6.4
  - processing 6.7
- dynamic SQL use 27.6.9.3
- mandatory realms 4.1.2
- monitoring 26.1
- object names
  - finding with DV_DICT_OBJ_NAME 16.2.7
- object owners
  - finding with DV_DICT_OBJ_OWNER 16.2.6
- realms
  - object name 4.3
  - object owner 4.3
  - object type 4.3
  - procedures for registering 15.2
- reports
  - Access to Sensitive Objects Report 27.6.3.2
  - Accounts with SYSDBA/SYSOPER Privilege Report 27.6.3.4
  - Direct Object Privileges Report 27.6.1.3
  - Execute Privileges to Strong SYS Packages Report 27.6.3.1
  - Non-Owner Object Trigger Report 27.6.9.7
  - Object Access By PUBLIC Report 27.6.1.1
  - Object Access Not By PUBLIC Report 27.6.1.2
  - Object Dependencies Report 27.6.1.4
  - Objects Dependent on Dynamic SQL Report 27.6.9.3
  - OS Directory Objects Report 27.6.9.2
  - privilege 27.6.1
  - Public Execute Privilege To SYS PL/SQL Procedures Report 27.6.3.3
  - sensitive 27.6.3
  - System Privileges By Privilege Report 27.6.2.5
- restricting user access to using mandatory realms 4.1.2
- types
  - finding with DV_DICT_OBJ_TYPE 16.2.5
- views, DBA_DV_REALM_OBJECT 25.33
Objects Dependent on Dynamic SQL Report 27.6.9.3
object types
- supported for Database Vault realm protection 4.1.4
OEM
- See: Oracle Enterprise Manager (OEM)
OEM_MONITOR schema realm protection 4.2.3
OLS
- See: Oracle Label Security
operating system access
- guideline for using with Database Vault D.2.4
operating systems
- reports
  - OS Directory Objects Report 27.6.9.2
  - OS Security Vulnerability Privileges Report 27.6.5.11
- vulnerabilities 27.6.5.11
ORA_DV_DEFAULT_PROTECTION predefined unified audit policy A.1.1, A.4
ORA_DV_SCHEMA_CHANGES predefined unified audit policy A.1.1, A.4
ORA-00942 error 8.8.7
ORA-01301 error 13.15.1
ORA-06512 error 21.2.1
ORA-47305 error 8.8.7
ORA-47400 error 13.15.1
ORA-47401 error 4.10.2.1, 13.15.1
ORA-47408 error 13.15.1
ORA-47409 error 13.15.1
ORA-47500 error 22.2
ORA-47503 error 3.2.3, 3.2.4
ORA-47920 error 21.2.1
Oracle APEX, integrating with Oracle Database Vault 11.6
- about 11.6.1
- authorizing APEX schema 11.6.3
- authorizing Oracle Scheduler 11.6.4
- DDL tasks 11.6.5
- installing or upgrading Oracle APEX 11.6.2
- maintenance tasks 11.6.6
- protected objects 11.6.8
- proxy users for ORDS 11.6.7
- troubleshooting 11.6.9
Oracle Database Replay
- authorizations, about 13.8.1
- Database Vault authorization
  - granting for workload captures 22.1.11
  - granting for workload replays 22.1.12
  - revoking for workload captures 22.1.40
  - revoking for workload replays 22.1.41
- granting users authorization for workload capture operations 13.8.2.1
- granting users authorization for workload replay operations 13.8.2.2
- revoking workload capture authorization from users 13.8.3.1
- revoking workload replay authorization from users 13.8.3.2
Oracle Database Vault
- about 1.1.1
- components 1.3, 1.3.1
- configuring and enabling
  - using DBCA 3.1
- disabling
  - procedures for B
  - reasons for B.1
- enabling
  - procedures for B
- integrating with other Oracle products 11
- Oracle Database installation, affect on 2
- post-installation procedures C
- privileges to use 1.2
- reinstalling C.3
- roles
  - system privileges of 14.2.2
- uninstalling C.2
Oracle Database Vault accounts
- created during registration 14.3.1
Oracle Database Vault Administrator (DVA)
- logging on from Oracle Enterprise Manager Cloud Control 3.4
Oracle Database Vault Administrator pages 1.3.5
Oracle Database Vault configuration and enablement
- common users to manage specific PDBs 3.2.3
- common user to manage CDB root 3.2.2
- local users to manage specific PDBs 3.2.4
Oracle Database Vault configuring and enabling
- about 3.1
Oracle Database Vault operations control
- about 13.10.1
Oracle Database Vault policies
- about 9.1.1
- creating 9.3
- data dictionary views 9.6
- default 9.2
- deleting 9.5
- in multitenant environment 9.1.2
- modifying 9.4
Oracle Database Vault realm 4.2.1
Oracle Database Vault registration
- creating profile to protect DV_OWNER and DV_ACCTMGR users 3.2.6
- verifying configuration and enablement 3.3
Oracle Data Guard
- integrating Database Vault with 11.3
Oracle Data Guard, integrating with Oracle Database Vault
- configuring primary database 11.3.1
- configuring standby database 11.3.2
- disabling Oracle Database Vault 11.3.4
- how auditing works after integration 11.3.3
Oracle Data Pump
- archiving the Oracle Database Vault audit trail with A.3.2
- authorizing transportable tablespace operations for Database Vault 13.5.3.3
- DBA_DV_DATAPUMP_AUTH view 25.8
- DBA_DV_TTS_AUTH view 25.41
