Index
A B C A C D E F G H I K L M N O P Q R S T U V W X
Symbols
- "all permissions", 2.3, 7.6
- "change_on_install" default password, 2.3, 7.6
- "manager" default password, 2.3, 7.6
Numerics
- 07_DICTIONARY_ACCESSIBILITY, 7.3.3.2
A
- access control, 5.1
-
- enforce, 7.6
- fine-grained access control, 6.2
- password encryption, 4.3.1, 7.3.1.1
- privileges, 5.1
- account locking
-
- explicit, 7.4.1
- password management, 7.4.1
-
- example, 7.4.1
- PASSWORD_LOCK_TIME, 7.4.1
- ADD_CONTEXT procedure, 15.10
- ADD_GROUPED_POLICY procedure, 15.10
- ADD_POLICY procedure, 15.10
- ADMIN OPTION
-
- about, 11.6.1.1
- revoking roles/privileges, 11.7.1
- roles, 5.2.3.1
- system privileges, 5.1.1.2
- administration
-
- difficulties in complex environments, 1.1
- administrative
-
- delays, 1.1
- passwords, 2.3, 7.6
- privileges, 7.3.3
- roles, 7.3.3
- administrator
-
- application security, 7.3.5
- administrator connections, 7.3.3.2
- administrator privileges
-
- statement execution audited, 8.1.2
- write, on listener.ora, 7.6
- administrator security, 7.3.3
- adump directory, 12.2.4
- AES, Preface
- algorithms
-
- encryption, Preface
- hash, Preface, Preface
- ALTER privilege statement, 13.7.2
- ALTER PROFILE statement
-
- password management, 7.4
- ALTER RESOURCE COST statement, 11.3.1, 11.3.1
- ALTER ROLE statement
-
- changing authorization method, 11.5.1
- ALTER SESSION SET SCHEMA statement, 14.3.1.2
- ALTER SESSION statement
-
- SET SCHEMA, 13.6.1
- ALTER TABLE statement
-
- auditing, 8.3
- ALTER USER privilege, 11.1.2
- ALTER USER statement, 7.3.3.1, 7.4, 7.4.2
-
- default roles, 11.9.2
- explicit account unlocking, 7.4.1
- GRANT CONNECT THROUGH clause, 10.1.4
- password
-
- expire, 7.4.2
- REVOKE CONNECT THROUGH clause, 10.1.4
- altering users, 11.1.2
- ANONYMOUS, 7.6
- anonymous PL/SQL blocks, 13.5.2
- ANY system privilege, 7.6
- application administrator security, 7.3.5
- application administrators, 7.3.5
- application context, 7.2
-
- as secure data cache, 14.3.2.1, 15, 15.1
- bind variables, 14.3.2.3
- creating, 15.2.2
- examples, 15.3
- fine-grained access control, 3.2.6, 14.3.2
- how to use session-based, 15.2
- parallel query, Preface, 15.2.1.4
- performance, 15.3.1.4
- returning predicate, 14.3.2.2
- security features, 14.3.1
- setting, 15.2.3
- support for database links, 15.4
- USERENV namespace, 14.3.1.2
- using in policy, 15.2.4
- application developer environment
-
- test and production databases, 7.3.4.2
- application developer security, 7.3.4
- application developers
-
- privileges, 7.3.4.1
- privileges for, 7.3.4.1
- roles for, 7.3.4.4
- application development
-
- CREATE privileges, 7.3.4.4
- free versus controlled, 7.3.4.3
- object privileges, 7.3.4.4
- roles and privileges, 7.3.4.4
- security domain, 7.3.4.5
- security for, 7.3.4.3
- application roles, 13.4
- application security
-
- considerations for use, 13.2
- limitations, 14.1.1.3
- specifying attributes, 14.3.1.1
- applications
-
- about security policies for, 13.1
- context, 6.2.2
- database users, 13.2.1
- enhancing security with, 5.2.1
- One Big Application User model, 13.2.1, 13.2.2
- roles, 13.5
- roles and, 5.2.2.1
- security, 13.2.2, 14.5.2
-
- application context, 6.2.2
- applications development
-
- space restrictions, 7.3.4.5
- tablespaces
-
- developer restrictions, 7.3.4.5
- AQ_ADMINISTRATOR_ROLE role, 11.4.3
- AQ_USER_ROLE role, 11.4.3
- AS SYSDBA, 2.3, 2.3
-
- create, drop, delete, etc., 7.3.3.2
- for administrator access, 2.3, 7.3.3.2, 7.3.3.2, 7.3.3.2, 7.4.4.2, 7.6
- AS SYSOPER, 2.3, 7.3.3.2
-
- startup, shutdown, recovery, etc., 7.3.3.2
- attacks
-
- denial of service, 2.4.4, 7.6
- attributes, USERENV, 14.3.1.2
- audit directory, 12.2.4
- audit filenames, 12.2.4
- audit files, 12.1, 12.2.4, 12.2.4, 12.2.6, 12.3, 12.3.2, 12.4.1.1, 12.4.5.2
- AUDIT statement
-
- BY proxy clause, 12.4.2
- schema objects, 12.4.3.3
- statement auditing, 12.4.3.1.1
- system privileges, 12.4.3.1.1
- audit trail, 12.4.5
-
- archiving, 12.4.5.2
- controlling size of, 12.4.5
- creating and deleting, 12.5
- deleting views, 12.5.3
- dropping, 12.5
- interpreting, 12.5.2
- maximum size of, 12.4.5
- protecting integrity of, 12.4.6
- purging records from, 12.4.5.1
- reducing size of, 12.4.5.3
- table that holds, 12.2.6
- views on, 12.5.1
- audit trail, uniform, Preface
- AUDIT_FILE_DEST initialization parameter, 12.4.1, 12.4.1.2
-
- setting for OS auditing, 12.4.1.2
- AUDIT_SYS_OPERATIONS initialization parameter, 12.4.1
-
- auditing SYS, 12.2.4
- AUDIT_TRAIL initialization parameter, 12.4.1
-
- auditing SYS, 12.2.4
- setting, 12.4.1.1
- AUDIT_TRAIL=DB, 12.4.1.1, 12.4.1.1
- AUDITED_CURSORID attribute, 14.3.1.2
- auditing, 12.2.6
-
- audit option levels, 12.4.3
- audit options, 8.1
- audit records, 8.1.1
- audit trail records, 12.3.1
- audit trails, 8.1.1
-
- database, 8.1.1.1, 12.3.1
- operating system, 8.1.1.2, 8.1.1.5
- syslog, 8.1.1.3
- by access, 8.5.2.2
-
- mandated for, 8.5.2
- by session, 8.5.2.1
-
- prohibited with, 8.5.2
- compromised by One Big Application User, 13.2.1
- database and operating-system usernames, 4.1
- DDL statements, 8.2
- default options, 12.4.3.3
- described, 8
- disabling default options, 12.4.4.2
- disabling options, 12.4.1, 12.4.4, 12.4.4.1, 12.4.4.2, 12.4.4.3
- disabling options versus auditing, 12.4.4
- DML statements, 8.2
- enabling options, 12.4.1
-
- privileges for, 12.4.1
- enabling options versus auditing, 12.4.3
- fine-grained, 12.6
- guidelines, 12.2
- historical information, 12.2.2
- information stored in OS file, 12.3.2
- keeping information manageable, 12.2.1
- managing the audit trail, 12.5
- mandatory, 8.1.1.5
- multi-tier environments, 12.4.2
- network, 12.4.3.4
-
- turning off, 12.4.4.3
- turning on, 12.4.3.4
- new features, Preface
- n-tier systems, 16.2.1.4
- object
-
- turning off, 12.4.4.2
- turning on, 12.4.3.3
- operating-system audit trails, 12.2.6
- policies for, 7.5
- privilege
-
- turning on, 12.4.3.2
- privilege audit options, 12.4.3.2
- privilege use, 8.1, 8.3
- privileges required for object, 12.4.3.3
- privileges required for system, 12.4.3.2
- range of focus, 8.1, 8.5
- schema object, 8.1, 8.1, 8.4
- schema objects, 12.4.3.3
- security and, 8.1.1.2
- session level, 12.4.3.1.1
- statement, 8.1, 8.2, 12.4.3.1.1
-
- turning on, 12.4.3.1
- statement and privilege
-
- turning off, 12.4.4.1
- statement level, 12.4.3.1
- successful executions, 8.5.1
- suspicious activity, 12.2.3
- SYS, 12.2.4
- system privileges, 12.4.3.1.1
- to OS file, 12.4.1.2
- transaction independence, 8.1.2
- unsuccessful executions, 8.5.1
- user, 8.5.3
- using the database, 12.2.6
- using the operating system, 12.2.6
- viewing
-
- active object options, 12.5.2.3
- active privilege options, 12.5.2.2
- active statement options, 12.5.2.1
- default object options, 12.5.2.4
- views, 12.5.1
- when options take effect, 8.1.2
- auditing policy, 7.5
- AUTHENTICATED_IDENTITY attribute, 14.3.1.2
- authentication
-
- by database, 10.1.1
- by SSL, 10.1, 10.1.3.1.1
- certificate, 7.6
- client, 7.6, 7.6
- compromised by One Big Application User, 13.2.1
- database administrators, 4.5
- described, 4
- directory service, 10.1.3.1
- external, 10.1.2
- global, 10.1.3
- multitier, 4.4
- network, 4.2.2
- n-tier systems, 16.2.1.1
- operating system, 4.1
- Oracle, 4.3
- password policy, 7.3.1.1
- proxy, 10.1.4
- public key infrastructure, 4.2.2.2
- remote, 4.2.2.3, 7.6, 7.6
- specifying when creating a user, 11.1.1.2
- strong, 7.6
- user, 7.6
- users, 7.1.2
- ways to authenticate users, 10.1
- AUTHENTICATION_DATA attribute, 14.3.1.2
- AUTHENTICATION_METHOD attribute, 14.3.1.2
- authorization
-
- changing for roles, 11.5.1
- global, 10.1.3
- omitting for roles, 11.5.1
- operating-system role management and, 11.5.2.3.1
- roles, about, 11.5.2
- Axent, 7.6
B
- backups, 7
- batch jobs, authenticating users in, 9
- bfiles, 7.6
- BG_JOB_ID attribute, 14.3.1.2
- bind variables, 14.3.2.3
- Block cipher, Preface
C
- cascading revokes, 11.7.3
- CATAUDIT.SQL script
-
- running, 12.5.1
- categories of security issues, 1
- CATNOAUD.SQL, 12.5.3
- CATNOAUD.SQL script
-
- running, 12.5.3
- central repository, 1.1
- centralized management with distributable tools, 1.1.1
- certificate authentication, 7.6
- certificate key algorithm
-
- Secure Sockets Layer
-
- certificate key algorithm, 2.4.1
- certificates for user and server authentication, 2.4.2
- chaining mode, Preface
-
- modifiers (CBC, CFB, ECB, OFB, Preface
- character sets
-
- multibyte characters in role names, 11.5.1
- multibyte characters in role passwords, 11.5.2.1
- checklists and recommendations, 2
-
- custom installation, 2.3, 7.6, 7.6
- disallow modifying default permissions for Oracle Database home (installation) directory or its contents, 2.3
- disallow modifying Oracle home default permissions, 7.6
- limit the number of operating system users, 2.3, 7.6
- limit the privileges of the operating system accounts, 2.3, 7.6
- networking security, 2.4, 7.6
- personnel, 2.2
- physical access control, 2.1
- restrict symbolic links, 2.3, 7.6
- secure installation and configuration, 2.3, 7.6
- CheckPoint, 7.6
- cipher suites
-
- Secure Sockets Layer, 2.4.1
- Cisco, 7.6
- client checklist, 2.4.2
- CLIENT_IDENTIFIER
-
- setting and clearing with DBMS_SESSION package, 16.2.2.3
- setting for applications that use JDBC, 16.2.2.3
- setting with OCI user session handle attribute, 16.2.2.3
- CLIENT_IDENTIFIER attribute, 14.3.1.2
- CLIENT_INFO attribute, USERENV, 14.3.1.2
- column masking behavior, 14.1.1.2, 15.10.3
- column masking behavior restrictions, 15.10.3.2
- column masking behavior, VPD, Preface, 15.10.3.2
- column-level VPD, 14.1.1.1, 15.10.3
-
- adding policies for, 15.10.3
- column masking behavior, 15.10.3.2
- column masking restrictions, 15.10.3.2
- does not apply to synonyms, 15.10.3
- new features, Preface
- columns
-
- granting privileges for selected, 11.6.2.3
- granting privileges on, 11.6.2.3
- INSERT privilege and, 11.6.2.3
- listing users granted to, 11.11.3
- privileges, 11.6.2.3
- pseudocolumns
-
- USER, 5.1.4.2
- revoking privileges on, 11.7.2.2
- common platform for examples, 7.6
- complex environments
-
- administration difficulties, 1.1, 1.1
- concurrency
-
- limits on
-
- for each user, 5.3.1.5
A
- configuration files, 2.4.1, 2.4.1, 2.4.1, 2.4.1, 2.4.3, 2.4.4, 2.4.4, 4.3, 4.3.5, 7.6, 7.6, 7.6, 7.6, 7.6, 7.6, 8.1.1.1, 10.1.2.2, 11.5.2.3.2, 11.10.5, 12.3.1, 12.4.1.1, 12.4.4
-
- listener, 7.6
- sample listener.ora, 7.6
- SSL, 2.4.1
- typical directory, 2.4.1, 2.4.1
C