- DBMS_MACADM.AUTH_DATAPUMP_CREATE_USER procedure 22.1.4
- DBMS_MACADM.AUTH_DATAPUMP_GRANT_ROLE procedure 22.1.6
- DBMS_MACADM.AUTH_DATAPUMP_GRANT_SYSPRIV procedure 22.1.7
- DBMS_MACADM.AUTH_DATAPUMP_GRANT procedure 22.1.5
- DBMS_MACADM.AUTHORIZE_TTS_USER 22.1.20
- DBMS_MACADM.UNAUTH_DATAPUMP_CREATE_USER procedure 22.1.33
- DBMS_MACADM.UNAUTH_DATAPUMP_GRANT_ROLE procedure 22.1.35
- DBMS_MACADM.UNAUTH_DATAPUMP_GRANT_SYSPRIV procedure 22.1.36
- DBMS_MACADM.UNAUTH_DATAPUMP_GRANT procedure 22.1.34
- DBMS_MACADM.UNAUTHORIZE_TTS_USER 22.1.49
- granting authorization to use with Database Vault 13.5.2.3
- guidelines before performing an export or import 13.5.4
- levels of authorization required
  - Oracle Data Pump only 13.5.2.2
  - transportable tablespaces 13.5.3.2
- MACADM procedure for authorization 22.1.10
- realm protection 4.2.5
- revoking standard authorization 13.5.2.4
- revoking transportable tablespace authorization 13.5.3.4
- using with Oracle Database Vault 13.5.1
Oracle Default Component Protection Realm 4.2.6
Oracle Default Schema Protection Realm 4.2.4
Oracle Enterprise Manager
- DBSNMP account
  - granted DV_MONITOR role 14.2.10
- using Oracle Database Vault with 13.4
Oracle Enterprise Manager Cloud Control
- monitoring Database Vault for attempted violations 14.2.10
- propagating Database Vault configurations to other databases 13.4.1
- starting Oracle Database Vault from 3.4
Oracle Enterprise Manager realm 4.2.3
Oracle Enterprise User Security, integrating with Oracle Database Vault 11.5
Oracle Flashback Technology 4.1.1, 6.1.1
Oracle GoldenGate
- Database Vault role used for
  - DV_GOLDENGATE_ADMIN 14.2.8
  - DV_GOLDENGATE_REDO_ACCESS 14.2.9
- in an Oracle Database Vault environment 13.14
Oracle GoldenGate Protection Realm 4.2.8
Oracle Internet Directory, integrating with Oracle Database Vault 11.4
Oracle Internet Directory Distinguished Name, Proxy_Enterprise_Identity default factor 7.2
Oracle Label Security
- using OLS_LABEL_DOMINATES function in rule expressions 16.1.2
Oracle Label Security, integrating with Oracle Database Vault
- about 11.2.1
- data dictionary views 11.2.5
- factors, about 11.2.3.1
- factors, configuring 11.2.3.2
- reports 11.2.5
- requirements 11.2.2
- tutorial 11.2.4
Oracle Label Security (OLS) 14.3.2
- See also: LBACSYS account
- audit events, custom A.2.1
- checking if installed using DBMS_MACUTL functions 21.2
- functions
  - DBMS_MACUTL (utility) 21.1.1
- initialization, command rules 6.1.1
- integration with Oracle Database Vault
  - example 11.2.4.1
  - Label Security Integration Audit Report 27.5.4
- labels
  - about 7.4.4
  - determining with GET_FACTOR_LABEL 18.2.4
  - invalid label identities 27.4.6
- policies
  - accounts that bypass 27.6.5.3
  - monitoring policy changes 26.1
  - nonexistent 27.4.4
- procedures
  - DBMS_MACADM (configuration) 20
- views
  - DBA_DV_MAC_POLICY 25.19
  - DBA_DV_MAC_POLICY_FACTOR 25.20
  - DBA_DV_POLICY_LABEL 25.25
Oracle Label Security realm 4.2.7
Oracle OLAP realm protection 4.2.4
Oracle Real Application Clusters
- configuring and enabling Database Vault on Oracle RAC nodes 3.2.5
- multiple factor identities 7.4.2
- uninstalling Oracle Database Vault from C.2
Oracle Recovery Manager (RMAN)
- in an Oracle Database Vault environment 13.12
Oracle Scheduler
- DBA_DV_JOB_AUTH view 25.18
- granting Oracle Database Vault authorization 13.6.2
- realm protection 4.2.5
- revoking Oracle Database Vault authorization 13.6.3
- SCHEDULER_ADMIN role, impact of Oracle Database Vault installation 2.4
- using with Oracle Database Vault 13.6.1
Oracle software owner, guidelines on managing D.4.2
Oracle Spatial realm protection 4.2.4
Oracle SQL Firewall
- DBMS_MACADM.AUTHORIZE_SQL_FIREWALL procedure 22.1.19
- DBMS_MACADM.UNAUTHORIZE_SQL_FIREWALL procedure 22.1.48
- granting authorization to use with Database Vault 13.3.2
- using with Oracle Database Vault 13.3.1
Oracle System Privilege and Role Management Realm 4.2.5
Oracle Text realm protection 4.2.4
Oracle Virtual Private Database (VPD)
- accounts that bypass 27.6.5.3
- GRANT EXECUTE privileges with Grant VPD Administration default rule set 5.3
- using Database Vault factors with Oracle Label Security 11.2.4.1
ORADEBUG utility
- about 13.18
- DBA_DV_ORADEBUG view 25.22
- PL/SQL procedure for disabling in Database Vault 22.1.26
- PL/SQL procedure for enabling in Database Vault 22.1.31
- using with Database Vault 13.18
OS_ROLES initialization parameter 2.1
OS Directory Objects Report 27.6.9.2
OS Security Vulnerability Privileges Report 27.6.5.11
OUTLN schema realm protection 4.2.6