- configuration files, 15.13, 15.13
- CONNECT /, 7.3.3.2
- CONNECT role, 5.2.7, 5.2.7, 11.4.3
- CONNECT statement, 7.6, 7.6, 11.4.3
- connection pooling, 4.4
- connections
-
- auditing, 12.4.3.1.1
- SYS-privileged, 2.3, 7.6
- connections as SYS and SYSTEM, 7.3.3.1
- context-sensitive policy type, Preface, 15.10.1, 15.10.2.2
- controlled development, 7.3.4.3
- CPU time limit, 5.3.1.3
- CREATE ANY TABLE statement, 2.3, 7.6
- CREATE CONTEXT statement, 15.2.2
- CREATE DBLINK statement, 7.6
- CREATE PROCEDURE statement, 7.3.4.4
-
- developers, 7.3.4.1
- CREATE PROFILE statement, 7.4, 7.4.2
-
- failed login attempts, 7.4.1
- how long account is locked, 7.4.1
- password aging and expiration, 7.4.2
- password management, 7.4
- CREATE ROLE statement
-
- IDENTIFIED BY option, 11.5.2.1
- IDENTIFIED EXTERNALLY option, 11.5.2.3
- CREATE SCHEMA statement, 13.6.1
- CREATE SESSION statement, 7.6, 11.4.3, 13.6.1
- CREATE statement
-
- AS SYSDBA, 7.3.3.2
- CREATE TABLE statement, 7.3.4.4
-
- auditing, 8.2, 8.3, 8.5.1
- developers, 7.3.4.1
- CREATE USER statement, 7.4
-
- explicit account locking, 7.4.1
- IDENTIFIED BY option, 11.1.1.2
- IDENTIFIED EXTERNALLY option, 11.1.1.2
- password
-
- expire, 7.4.2
- CREATE VIEW statement, 7.3.4.4
- CREATE_POLICY_GROUP procedure, 15.10
- creating an audit trail, 12.5
- CTXSYS, 7.6
- CURRENT_BIND attribute, 14.3.1.2
- CURRENT_SCHEMA attribute, USERENV, 14.3.1.2
- CURRENT_SCHEMAID attribute, 14.3.1.2
- CURRENT_SQL attribute, 14.3.1.2
- CURRENT_SQL_LENGTH attribute, 14.3.1.2
- CURRENT_SQL1 to CURRENT_SQL7 attributes, 14.3.1.2
- cursors
-
- shared, 14.3.2.3
- custom installation, 2.3, 7.6, 7.6
D
- data
-
- access to
-
- fine-grained access control, 6.2
- security level desired, 7.2
- data definition language
-
- auditing, 8.2
- roles and privileges, 5.2.6
- data dictionary protection, 2.3, 7.6
- data dictionary tables, 7.3.3.1
- data encryption, 3.1.2
- data files, 7.6
- data manipulation language
-
- auditing, 8.2
- privileges controlling, 5.1.3.1
- data security level
-
- based on data sensitivity, 7.2
- data security policy, 7.2
- database
-
- granting privileges, 11.6
- granting roles, 11.6
- security and schemas, 13.6
- user and application user, 13.2.1
- database administrators
-
- application administrator versus, 7.3.5
- roles
-
- for security, 7.3.3.3, 7.3.3.3, 7.3.3.3, 7.3.3.3, 7.3.3.3
- security for, 7.3.3
- security officer versus, 7.1
- database administrators (DBAs)
-
- authentication, 4.5
- DBA role, 5.2.7
- password files, 4.5
- database authentication, 10.1.1
- Database Configuration Assistant, 2.3, 2.3, 7.6, 7.6
- database descriptors, 7.6
- database link, 4.1, 4.2.2, 4.2.2.1, 5.1.2, 6.1, 8.4, 10.1.3.2
- database links, 15.4
- database links, and SYS_CONTEXT, 15.2.1.5
- database security
-
- elements and operations, 1
- database user management, 7.1.1
- databases
-
- access control
-
- password encryption, 4.3.1, 7.3.1.1
- limitations on usage, 5.3
- production, 7.3.4.2, 7.3.5
- test, 7.3.4.2
- DB_DOMAIN attribute, USERENV, 14.3.1.2
- DB_NAME attribute, 14.3.1.2
- DB_UNIQUE_NAME, 12.2.4
- DBA role, 5.2.7, 11.4.3
- DBA_COMMON_AUDIT_TRAIL view, Preface
- DBA_ROLE_PRIVS view, 13.3
- DBMS_CRYPTO, Preface, 17.3, 17.3.1
- DBMS_FGA package, 12.7
- DBMS_OBFUSCATION_TOOLKIT, Preface, 17.3
- DBMS_RLS package, 15.10
-
- security policies, 6.2
- DBMS_RLS.ADD_POLICY
-
- sec_relevant_cols parameter, 14.1.1.1, 15.10.3.1
- sec_relevant_cols_opt parameter, 15.10.3.2
- DBMS_SESSION package
-
- SET_CONTEXT procedure, 15.2.2
- SET_ROLE procedure, 13.5.2, 13.5.2
- DBMS_SQL package
-
- SET_ROLE procedure, 13.5.3
- DBMS_SQLHASH Package, B.1
- DBMS_SQLHASH.GETHASH Function, B.2
- DBSNMP, 2.3, 2.3, 7.6, 7.6, 7.6, 7.6
- default
-
- audit options, 12.4.3.3
-
- disabling, 12.4.4.2
- default accounts
-
- ANONYMOUS, 7.6
- CTXSYS, 7.6
- DBSNMP, 7.6
- DIP, 7.6
- DMSYS, 7.6
- EXFSYS, 7.6
- HR, 7.6
- MDDATA, 7.6
- MDSYS, 7.6
- MGMT_VIEW, 7.6
- ODM, 7.6
- ODM_MTR, 7.6
- OE, 7.6
- OLAPSYS, 7.6
- ORDPLUGINS, 7.6
- ORDSYS, 7.6
- OUTLN, 7.6
- PM, 7.6
- QS, 7.6
- QS_ADM, 7.6
- QS_CB, 7.6
- QS_CBADM, 7.6
- QS_CS, 7.6
- QS_ES, 7.6
- QS_OS, 7.6
- QS_WS, 7.6
- RMAN, 7.6
- SCOTT, 7.6
- SH, 7.6
- SI_INFORMTN_SCHEMA, 7.6
- SYS, 7.6
- SYSMAN, 7.6
- SYSTEM, 7.6
- WK_TEST, 7.6
- WKPROXY, 7.6
- WKSYS, 7.6
- WMSYS, 7.6
- XDB, 7.6
- default passwords, 2.3, 2.3, 2.3, 2.3, 2.3, 7.3.3.1, 7.3.3.1, 7.4.4.2, 7.6, 7.6, 7.6, 7.6, 7.6, 7.6, 17.2.2
- default permissions, 2.3, 7.6
- default roles, 11.9.2
- default user
-
- accounts, 2.3, 2.3, 7.6, 7.6
- passwords, 2.3, 7.6, 7.6, 7.6
- default users
-
- enterprise manager accounts, 7.6
- defaults
-
- "change_on_install" or "manager" passwords, 2.3, 7.6
- role, 11.1.2.2
- tablespace quota, 11.1.1.4
- user tablespaces, 11.1.1.3
- definer's rights
-
- procedure security, 5.1.5.1
- delays
-
- administrative, 1.1
- DELETE privilege, 13.7.2
- DELETE statement, 7.3.3.2
-
- AS SYSDBA, 7.3.3.2
- DELETE_CATALOG_ROLE role, 11.4.1.2, 11.4.3
- DELETE_POLICY_GROUPS procedure, 15.10
- denial of service attacks, 2.4.4, 7.6
- DES, Preface, 7.3.1.1
- developers, application, 7.3.4.1
- development environment
-
- free versus controlled, 7.3.4.3
- dictionary protection mechanism, 11.4.1.1
- DIP, 7.6
- directory service
-
- See also enterprise directory service.
- disable unnecessary services
-
- FTP, TFTP, TELNET, 7.6
- DISABLE_GROUPED_POLICY procedure, 15.10
- disabling
-
- roles, 3.2.1
- disabling audit options, 12.4.4, 12.4.4.1, 12.4.4.2, 12.4.4.3
- disabling auditing, 12.4.1
- disabling resource limits, 11.3
- disallow modifying default permissions for database home directory or its contents, 2.3
- disallow modifying Oracle home default permissions, 7.6
- disconnections
-
- auditing, 12.4.3.1.1
- dispatcher processes (Dnnn)
-
- limiting SGA space for each session, 5.3.1.5
- DMSYS, 7.6
- DROP ANY TABLEstatement, 7.6
- DROP PROFILE statement, 11.3.1
- DROP ROLE statement, 11.5.3, 11.5.3
- DROP statement, 7.3.3.2
-
- AS SYSDBA, 7.3.3.2
- DROP TABLE statement
-
- auditing, 8.2, 8.3
- DROP USER privilege, 11.1.3
- DROP USER statement, 11.1.3
- DROP_CONTEXT procedure, 15.10
- DROP_GROUPED_POLICY procedure, 15.10
- DROP_POLICY procedure, 15.10
- dropping an audit trail, 12.5
- dropping profiles, 11.3.1
- dropping users, 11.1.3
- dynamic predicates
-
- in security policies, 6.2.1
- dynamic SQL, 14.1.1, 15.8
- dynamic VPD policy types, 15.10.1
-
- testing, 15.10.1
E
- eavesdropping, 2.4.2
- ENABLE_GROUPED_POLICY procedure, 15.10
- ENABLE_POLICY procedure, 15.10
- enabling
-
- roles, 3.2.1
- enabling resource limits, 11.3
- encryption, 2.4.4, 3.1.2, 17.3, 17.3.1
-
- algorithms, Preface
- database passwords, 10.1.1
- network traffic, 7.6
- stored data, 7.6
- end-user security, 7.3.2
- enforcement options
-
- exemptions, 14.5.3
- enterprise directory service, 7.3.2.2, 11.5.2.4
- Enterprise Edition, 2.3, 7.6, 7.6
- Enterprise Manager
-
- granting roles, 5.2.3
- statistics monitor, 5.4.1
- enterprise roles, 7.3.2.2, 10.1.3, 11.5.2.4
- enterprise user management, 13.2.1
- Enterprise User Security, 15.5.2
- enterprise users, 7.3.2.2, 10.1.3, 11.5.2.4, 13.6.2
- ENTERPRISE_IDENTITY attribute, 14.3.1.2
- ENTRYID attribute, 14.3.1.2
- event triggers, 15.3.3
- EXECUTE privilege, 2.3, 7.6, 13.7.2
- EXECUTE_CATALOG_ROLE role, 11.4.1.2, 11.4.3
- EXEMPT ACCESS POLICY privilege, 14.5.3
- EXFSYS, 7.6
- EXP_FULL_DATABASE role, 5.2.7, 11.4.3
- expired & locked, 7.6
- expiring
-
- passwords, 4.3.3
- explicitly expiring a password, 7.4.2
- Export utility
-
- policy enforcement, 14.5.3
- EXTENDED, 12.4.1.1, 12.4.1.2
- external authentication
-
- by network, 10.1.2.3
- by operating system, 10.1.2.2
- external tables, 7.6
F
- failed login attempts
-
- account locking, 7.4.1
- password management, 7.4.1
- resetting, 7.4.1
- falsified IP addresses, 2.4.2
- falsified or stolen client system identities, 2.4.2
- features, new
-
- See new features
- Virtual Private Database, Preface
- FG_JOB_ID attribute, 14.3.1.2
- files
-
- audit, 12.1, 12.2.4, 12.2.4, 12.2.6, 12.3, 12.3.2, 12.4.1.1, 12.4.5.2
- bfiles, 2.3, 7.6
- BLOB, 17.4.6
- configuration, 2.4.1, 2.4.3, 2.4.4, 4.3, 4.3.5, 7.6, 7.6, 7.6, 7.6, 7.6, 8.1.1.1, 10.1.2.2, 11.5.2.3.2, 11.10.5, 12.3.1, 12.4.1.1, 12.4.4, 15.13, 15.13
- data, 2.3, 7.6
- external tables, 2.3, 7.6
- init<sid>.ora, 7.6
- init.ora, 8.1.1.1, 10.1.2.2, 11.5.2.3.2, 11.10.5, 12.3.1, 12.4.1.1, 12.4.4, 15.13, 15.13
- keys, 17.4.4.2
- listener.ora, 2.4.1, 2.4.3, 7.6, 7.6, 7.6
- log, 2.3, 7.6, 12.2.4, 12.4.1.2
- password, 4.5
- protocol.ora, 2.4.4, 7.6
- restrict listener access, 2.4.3
- restrict symbolic links, 2.3, 7.6
- server.key, 2.4.1, 2.4.1
- sqlnet.ora, 4.3, 7.6
- SSL, 2.4.1
- trace, 2.3, 7.6
- tsnames.ora, 2.4.1
- UTLPWDMG.SQL, 4.3.5
- fine-grained access control, 6.2, 7.2
-
- application context, 3.2.6, 14.3.2
- features, 14.2.1
- performance, 14.2.1.4
- fine-grained auditing, 12.6
-
- introduction, 3.1.2
- multiple objects, columns, statements, including INDEX, 7.5
- policies, 7.5
- Firewall-1, 7.6
- firewalls, 2.4.4, 2.4.4, 2.4.4, 7.6, 7.6
-
- breach
-
- vulnerable data, 2.4.4, 7.6
- ill-configured, 7.6
- no holes, 7.6
- ports, 2.4.1
- supported
-
- packet-filtered, 7.6
- proxy-enabled, 7.6
- flashback query, 12.3.1, 15.14
- foreign keys
-
- privilege to use parent key, 5.1.3.2
- formatting of password complexity verification routine, 7.4.4.1
- free development, 7.3.4.3
- FTP, 7.6
- functions
-
- PL/SQL
-
- privileges for, 5.1.5
- roles, 5.2.5
G
- Gauntlet, 7.6
- general user security, 7.3.1
- global authentication and authorization, 10.1.3
- global roles, 10.1.3, 11.5.2.4
- global users, 10.1.3
- GLOBAL_CONTEXT_MEMORY attribute, 14.3.1.2
- GLOBAL_UID attribute, 14.3.1.2
- good security
-
- what it requires, 2
- grace period
-
- example, 7.4.2
- password expiration, 7.4.2, 7.4.2
- GRANT ALL PRIVILEGES
-
- SELECT ANY DICTIONARY, 7.6
- GRANT ANY OBJECT PRIVILEGE system privilege, 11.6.2.2, 11.7.2.1
- GRANT ANY PRIVILEGE system privilege, 5.1.1.2
- GRANT CONNECT THROUGH clause
-
- for proxy authorization, 10.1.4
- GRANT statement, 11.6.1
-
- ADMIN OPTION, 11.6.1.1
- creating a new user, 11.6.1.2
- object privileges, 11.6.2, 13.7.1
- system privileges and roles, 11.6
- when takes effect, 11.9
- WITH GRANT OPTION, 11.6.2.1
- granting
-
- privileges and roles, 5.1.1.1
- granting privileges and roles
-
- listing grants, 11.11
- specifying ALL, 11.4.2
H
- hacked operating systems or applications, 2.4.2
- harden
-
- operating system, 7.6
- hash
-
- keyed, Preface
- hash algorithms, Preface
- HOST attribute, 14.3.1.2
- HR, 7.6
- HS_ADMIN_ROLE role, 11.4.3
- HTTP
-
- potentially malicious data transmissions, 7.6
- request and retrieve arbitrary data, 7.6
- HTTPS port, 2.4.1
I
- identity management
-
- centralized management with distributable tools, 1.1.1
- components, 1.1.2
- desired benefits, 1.1.1
- infrastructure, 1.1.2
- Oracle's infrastructure components, 1.1.2
- seamless timely distribution, 1.1.1
- security, 1.1
- single sign-on, 1.1.1