P

parameters
- modified after installation 2.1
- reports
  - Security Related Database Parameters Report 27.6.6.1
Password History Access Report 27.6.5.6
passwords
- forgotten, solution for B.1
- reports 27.6.7
  - Database Account Default Password Report 27.6.7.1
  - Password History Access Report 27.6.5.6
  - Username/Password Tables Report 27.6.9.5
- resetting for DV_ACCTMGR user E.4.2
- resetting for DV_OWNER user E.4.1
patches
- auditing DV_PATCH_ADMIN user 14.2.12
- DBMS_MACADM.DISABLE_DV_PATCH_ADMIN_AUDIT procedure 22.1.25
- DBMS_MACADM.ENSABLE_DV_PATCH_ADMIN_AUDIT procedure 22.1.30
- DV_PATCH_ADMIN requirement for 14.2.12
- security consideration D.6
- two-person integrity used for 5.9.1
patch operations in Database Vault environment 13.19
PDBs
- command rules in 6.1.2
- Database Vault and operations control configured together 1.8.4
- Database Vault configured in one or more 1.8.2
- disabling tracing
  - all database sessions E.1.8.4
  - current database session E.1.8.4
- DVF schema 14.1.2
- DVSYS schema 14.1.1, 14.2.1
- enabling tracing
  - all database sessions E.1.5.4
  - current database session E.1.5.3
- operations control enabled 1.8.3
- plugging Database Vault-enabled PDB to CDB 13.17
performance effect
- command rules 6.10
- realms 4.15
- reports
  - Resource Profiles Report 27.6.6.2
  - System Resource Limits Report 27.6.6.3
- rule sets 5.11
- secure application roles 8.9
- static evaluation for rule sets 5.11
performance tools
- Automatic Workload Repository (AWR)
  - command rules 6.10
  - factors 7.10
  - Oracle Enterprise Manager
    - performance tools 4.15
  - performance tools
    - Cloud Control, realms 4.15
    - Oracle Enterprise Manager
      - realms 4.15
  - realms 4.15
  - rule sets 5.11
  - secure application roles 8.9
- Oracle Enterprise Manager
  - command rules 6.10
  - factors 7.10
  - performance tools
    - Oracle Enterprise Manager Cloud Control
      - command rules 6.10
  - rule sets 5.11
  - secure application roles 8.9
- Oracle Enterprise Manager Cloud Control
  - factors 7.10
  - rule sets 5.11
  - secure application roles 8.9
- TKPROF utility
  - command rules 6.10
  - factors 7.10
  - realms 4.15
  - rule sets 5.11
  - secure application roles 8.9
PL/SQL
- packages
  - unwrapped bodies 27.6.9.4
  - Unwrapped PL/SQL Package Bodies Report 27.6.9.4
PL/SQL factor functions 18.3
policies
- See: Oracle Database Vault policies
POLICY_OWNER_COMMAND_RULE view 25.48
policy changes, monitoring 26.1
post-installation procedures C
predefined unified audit policies
- ORA_DV_DEFAULT_PROTECTION A.4
- ORA_DV_SCHEMA_CHANGES A.4
preprocessor programs
- about executing in Database Vault environment 13.9.1
- authorizing users in Database Vault environment 13.9.2
- Database Vault authorization
  - granting 22.1.16
  - revoking 22.1.45
- revoking authorization from Database Vault users 13.9.3
privileges
- checking with DBMS_MACUTL.USER_HAS_OBJECT_PRIVILEGE function 21.2
- existing users and roles, Database Vault affect on 2.4
- least privilege principle
  - violations to 27.6.9.1
- monitoring
  - GRANT statement 26.1
  - REVOKE statement 26.1
- Oracle Database Vault restricting 2.2
- prevented from existing users and roles 2.5
- reports
  - Accounts With DBA Roles Report 27.6.5.2
  - ALTER SYSTEM or ALTER SESSION Report 27.6.5.5
  - ANY System Privileges for Database Accounts Report 27.6.2.4
  - AUDIT Privileges Report 27.6.5.10
  - Database Accounts With Catalog Roles Report 27.6.5.9
  - Direct and Indirect System Privileges By Database Account Report 27.6.2.2
  - Direct System Privileges By Database Account Report 27.6.2.1
  - Hierarchical System Privileges By Database Account Report 27.6.2.3
  - listed 27.6.4
  - OS Directory Objects Report 27.6.9.2
  - Privileges Distribution By Grantee, Owner, Privilege Report 27.6.4.3
  - Privileges Distribution By Grantee, Owner Report 27.6.4.2
  - Privileges Distribution By Grantee Report 27.6.4.1
  - WITH GRANT Privileges Report 27.6.5.7
- restricting access using mandatory realms 4.1.2
- roles
  - checking with DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function 21.2
- system
  - checking with DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function 21.2
- views
  - DBA_DV_PUB_PRIVS 25.30
  - DBA_DV_USER_PRIVS 25.42
  - DBA_DV_USER_PRIVS_ALL 25.43
Privileges Distribution By Grantee, Owner, Privilege Report 27.6.4.3
Privileges Distribution By Grantee, Owner Report 27.6.4.2
Privileges Distribution By Grantee Report 27.6.4.1
privileges using external password 27.6.3.4
problems, diagnosing E.1.1
procedures
- command rules
  - .DBMS_MACADM (configuration) 17
- factors
  - DBMS_MACADM (configuration) 18.1
- realms
  - DBMS_MACADM (configuration) 15
production environments
- guidelines for securing D.5
profiles 27.6.6
proxy user authorization
- Database Vault authorization
  - DBA_DV_PROXY_AUTH view 25.29
  - granting 22.1.17
  - revoking 22.1.46
proxy users
- function to return name of 18.3.20
PUBLIC access to realms 4.9
Public Execute Privilege To SYS PL/SQL Procedures Report 27.6.3.3
PUBLIC user account
- impact of Oracle Database Vault installation 2.4