- sngle point of integration, 1.1.1
- solution, 1.1
- IMP_FULL_DATABASE role, 5.2.7, 11.4.3
- INDEX privilege, 13.7.2
- init<sid>.ora file, 7.6
- init.ora, 12.3.1, 12.4.1.1, 12.4.4, 15.13, 15.13
- init.ora file, 8.1.1.1, 10.1.2.2, 11.5.2.3.2, 11.10.5
- INSERT privilege, 13.7.2
-
- granting, 11.6.2.3
- revoking, 11.7.2.2
- INSTANCE attribute, 14.3.1.2
- INSTANCE_NAME attribute, 14.3.1.2
- invoker's rights
-
- procedure security, 5.1.5.1
- invoker's rights stored procedures, 13.5.2
- IP address
-
- fakeable, 2.4.4
- IP addresses, 7.6, 7.6
- IP_ADDRESS attribute, 14.3.1.2
- ISDBA attribute, USERENV, 14.3.1.2
- iTAR, 7.6
K
- Kerberos, 2.3, 7.6
- keyed hash, Preface
L
- LANG attribute, 14.3.1.2
- LANGUAGE attribute, 14.3.1.2
- least privilege principle, 2.3, 7.6, 7.6, 7.6
- lifetime for passwords, 4.3.3
- Lightweight Directory Access Protocol (LDAP), 15.3.1.4
- limit operating system account privileges, 2.3, 7.6
- limit sensitive data dictionary access, 7.3.3.2
- limit the number of operating system users, 2.3, 7.6
- listener, 7.6
-
- checklist, 2.4.3
- establish password, 2.4.4, 2.4.4, 7.6, 7.6
- not Oracle owner, 7.6
- prevent on-line administration, 7.6
- restrict privileges, 2.4.3, 7.6
- sample configuration, 7.6
- secure administration, 2.4.3, 2.4.4, 7.6
- listener.ora, 2.4.1
-
- add line, 7.6
- control external procedures, 7.6
- sample, 7.6
- typical directory, 2.4.1
- listener.ora file, 2.4.3, 7.6, 7.6
- lock and expire, 2.3, 2.3, 2.3, 7.6, 7.6, 7.6
-
- unlock via ALTER USER statement, 7.3.3.1
- log files, 7.6, 7.6, 12.2.4, 12.4.1.2
- logical reads limit, 5.3.1.4
- login triggers, 15.2.3
- logon triggers, 15.2.1, 15.3.1
M
- MAC, Preface
- mail messages
-
- arbitrary, 7.6
- unauthorized, 7.6
- managing roles, 11.5
- mandatory auditing, 8.1.1.5
- MAX_ENABLED_ROLES initialization parameter
-
- enabling roles and, 11.9.3
- MD4, Preface
- MD5, Preface
- MDDATA, 7.6
- MDSYS, 7.6, 7.6
- memory
-
- viewing per user, 11.2.5
- message authentication code, Preface
- Metalink, 7.6
- methods
-
- privileges on, 5.1.6
- MGMT_VIEW, 7.6
- middle tier systems, 14.3.1.2
- mode, SSL, 2.4.1
- monitoring, 8
- monitoring user actions, 8
- multiple administrators
-
- roles example, 7.3.3.3, 7.3.3.3, 7.3.3.3, 7.3.3.3, 7.3.3.3
- multiplex multiple client network sessions, 2.4.4
- multi-tier environments
-
- auditing clients, 12.4.2
N
- Net8, 7.6
- network
-
- auditing, 12.4.3.4
- authentication, 10.1.2.3
- Network Associates, 7.6
- network auditing
-
- turning off, 12.4.4.3
- turning on, 12.4.3.4
- network authentication, 10.1.2.3
- network authentication services, 2.3, 7.6
-
- smart cards, 7.6
- token cards, 7.6
- X.509 certificates, 7.6
- network connections
-
- arbitrary transmissions, 7.6
- outgoing, 7.6
- network IP addresses, 2.4.4, 7.6
- NETWORK_PROTOCOL attribute, 14.3.1.2
- networking security checklists, 2.4, 7.6
-
- client checklist, 2.4.2
- listener checklist, 2.4.3
- network checklist, 2.4.4
- SSL, 2.4.1
-
- configuration files, 2.4.1
- mode, 2.4.1
- tcps, 2.4.1
- networks
-
- network authentication service, 4.2.2
- new features, Preface
-
- auditing, Preface
- column-level VPD, Preface
- policy types, Preface
- Virtual Private Database, Preface
- NLS_CALENDAR attribute, 14.3.1.2
- NLS_CURRENCY attribute, 14.3.1.2
- NLS_DATE_FORMAT attribute, 14.3.1.2
- NLS_DATE_LANGUAGE attribute, 14.3.1.2
- NLS_SORT attribute, 14.3.1.2
- NLS_TERRITORY attribute, 14.3.1.2
- NOAUDIT statement
-
- disabling audit options, 12.4.4
- disabling default object audit options, 12.4.4.2
- disabling network auditing, 12.4.4.3, 12.4.4.3
- disabling object auditing, 12.4.4.2
- disabling statement and privilege auditing, 12.4.4.1, 12.4.4.1
O
- O7_DICTIONARY_ACCESSIBILITY, 2.3, 7.6, 7.6, 11.4.1.1, 11.4.1.1, 11.4.1.1, 11.4.1.1, 11.4.1.1
-
- initialization parameter, 11.4.1.1
- object auditing
-
- turning off, 12.4.4.2
- turning on, 12.4.3.3
- object privileges, 2.3, 5.1.2, 6.1, 7.6
-
- developers, 7.3.4.4
- granting on behalf of the owner, 11.6.2.2
- revoking, 11.7.2
- revoking on behalf of owner, 11.7.2.1
- schema object privileges, 5.1.2, 6.1
- See also schema object privileges
- objects
-
- granting privileges, 13.7.2
- privileges, 13.7.1
- privileges on, 5.1.6
- OCI
-
- enabling roles, 3.2.1
- ODM, 7.6
- ODM_MTR, 7.6
- OE, 7.6
- OLAPSYS, 7.6
- operating system
-
- harden, 7.6
- operating system authentication, 7.3.3.2
- operating system security, 7.1.3
- operating system username, 2.3
- operating systems
-
- accounts, 11.10.1
- authentication, 10.1.2.2, 11.10
- authentication by, 4.1
- default permissions, 2.3, 7.6
- enabling and disabling roles, 11.10.4
- role identification, 11.10.1
- roles and, 5.2.8, 11.10
- security in, 7.1.3
- optimization
-
- query rewrite
-
- in security policies, 6.2.1
- Oracle Advanced Security, 2.3, 7.6, 7.6, 13.6.2
- Oracle Connection Manager, 2.4.4
- Oracle Delegated Administration Service, 1.1.2
- Oracle Directory Integration and Provisioning, 1.1.2
- Oracle Enterprise Security Manager, 4.2.2.4
- Oracle Internet Directory, 1.1.2, 4.2.2.4, 16.1.4.3
- Oracle Java Virtual Machine (OJVM), 2.3, 7.6
- Oracle Net, 7.6
- Oracle Net Manager, 7.6
- Oracle Technology Network, 7.6
- Oracle Universal Installer, 2.3
- Oracle Wallet Manager, 4.2.2.2
- Oracle wallets, 4.2.2.2
- Oracle Worldwide Support Services, 7.6
- OracleAS Certificate Authority, 1.1.2, 4.2.2.2
- OracleAS Single Sign-On, 1.1.2
- ORDPLUGINS, 7.6
- ORDSYS, 7.6
- OS, 12.4.1.1, 12.4.1.2
- OS username, 7.3.3.2
- OS_ROLES parameter
-
- operating-system authorization and, 11.5.2.3.1
- REMOTE_OS_ROLES and, 11.10.5
- using, 11.10.1
- OS_USER attribute, USERENV, 14.3.1.2
- OUTLN, 7.6
P
- packages
-
- auditing, 8.4
- examples of, 5.1.5.3, 5.1.5.3
- privileges
-
- divided by construct, 5.1.5.3
- executing, 5.1.5, 5.1.5.3
- Padding forms, Preface
- parallel execution servers, 15.2.1.4
- parallel query
-
- and SYS_CONTEXT, Preface
- application context, Preface
- parallel query, and SYS_CONTEXT, 15.2.1.4
- parameters
-
- protocol.ora, 7.6
- pass-phrase
-
- to read and parse server.key file, 2.4.1
- password
-
- establish for listener, 2.4.4, 2.4.4, 7.6, 7.6
- password aging and expiration, 7.4.2
-
- grace period, 7.4.2, 7.4.2
-
- example, 7.4.2
- password complexity verification, 4.3.5, 7.4.4
-
- formatting of routine, 7.4.4.1
- sample routine, 7.4.4.2
- password files, 4.5, 7.3.3.2, 7.3.3.2
- password management
-
- account locking, 7.4.1
-
- explicit, 7.4.1
- ALTER PROFILE statement, 7.4
- CREATE PROFILE statement, 7.4
- expiration grace period, 7.4.2, 7.4.2
- explicitly expire, 7.4.2
- failed login attempts, 7.4.1
- failed logins resetting, 7.4.1
- grace period
-
- example, 7.4.2
- history, 7.4.3
- lifetime for password, 7.4.2
- password complexity verification, 7.4.4
- PASSWORD_LOCK_TIME, 7.4.1
- PASSWORD_REUSE_MAX, 7.4.3
- PASSWORD_REUSE_TIME, 7.4.3
- sample password complexity verification routine, 7.4.4.2
- UTLPWDMG.SQL
-
- password management, 7.4.4
- password management policy, 7.4
- password security, 7.3.1.1
- PASSWORD_LIFE_TIME, 7.4.2
- PASSWORD_LOCK_TIME, 7.4.1
- PASSWORD_REUSE_MAX, 7.4.3
- PASSWORD_REUSE_TIME, 7.4.3
- passwords
-
- account locking, 4.3.2
- administrative, 2.3, 7.6
- change via ALTER USER statement, 7.3.3.1
- changing for roles, 11.5.1
- complexity verification, 4.3.5
- connecting without, 4.1
- database user authentication, 4.3
- default, 7.3.3.1
- duration, 2.3, 7.6
- encryption, 4.3.1, 7.3.1.1, 10.1.1
- expiring, 4.3.3
- history, 7.4.3
-
- PASSWORD_REUSE_MAX, 7.4.3
- PASSWORD_REUSE_TIME, 7.4.3
- length, history, and complexity, 7.6
- length, history, and complexity,, 2.3
- management, 7.4
- management rules, 2.3, 7.6
- password files, 4.5
- password reuse, 4.3.4
- privileges for changing for roles, 11.5.1
- privileges to alter, 11.1.2
- reuse, 2.3, 7.6
- role, 3.2.3
- roles, 11.5.2.1
- security policy for users, 7.3.1.1
- SYS and SYSTEM, 2.3, 7.6, 7.6
- used in roles, 5.2.1
- user authentication, 10.1.1
- performance
-
- resource limits and, 5.3
- permissions
-
- server.key file, 2.4.1
- personnel checklist, 2.2
- personnel security, 1
- physical access control checklist, 2.1
- physical security, 1
- PIX Firewall, 7.6
- PKCS #5, Preface
- PKI, 4.2.2.2
- PL/SQL
-
- anonymous blocks, 13.5.2
- auditing of statements within, 8.1.2
- dynamically modifying SQL statements, 14.1.1
- roles in procedures, 5.2.5
- setting context, 15.2.1
- PM, 7.6
- policies
-
- auditing, 7.5
- password management, 7.4
- policy function, 7.2
- policy types
-
- context-sensitive, Preface, 15.10.1, 15.10.2.2
- new features, Preface
- shared, Preface, 15.10.1
- static, Preface, 15.10.1, 15.10.2.1
- POLICY_INVOKER attribute, 14.3.1.2
- practical security concerns, 2
- predicates
-
- dynamic
-
- in security policies, 6.2.1
- principle of least privilege, 2.3, 7.6, 7.6, 7.6
- privacy, 2.3, 7.6
- Private Schemas, 10.1.3.1.1
- privilege auditing
-
- turning off, 12.4.4.1
- turning on, 12.4.3.2
- privilege management, 7.3.1.2
- privileges, 11.4
-
- See also system privileges.
- administrator
-
- statement execution audited, 8.1.2
- altering
-
- passwords, 11.1.2.1
- users, 11.1.2
- altering role authentication method, 11.5.1
- application developers, 7.3.4.1
- application developers and, 7.3.4.1
- audit object, 12.4.3.3
- auditing system, 12.4.3.2
- auditing use of, 8.3, 12.4.3.2
- cascading revokes, 11.7.3
- column, 11.6.2.3
- CREATE DBLINK statement, 7.6
- creating roles, 11.5.1
- creating users, 11.1.1
- dropping profiles, 11.3.1
- dropping roles, 11.5.3
- encapsulating in stored procedures, 3.2.2
- granting, 5.1.1.1, 5.1.2.1, 11.6.1
-
- examples of, 5.1.5.3, 5.1.5.3
- granting object privileges, 11.6.2
- granting system privileges, 11.6
- granting, about, 11.6
- grouping with roles, 11.5
- individual privilege names, 11.4.1
- listing grants, 11.11.1
- managing, 13.3, 13.7
- middle tier, 16.2.1.2
- object, 7.3.4.4, 11.4.2, 13.7.2
- on selected columns, 11.7.2.2
- overview of, 5.1
- policies for managing, 7.3.1.2
- procedures, 5.1.5
-
- creating and altering, 5.1.5.2
- executing, 5.1.5
- in packages, 5.1.5.3
- revoking, 5.1.1.1, 5.1.2.1, 11.7.2
- revoking object, 11.7.2
- revoking object privileges, 11.7.2, 11.7.3.2
- revoking system privileges, 11.7.1
- roles, 5.2
-
- restrictions on, 5.2.6
- schema object, 5.1.2, 6.1
-
- DML and DDL operations, 5.1.3
- granting and revoking, 5.1.2.1
- packages, 5.1.5.3
- procedures, 5.1.5
- SQL statements permitted, 13.7.2
- system, 5.1.1, 11.4.1
-
- ANY, 7.6
- CREATE, 7.3.4.4
- DROP ANY TABLE, 7.6
- granting and revoking, 5.1.1.1
- SELECT ANY DICTIONARY, 7.6
- SYSTEM and OBJECT, 2.3, 7.6
- trigger privileges, 5.1.5.1
- views, 5.1.4
-
- creating, 5.1.4.1
- using, 5.1.4.2
- procedural security, 1
- procedures
-
- auditing, 8.4, 8.4.1
- definer's rights, 5.1.5.1
-
- roles disabled, 5.2.5.1
- examples of, 5.1.5.3, 5.1.5.3
- invoker's rights, 5.1.5.1
-
- roles used, 5.2.5.2
- privileges
-
- create or alter, 5.1.5.2
- executing, 5.1.5
- executing in packages, 5.1.5.3
- security enhanced by, 5.1.5.1
- process monitor process (PMON)
-
- cleans up timed-out sessions, 5.3.1.5
- PRODUCT_USER_PROFILE table, 3.2.1, 14.5.2.1, 14.5.2.1
- production environment, 7.6
- products and options
-
- install only as necessary, 7.6
- profiles, 11.3
-
- disabling resource limits, 11.3
- dropping, 11.3.1
- enabling resource limits, 11.3
- listing, 11.2.1
- managing, 11.3
- password management, 4.3.2, 7.4
- privileges for dropping, 11.3.1