Q

quotas
- tablespace 27.6.9.6

R

Realm Audit Report 27.5.1
Realm Authorization Configuration Issues Report 27.4.3
realm authorizations:multitenant environment 4.7
realms 4.3
- See also: rule sets
- about 4.1.1
- adding roles to as grantees 4.14
- audit events, custom A.2.1
- authentication-related procedures 15.1
- authorization
  - enabling access to realm-protected objects 4.11
  - how realm authorizations work 4.10
  - process flow 4.10
  - troubleshooting E.2
- authorizations
  - grantee 4.3
  - rule set 4.3
- authorizations in multitenant environment 4.8
- creating 4.3
- creating names 4.3
- Database Vault Account Management realm 4.2.2
- data dictionary views 4.16
- data masking 13.15.3
- DBMS_MACUTL constants, example of 21.1.2
- default realms
  - listed 4.2
- deleting 4.5
- effect on other Oracle Database Vault components 4.13
- enabling access to realm-protected objects 4.11
- example 4.12
- functions
  - DBMS_MACUTL (utility) 21
  - DBMS_MACUTL constants (fields) 21.1.1
- guidelines 4.14
- how realms work 4.9
- mandatory realms 4.1.2
- modifying 4.4
- multitenant environment
  - about 4.1.3
- naming conventions 4.3
- object-related procedures 15.2
- object types, supported 4.1.4
- Oracle Audit realm 4.2.9
- Oracle Database Vault realm 4.2.1
- Oracle Default Component Protection Realm 4.2.6
- Oracle Default Schema Protection Realm 4.2.4
- Oracle Enterprise Manager realm 4.2.3
- Oracle GoldenGate Protection Realm 4.2.8
- Oracle Label Security realm 4.2.7
- Oracle System Privilege and Role Management Realm 4.2.5
- performance effect 4.15
- procedures
  - DBMS_MACADM (configuration) 15
- process flow 4.9
- propagating configuration to other databases 13.4.1
- protection after object is dropped 4.14
- PUBLIC access 4.9
- realm authorizations
  - about 4.7
- realm secured objects
  - object name 4.3
  - object owner 4.3
  - object type 4.3
- realm-secured objects 4.6
- reports 4.16
- secured object 27.4.3
- simulation mode 10.1
- territory a realm protects 4.6
- troubleshooting E.2, E.3
- tutorial 3.5.1
- views
  - DBA_DV_CODE 25.6
  - DBA_DV_MAINTENANCE_AUTH 25.21
  - DBA_DV_POLICY 25.24
  - DBA_DV_POLICY_OBJECT 25.26
  - DBA_DV_POLICY_OWNER 25.27
  - DBA_DV_REALM 25.31
  - DBA_DV_REALM_OBJECT 25.33
  - DBS_DV_REALM_AUTH 25.32
  - DVSYS.POLICY_OWNER_COMMAND_RULE 25.48
  - DVSYS.POLICY_OWNER_POLICY 25.49
  - DVSYS.POLICY_OWNER_REALM 25.50
  - DVSYS.POLICY_OWNER_REALM_AUTH 25.51
  - DVSYS.POLICY_OWNER_REALM_OBJECT 25.52
  - DVSYS.POLICY_OWNER_RULE 25.53
  - DVSYS.POLICY_OWNER_RULE_SET 25.54
  - DVSYS.POLICY_OWNER_RULE_SET_RULE 25.55
recovering lost password E.4.1, E.4.2
RECOVERY_CATALOG_OWNER role 27.6.5.9
RECYCLEBIN initialization parameter
- default setting in Oracle Database Vault 2.1
reinstalling Oracle Database Vault C.3
REMOTE_LOGIN_PASSWORDFILE initialization parameter 2.1
reports
- about 27.1
- Access to Sensitive Objects Report 27.6.3.2
- Accounts With DBA Roles Report 27.6.5.2
- Accounts with SYSDBA/SYSOPER Privilege Report 27.6.3.4
- ALTER SYSTEM or ALTER SESSION Report 27.6.5.5
- ANY System Privileges for Database Accounts Report 27.6.2.4
- auditing 27.5
- AUDIT Privileges Report 27.6.5.10
- BECOME USER Report 27.6.5.4
- categories of 27.1
- Command Rule Audit Report 27.5.2
- Command Rule Configuration Issues Report 27.4.1
- Core Database Audit Report 27.6.8
- Core Database Vault Audit Trail Report 27.5.5
- Database Account Default Password Report 27.6.7.1
- Database Account Status Report 27.6.7.2
- Database Accounts With Catalog Roles Report 27.6.5.9
- Direct and Indirect System Privileges By Database Account Report 27.6.2.2
- Direct Object Privileges Report 27.6.1.3
- Direct System Privileges By Database Account Report 27.6.2.1
- Enterprise Manager Cloud Control 13.4.3
- Execute Privileges to Strong SYS Packages Report 27.6.3.1
- Factor Audit Report 27.5.3
- Factor Configuration Issues Report 27.4.4
- Factor Without Identities 27.4.5
- general security 27.6
- Hierarchical System Privileges by Database Account Report 27.6.2.3
- Identity Configuration Issues Report 27.4.6
- Java Policy Grants Report 27.6.9.1
- Label Security Integration Audit Report 27.5.4
- Non-Owner Object Trigger Report 27.6.9.7
- Object Access By PUBLIC Report 27.6.1.1
- Object Access Not By PUBLIC Report 27.6.1.2
- Object Dependencies Report 27.6.1.4
- Objects Dependent on Dynamic SQL Report 27.6.9.3
- OS Directory Objects Report 27.6.9.2
- OS Security Vulnerability Privileges 27.6.5.11
- Password History Access Report 27.6.5.6
- permissions for running 27.2
- privilege management 27.6.4
- Privileges Distribution By Grantee, Owner, Privilege Report 27.6.4.3
- Privileges Distribution By Grantee, Owner Report 27.6.4.2
- Privileges Distribution By Grantee Report 27.6.4.1
- Public Execute Privilege To SYS PL/SQL Procedures Report 27.6.3.3
- Realm Audit Report 27.5.1
- Realm Authorization Configuration Issues Report 27.4.3
- Resource Profiles Report 27.6.6.2
- Roles/Accounts That Have a Given Role Report 27.6.5.8
- Rule Set Configuration Issues Report 27.4.2
- running 27.3
- Secure Application Configuration Issues Report 27.4.7
- Secure Application Role Audit Report 27.5.6
- Security Policy Exemption Report 27.6.5.3
- Security Related Database Parameters 27.6.6.1
- security vulnerability 27.6.9
- System Privileges By Privilege Report 27.6.2.5
- System Resource Limits Report 27.6.6.3
- Tablespace Quotas Report 27.6.9.6
- Unwrapped PL/SQL Package Bodies Report 27.6.9.4
- Username /Password Tables Report 27.6.9.5
- WITH ADMIN Privileges Grants Report 27.6.5.1
- WITH GRANT Privileges Report 27.6.5.7
Resource Profiles Report 27.6.6.2
resources
- reports
  - Resource Profiles Report 27.6.6.2
  - System Resource Limits Report 27.6.6.3
REVOKE statement
- monitoring 26.1
roles 8.1
- See also: secure application roles
- adding to realms as grantees 4.14
- catalog-based 27.6.5.9
- Database Vault default roles 14.2.1
- handling protected roles for named users 13.1.3
- identifying roles not protected by a realm 13.1.2
- identifying roles protected by a realm 13.1.1
- identifying roles protected by realm with SYS authorization 13.1.4
- privileges, checking with DBMS_MACUTL.USER_HAS_ROLE_VARCHAR function 21.2
- role-based system privileges 27.6.2.3
- role enablement in incomplete rule set 27.4.7
Roles/Accounts That Have a Given Role Report 27.6.5.8
root access
- guideline for using with Database Vault D.2.4
- guidelines on managing D.4.1
rules 5.5.1
- See also: rule sets
- about 5.5.1
- creating 5.5.3
- creating names 5.5.3
- data dictionary views 5.13
- default 5.5.2
- default, no longer supported 5.12
- deleting 5.5.6
- deleting from rule set 5.5.6
- existing rules, adding to rule set 5.5.4
- modifying 5.5.5
- naming conventions 5.5.3
- nested within a rule set 5.8.2
- removing from rule set 5.5.6
- reports 5.13
- troubleshooting E.2
- views
  - DBA_DV_RULE 25.35
  - DBA_DV_RULE_SET_RULE 25.37
Rule Set Configuration Issues Report 27.4.2
rule sets 5.1
- See also: command rules, factors, realms, rules, secure application roles
- about 5.1
- adding existing rules 5.5.4
- auditing
  - intruders
    - using rule sets 5.4
- audit options 5.4
- command rules
  - disabled 27.4.1
  - selecting for 6.4
  - used with 6.1.1
- creating 5.4
  - rules in 5.5.3
- creating names 5.4
- data dictionary views 5.13
- DBMS_MACUTL constants, example of 21.1.3
- default, no longer supported 5.12
- default rules 5.5.2
- default rule sets 5.3
- deleting 5.7
  - rules from 5.5.6
- disabled for
  - factor assignment 27.4.4
  - realm authorization 27.4.3
- evaluation of rules 5.5.1
- event handlers 5.4
- events firing, finding with DV_SYSEVENT 16.2.1
- fail code 5.4
- fail message 5.4
- functions
  - DBMS_MACADM (configuration) 16.1
  - DBMS_MACUTL (utility) 21
  - DBMS_MACUTL constants (fields) 21.1.1
  - PL/SQL functions for rule sets 16.2
- guidelines 5.10
- how rule sets work 5.8.1
- incomplete 27.4.1
- modifying 5.6
- multitenant environment
  - about 5.2
- naming conventions 5.4
- nested rules 5.8.2
- performance effect 5.11
- procedures
  - DBMS_MACADM (configuration) 16.1
- process flow 5.8.1
- propagating configuration to other databases 13.4.1
- reports 5.13
- rule sets
  - evaluation options 5.4
- rules that exclude one user 5.8.3
- security attacks
  - tracking
    - with rule set auditing 5.4
- static evaluation 5.10
- troubleshooting E.2, E.3
- views
  - DBA_DV_RULE 25.35
  - DBA_DV_RULE_SET 25.36
  - DBA_DV_RULE_SET_RULE 25.37
rules sets
- audit event, custom A.2.1