- viewing, 11.2.4
- program global area (PGA)
-
- effect of MAX_ENABLED_ROLES on, 11.9.3
- protocol.ora file, 2.4.4, 7.6
-
- parameters, 7.6
- proxies, 4.4.1
-
- auditing clients of, 12.4.2
- proxy authentication and authorization, 10.1.4
- proxy authentication, 10.1.4
- proxy authorization, 10.1.4
- proxy servers
-
- auditing clients, 12.4.2
- PROXY_USER attribute, 14.3.1.2, 14.3.1.2
- PROXY_USERID attribute, 14.3.1.2
- PROXY_USERS view, 10.1.4
- pseudocolumns
-
- USER, 5.1.4.2
- PUBLIC, 2.3, 7.6
-
- granting and revoking privileges to, 11.8
- procedures and, 11.8
- revoke all unnecessary privileges and roles, 7.6
- user group, 5.2.4, 11.8, 11.8
- public key infrastructure, 4.2.2.2
- PUBLIC_DEFAULT profile
-
- dropping profiles and, 11.3.1
Q
- QS, 7.6
- QS_ADM, 7.6
- QS_CB, 7.6
- QS_CBADM, 7.6
- QS_CS, 7.6
- QS_ES, 7.6
- QS_OS, 7.6
- QS_WS, 7.6
- query rewrite
-
- dynamic predicates in security policies, 6.2.1
- quotas
-
- listing, 11.2.1
- revoking from users, 11.1.1.4.1
- setting to zero, 11.1.1.4.1
- tablespace, 11.1.1.4
- temporary segments and, 11.1.1.4
- unlimited, 11.1.1.4.2
- viewing, 11.2.3
R
- RADIUS, 4.2.2.3
- Raptor, 7.6
- RC4, Preface
- reads
-
- data block
-
- limits on, 5.3.1.4
- reauthenticating clients, 16.1.4.3, 16.1.4.3
- RECOVERY_CATALOG_OWNER role, 11.4.3
- REFERENCES privilege, 13.7.2
-
- CASCADE CONSTRAINTS option, 11.7.2.3
- revoking, 11.7.2.2, 11.7.2.3
- when granted through a role, 5.2.6
- REFRESH_GROUPED_POLICY procedure, 15.10, 15.11
- REFRESH_POLICY procedure, 15.10, 15.11
- remote authentication, 2.3, 7.6, 7.6
- REMOTE_OS_AUTHENT, 7.6
- REMOTE_OS_AUTHENT initialization parameter
-
- setting, 10.1.2.2
- remote_os_authentication, 2.3, 7.6, 7.6
- REMOTE_OS_ROLES initialization parameter
-
- setting, 11.5.2.3.2, 11.10.5
- reparsing, 15.2.3
- resetting failed login attempts, 7.4.1
- resource limits
-
- call level, 5.3.1.2
- connect time for each session, 5.3.1.5
- CPU time limit, 5.3.1.3
- determining values for, 5.4.1
- disabling, 11.3
- enabling, 11.3
- idle time in each session, 5.3.1.5
- logical reads limit, 5.3.1.4
- number of sessions for each user, 5.3.1.5
- private SGA space for each session, 5.3.1.5
- profiles, 11.3
- RESOURCE privilege, 13.6.1
- RESOURCE role, 5.1.6.1, 5.2.7, 11.4.3
- resources
-
- profiles, 11.3
- restrict symbolic links, 2.3, 7.6
- restrictions
-
- space
-
- developers, 7.3.4.5
- tablespaces, 7.3.4.5
- REVOKE CONNECT THROUGH clause
-
- revoking proxy authorization, 10.1.4
- REVOKE statement, 11.7.1
-
- when takes effect, 11.9
- revoking privileges and roles
-
- on selected columns, 11.7.2.2
- specifying ALL, 11.4.2
- REVOKE statement, 11.7.1
- when using operating-system roles, 11.10.3
- rewrite
-
- predicates in security policies, 6.2.1
- RMAN, 7.6
- role, 7.2
-
- typical developer, 7.3.4.4
- role identification
-
- operating system accounts, 11.10.1
- ROLE_SYS_PRIVS view, 13.3
- ROLE_TAB_PRIVS view, 13.3
- roles, 5.2, 7.3.1.2, 7.3.2, 7.6
-
- ADMIN OPTION and, 11.6.1.1
- administrative, 7.3.3
- advantages, 13.3
- application, 5.2.2.1, 13.5, 13.5, 13.7, 14.5.2
- application developers and, 7.3.4.4
- AQ_ADMINISTRATOR_ROLE, 11.4.3
- AQ_USER_ROLE, 11.4.3
- authorization, 11.5.2
- authorized by enterprise directory service, 11.5.2.4
- changing authorization for, 11.5.1
- changing passwords, 11.5.1
- CONNECT role, 5.2.7, 11.4.3
- CONNECT statement, 7.6, 11.4.3
- create your own, 7.6
- database authorization, 11.5.2.1
- DBA role, 5.2.7, 11.4.3
- DDL statements and, 5.2.6
- default, 11.1.2.2, 11.9.2
- definer's rights procedures disable, 5.2.5.1
- definition, 11.4.3
- DELETE_CATALOG_ROLE, 11.4.3
- dependency management in, 5.2.6
- disabling, 11.9.1
- dropping, 11.5.3
- enabled or disabled, 5.2.3
- enabling, 11.9.1, 13.5
- enabling and disabling, 3.2.1
- enterprise, 10.1.3, 11.5.2.4
- example, 7.3.2.1, 7.3.2.1, 7.3.2.1
-
- explanation, 7.3.2.1
- EXECUTE_CATALOG_ROLE, 11.4.3
- EXP_FULL_DATABASE, 11.4.3
- EXP_FULL_DATABASE role, 5.2.7
- for multiple administrators
-
- example, 7.3.3.3, 7.3.3.3, 7.3.3.3, 7.3.3.3, 7.3.3.3
- functionality, 5.1
- global, 10.1.3, 11.5.2.4
- global authorization, 11.5.2.4
- GRANT statement, 11.10.4
- granting, 5.1.1.1, 5.2.3, 11.6.1
- granting, about, 11.6
- HS_ADMIN_ROLE, 11.4.3
- IMP_FULL_DATABASE, 11.4.3
- IMP_FULL_DATABASE role, 5.2.7
- in applications, 5.2.1
- invoker's rights procedures use, 5.2.5.2
- job responsibility privileges only, 7.6
- listing, 11.11.5
- listing grants, 11.11.2
- listing privileges and roles in, 11.11.6
- management using the operating system, 11.10
- managing, 11.5, 13.7
- managing through operating system, 5.2.8
- maximum, 11.9.3
- multibyte characters in names, 11.5.1
- multibyte characters in passwords, 11.5.2.1
- naming, 5.2
- network authorization, 11.5.2.3.2
- operating system, 11.10.1
- operating system granting of, 11.10.1, 11.10.4
- operating-system authorization, 11.5.2.3
- OS management and the shared server, 11.10.5
- passwords, 3.2.3
- passwords for enabling, 11.5.2.1
- predefined, 5.2.7, 11.4.3
- privileges for creating, 11.5.1
- privileges for dropping, 11.5.3
- privileges, changing authorization method for, 11.5.1
- privileges, changing passwords, 11.5.1
- RECOVERY_CATALOG_OWNER, 11.4.3
- RESOURCE role, 5.2.7, 11.4.3
- restricting from tool users, 14.5.2
- restrictions on privileges of, 5.2.6
- REVOKE statement, 11.10.4
- revoking, 5.2.3, 11.7.1
- revoking ADMIN OPTION, 11.7.1
- schemas do not contain, 5.2
- secure application, 3.1.2
- security and, 7.3.2.1
- security domains of, 5.2.4
- SELECT_CATALOG_ROLE, 11.4.3
- SET ROLE statement, 11.10.4
- setting in PL/SQL blocks, 5.2.5.2
- unique names for, 11.5.1
- use of passwords with, 5.2.1