S

SCHEDULER_ADMIN role
- impact of Oracle Database Vault installation 2.4
scheduling database jobs
- CREATE EXTERNAL JOB privilege security consideration D.6.4
scheduling jobs
- See: Oracle Scheduler
schemas
- DVF 14.1.2
- DVSYS 14.1.1
Secure Application Configuration Issues Report 27.4.7
secure application role 8.1
Secure Application Role Audit Report 27.5.6
secure application roles 8.1
- See also: roles, rule sets
- audit event, custom A.2.1
- creating 8.3
- data dictionary view 8.10
- DBMS_MACSEC_ROLES.SET_ROLE function 8.3
- deleting 8.6
- enabling Oracle Database roles to work with Oracle Database Vault 8.4
- functionality 8.7
- functions
  - DBMS_MACADM (configuration) 19.1
  - DBMS_MACSEC_ROLES (configuration) 19.2
  - DBMS_MACSEC_ROLES package 19.2
  - DBMS_MACUTL (utility) 21
  - DBMS_MACUTL constants (fields) 21.1.1
- guidelines on managing 8.2
- modifying 8.5
- performance effect 8.9
- procedure
  - DBMS_MACADM (configuration) 19.1
- procedures and functions
  - DBMS_MACUTL (utility) 21.2
- propagating configuration to other databases 13.4.1
- reports 8.10
  - Rule Set Configuration Issues Report 27.4.2
- troubleshooting E.3
- troubleshooting with auditing report 27.5.6
- tutorial 8.8.1
- views
  - DBA_DV_ROLE 25.34
security attacks
- Denial of Service (DoS) attacks
  - finding system resource limits 27.6.6.3
- Denial of Service attacks
  - finding tablespace quotas 27.6.9.6
- eliminating audit trail 27.6.5.10
- monitoring security violations 26.1
- Oracle Database Vault addressing compromised privileged user accounts 1.5
- reports
  - AUDIT Privileges Report 27.6.5.10
  - Objects Dependent on Dynamic SQL Report 27.6.9.3
  - Privileges Distribution By Grantee, Owner Report 27.6.4.2
  - Unwrapped PL/SQL Package Bodies Report 27.6.9.4
- SQL injection attacks 27.6.9.3
security policies, Oracle Database Vault addressing 1.6
Security Policy Exemption Report 27.6.5.3
Security Related Database Parameters Report 27.6.6.1
security violations
- monitoring attempts 26.1
security vulnerabilities
- how Database Vault addresses 1.7
- operating systems 27.6.5.11
- reports 27.6.9
  - Security Related Database Parameters Report 27.6.6.1
- root operating system directory 27.6.9.2
SELECT_CATALOG_ROLE role 27.6.5.9
sensitive objects reports 27.6.3
separation of duty concept
- about D.1.1
- command rules 6.2
- database accounts, suggested 14.3.3
- database roles 2.3
- documenting tasks D.1.4
- example matrix D.1.3
- how Oracle Database Vault addresses 2.3
- realms 1.7
- restricting privileges 2.2
- roles 14.2.1
- tasks in Oracle Database Vault environment D.1.2
session event command rule
- updating 17.11
session event command rules
- creating for events 17.3
- deleting 17.7
sessions
- audit events, custom A.2.1
- DBMS_MACUTL fields 21.1.1
- finding session user with DVF.F$SESSION_USER 18.3.21
- retrieving information with functions 18.1
simulation mode
- about 10.1
- use cases 10.2
simulation mode, realms
- considerations 10.3.1
- use cases
  - adding authorized users to a realm 10.3.6
  - adding new objects to a realm 10.3.4
  - all in simulation mode 10.3.2
  - new realms introduced to existing realms 10.3.3
  - removing authorized users from a realm 10.3.7
  - removing objects from a realm 10.3.5
  - testing new changes to an existing command rule 10.3.9
  - testing new factors with realms 10.3.8
SQL92_SECURITY initialization parameter 2.1
SQL Firewall
- revoking authorization to use with Database Vault 13.3.3
SQL injection attacks, detecting with Object Dependent on Dynamic SQL Report 27.6.9.3
SQL statements
- default command rules that protect 6.2
SQL statements protected by 6.3
SQL text, finding with DV_SQL_TEXT 16.2.8
subfactors
- See: child factors under factors topic
SYSDBA access
- guidelines on managing D.4.3
SYSDBA privilege
- limiting, importance of D.2.3
SYSOPER access
- guidelines on managing D.4.4
system event command rule
- updating 17.12
system event command rules
- creating 17.4
- deleting 17.8
system features
- disabling with Disabled rule set 5.3
- enabling with Enabled rule set 5.3
system privileges
- checking with DBMS_MACUTL.USER_HAS_SYSTEM_PRIVILEGE function 21.2
- Oracle Database Vault roles 14.2.2
- reports
  - System Privileges By Privileges Report 27.6.2.5
System Privileges By Privilege Report 27.6.2.5
System Resource Limits Report 27.6.6.3
system root access, guideline on managing D.4.1
SYSTEM schema
- application tables in D.2.2
- realm protection 4.2.6
SYSTEM user account
- guidelines for using with Database Vault D.2.1
SYS user, patch operations 13.19
SYS user account
- adding to realm authorization 4.14

T

tablespace quotas 27.6.9.6
Tablespace Quotas Report 27.6.9.6
time data
- DBMS_MACUTL functions 21.2
trace files
- about E.1.1
trace files, Oracle Database Vault
- about E.1.1
- activities that can be traced E.1.2
- ADRCI utility E.1.7.3
- directory location for trace files E.1.7.1
- disabling for all sessions using ALTER SYSTEM E.1.8.2
- disabling for all sessions using DBMS_MACADM.SET_DV_TRACE_LEVEL E.1.8.1
- disabling for current session E.1.8.3
- enabling for all sessions using ALTER SYSTEM E.1.5.2
- enabling for all sessions using DBMS_MACADM.SET_DV_TRACE_LEVEL E.1.5.1
- enabling for current session E.1.5.3
- examples
  - highest level on realm violations E.1.7.6
  - high level authorization E.1.7.5
  - low level realm violations E.1.7.4
- finding trace file directory E.1.7.1
- levels of trace events E.1.3
- performance effect E.1.4
- querying
  - ADRCI utility E.1.7.3
  - Linux grep command E.1.7.2
trace levels
- finding for current session E.1.6
tracing
- DBMS_MACADM.GET_DV_TRACE_LEVEL function 21.2.4, 21.2.10
- DBMS_MACADM.SET_DV_TRACE_LEVEL procedure 22.1.32
traditional auditing
- in Oracle Database Vault A.1.2
traisimulationning mode
- tutorial 10.4
Transparent Data Encryption, integrating with Oracle Database Vault 11.1
transportable tablespaces
- authorizing for Oracle Data Pump operations in Database Vault 13.5.3.3
- DBA_DV_TTS_AUTH view 25.41
- DBMS_MACADM.AUTHORIZE_TTS_USER procedure 22.1.20
- DBMS_MACADM.UNAUTHORIZE_TTS_USER procedure 22.1.49
triggers
- different from object owner account 27.6.9.7
- reports, Non-Owner Object Trigger Report 27.6.9.7
troubleshooting
- access security sessions 27.5.5
- auditing reports, using 27.5
- factors E.2
- general diagnostic tips E.2
- locked out accounts B.1
- passwords, forgotten B.1
- realms E.2
- rules E.2
- rule sets E.2
- secure application roles 27.5.6
trusted users
- accounts and roles that should be limited D.4
- default for Oracle Database Vault D.3
trust levels
- about 7.4.3
- determining for identities with GET_TRUST_LEVEL_FOR_IDENTITY 18.2.6
- determining with GET_TRUST_LEVEL 18.2.5
- factor identity 7.4.3
- factors 7.4.5
- for factor and identity requested 18.2.6
- identities 7.4.2
- of current session identity 18.2.5
tutorials 7.7.4
- See also: examples
- access, granting with secure application roles 8.8.1
- ad hoc tool access, preventing 7.8.1
- configuring two-person integrity (TPI) 5.9.1
- Database Vault factors with Virtual Private Database and Oracle Label Security 11.2.4.1
- Oracle Label Security integration with Oracle Database Vault 11.2.4.1
- restricting user activities with command rules 6.8
- schema, protecting with a realm 3.5.1
- simulation mode 10.4
two-man rule security
- See: two-person integrity (TPI)
two-person integrity (TPI)
- about 5.9.1
- configuring with a rule set 5.9.1

U

UNAUTHORIZE_MAINTENANCE_USER procedure 22.1.44
unified auditing
- in Oracle Database Vault A.1.1
- predefined audit policies A.1.1
unified audit trail
- how it works with Database Vault A.1.1
uninstalling Oracle Database Vault C.2
Unwrapped PL/SQL Package Bodies Report 27.6.9.4
upgrades
- DDL operations impact 13.2.3
USER_HISTORY$ table 27.6.5.6
user authorization
- Database Vault authorization for ILM
  - granting 22.1.15
  - revoking 22.1.44
- Database Vault authorization for Information Lifecycle Management
  - granting 22.1.15
  - revoking 22.1.44
Username/Password Tables Report 27.6.9.5
user names
- reports, Username/Password Tables Report 27.6.9.5
users
- enterprise identities, finding with DVF.F$PROXY_ENTERPRISE_IDENTITY 18.3.19
- enterprise-wide identities, finding with DVF.F$ENTERPRISE_IDENTITY 18.3.13
- finding session user with DVF.F$SESSION_USER 18.3.21
- login user name, finding with DV_LOGIN_USER 16.2.2
utility functions
- See: .DBMS_MACUTL package
UTL_FILE object 27.6.1.4
UTL_FILE package, guidelines on managing D.6.2.1

V

views 25.1
- See also: names beginning with DVSYS.DBA_DV
- AUDSYS.DV$CONFIGURATION_AUDIT 25.56
- AUDSYS.DV$ENFORCEMENT_AUDIT 25.57
- CDB_DV_STATUS 25.2
- DBA_DV_APP_EXCEPTION 25.3
- DBA_DV_CODE 25.6
- DBA_DV_COMMAND_RULE 25.7
- DBA_DV_DATAPUMP_AUTH 25.8
- DBA_DV_DBCAPTURE_AUTH 25.9
- DBA_DV_DBREPLAY_AUTH 25.10
- DBA_DV_DDL_AUTH 25.11
- DBA_DV_DICTIONARY_ACCTS 25.12
- DBA_DV_FACTOR 25.13
- DBA_DV_FACTOR_TYPE 25.14
- DBA_DV_IDENTITY 25.16
- DBA_DV_IDENTITY_MAP 25.17
- DBA_DV_JOB_AUTH 25.18
- DBA_DV_MAINTENANCE_AUTH 25.21
- DBA_DV_ORADEBUG 25.22
- DBA_DV_PATCH_ADMIN_AUDIT 25.23
- DBA_DV_POLICY 25.24
- DBA_DV_POLICY_LABEL 25.25
- DBA_DV_POLICY_OBJECT 25.26
- DBA_DV_POLICY_OWNER 25.27
- DBA_DV_PREPROCESSOR_AUTH 25.28
- DBA_DV_PROXY_AUTH 25.29
- DBA_DV_PUB_PRIVS 25.30
- DBA_DV_REALM 25.31
- DBA_DV_REALM_AUTH 25.32
- DBA_DV_REALM_OBJECT 25.33
- DBA_DV_ROLE 25.34
- DBA_DV_RULE_SET 25.36
- DBA_DV_RULE_SET_RULE 25.37
- DBA_DV_SIMULATION_LOG 25.38
- DBA_DV_SQL_FIREWALL_AUTH 25.40
- DBA_DV_STATUS 25.39
- DBA_DV_TTS_AUTH 25.41
- DBA_DV_USER_PRIVS 25.42
- DBA_DV_USER_PRIVS_ALL 25.43
- DVSYS.DBA_DV_COMMON_OPERATION_STATUS 25.47
- DVSYS.DV$CONFIGURATION_AUDIT 25.44
- DVSYS.DV$ENFORCEMENT_AUDIT 25.45
- DVSYS.DV$REALM 25.46
- DVSYS.POLICY_OWNER_COMMAND_RULE 25.48
- DVSYS.POLICY_OWNER_POLICY 25.49
- DVSYS.POLICY_OWNER_REALM 25.50
- DVSYS.POLICY_OWNER_REALM_AUTH 25.51
- DVSYS.POLICY_OWNER_REALM_OBJECT 25.52
- DVSYS.POLICY_OWNER_RULE 25.53
- DVSYS.POLICY_OWNER_RULE_SET 25.54
- DVSYS.POLICY_OWNER_RULE_SET_RULE 25.55
VPD
- See: Oracle Virtual Private Database (VPD)

W

WITH ADMIN Privileges Grants Report 27.6.5.1
WITH ADMIN status 27.6.2.1, 27.6.2.2
WITH GRANT clause 27.6.5.7
WITH GRANT Privileges Report 27.6.5.7

X

XStream
- Database Vault role used for 14.2.15
- in an Oracle Database Vault environment 13.13