- usefulness compromised, 13.2.1
- user, 5.2.2.2, 13.5, 13.7
- users capable of granting, 5.2.3.1
- uses of, 5.2.2
- WITH GRANT OPTION and, 11.6.2.1
- without authorization, 11.5.1
- root file paths
-
- for files and packages outside the database, 2.3, 7.6
- row-level security
-
- see fine-grained access control, virtual private database (VPD), and Oracle Label Security
- rows
-
- row-level security, 6.2
- RSA private key, 2.4.1
- run-time facilities, 2.3, 7.6
S
- sample configuration
-
- listener, 7.6
- sample password complexity verification routine, 7.4.4.2
- Sample Schemas, 7.6
-
- remove or re-lock for production, 7.6
- test database, 7.6
- schema object privileges, 5.1.2, 6.1
-
- DML and DDL operations, 5.1.3
- granting and revoking, 5.1.2.1
- views, 5.1.4
- schema objects
-
- auditing, 8.4
- cascading effects on revoking, 11.7.3.2
- default audit options, 12.4.3.3
- default tablespace for, 11.1.1.3
- disabling audit options, 12.4.4.1, 12.4.4.2, 12.4.4.3
- enabling audit options on, 12.4.3.3
- granting privileges, 11.6.2
- in a revoked tablespace, 11.1.1.4.1
- owned by dropped users, 11.1.3
- privileges on, 5.1.2, 6.1
- privileges to access, 11.4.2
- privileges with, 11.4.2
- revoking privileges, 11.7.2
- schema-independent users, 13.6.2
- schemas
-
- default, 14.3.1.2
- unique, 13.6
- SCOTT, 2.3, 7.6, 7.6, 7.6, 7.6
- script files, 12.5.3
-
- CATNOAUD.SQL, 12.5.3
- scripts, 4.3.5
- scripts, authenticating users in, 9
- seamless timely distribution, 1.1.1
- sec_relevant_cols parameter, 14.1.1.1, 15.10.3.1
- sec_relevant_cols_opt parameter, 14.1.1.2, 15.10.3.2
- secure application, 13.4
- secure application role
-
- using to ensure database connection, 13.4.1
- secure installation and configuration checklist, 2.3, 7.6
- Secure Sockets Layer, 2.4.1, 2.4.1, 7.1.2, 7.6, 10.1, 10.1.3.1.1
-
- certificate key algorithm, 2.4.1
- checklist, 2.4.1
- cipher suites, 2.4.1
- configuration files, 2.4.1
- mode, 2.4.1
- pass-phrase, 2.4.1
- RSA private key, 2.4.1
- server.key file, 2.4.1
- tcps, 2.4.1
- Secure Sockets Layer (SSL) protocol, 16.1.4.3
- security
-
- accessing a database, 7.1
- administrator of, 7.1
- application administration, 7.3.5
- application developers and, 7.3.4
- application enforcement of, 5.2.1
- auditing, 8, 8.1.1.2
- auditing policies, 7.5
- authentication of users, 7.1.2
- breach effects, 1.1
- checklists and recommendations, 2
- data, 7.2, 7.2
- database security, 7.1
- database users and, 7.1.1
- default user accounts, 2.3, 7.6, 7.6
- dynamic predicates, 6.2.1
- effectiveness, 1
- elements and operations, 1
- enforcement in application, 13.2.2
- enforcement in database, 13.2.2
- fine-grained access control, 6.2
- general principles, 1
- general users, 7.3.1
- identity management, 1.1
- impacts, 1
- interaction complexity, 1.1
- issues by category, 1
- management costs
-
- escalation, 1
- multibyte characters in role names, 11.5.1
- multibyte characters in role passwords, 11.5.2.1
- operating-system security and the database, 7.1.3
- passwords, 4.3
- personnel dimension, 1
- physical dimension, 1
- policies
-
- administering, 15.10
- applied within database, 14.1.1.3
- centrally managed, 14.5.2.3
- example, 15.8
- implementing, 6.2.2, 14.3.2
- multiple policies per table, 14.2.1.2
- on tables or views, 14.2.1.1
- technical issues, 3.1.2
- policies for database administrators, 7.3.3
- policy for applications, 13.1, 14.5.2
- practical concerns, 2
- privilege management policies, 7.3.1.2
- privileges, 7.1
- procedural dimension, 1
- procedures enhance, 5.1.5.1
- protecting the audit trail, 12.4.6
- REMOTE_OS_ROLES parameter, 11.10.5
- requirements and principles, 1
- roles to force security, 7.3.2.1
- roles, advantages, 13.3
- security policies, 6.2
- technical dimension, 1
- test databases, 7.3.4.2
- threats and countermeasures, 3.1.1
- total costs, 1
- views enhance, 5.1.4.2
- what good security requires, 2
- security alerts, 7.6
- security domain
-
- application development, 7.3.4.5
- security domains
-
- enabled roles and, 5.2.3
- security patches and workarounds, 2.3, 7.6
- security policy function, 7.2
- security requirements and principles, 1
- security-relevant columns VPD, 14.1.1.1
- SELECT ANY DICTIONARY, 7.6, 7.6
- SELECT privilege, 13.7.2
- SELECT_CATALOG_ROLE role, 11.4.1.2, 11.4.3
- sequences
-
- auditing, 8.4
- SERVER_HOST attribute, 14.3.1.2
- server.key file, 2.4.1, 2.4.1
-
- pass-phrase to read and parse, 2.4.1
- permissions on, 2.4.1
- service names, 7.6
- session primitives, 14.3.1.2
- SESSION_ROLES view
-
- queried from PL/SQL block, 5.2.5.1
- SESSION_USER attribute, USERENV, 14.3.1.2
- SESSION_USERID attribute, 14.3.1.2
- SESSIONID attribute, 14.3.1.2
- sessions
-
- auditing by, 8.5.2.1
- auditing connections and disconnections, 12.4.3.1.1
- defined, 8.5.2.1
- limits for each user, 5.3.1.5
- listing privilege domain of, 11.11.4
- time limits on, 5.3.1.5
- viewing memory use, 11.2.5
- when auditing options take effect, 8.1.2
- SET ROLE statement
-
- associating privileges with role, 13.5
- at startup, 3.2.1
- disabling, 3.2.1
- equivalent to SET_ROLE, 13.5.2
- how password is set, 11.5.2.1
- role passwords, 3.2.3
- used to enable/disable roles, 11.9.1
- when using operating-system roles, 11.10.4
- SET_CONTEXT procedure, 15.2.2
- SET_ROLE procedure, 13.5.2
- SH, 7.6
- SHA-1, Preface
- shared policy type, Preface, 15.10.1
- Shared Schemas, 10.1.3.1.2
- shared server
-
- limiting private SQL areas, 5.3.1.5
- OS role management restrictions, 11.10.5
- SI_INFORMTN_SCHEMA, 7.6
- SID attribute, 14.3.1.2
- single sign-on, 1.1.1
- single source of truth, 1.1
- smart cards, 7.6
- sngle point of integration, 1.1.1
- space restrictions
-
- developers, 7.3.4.5
-
- tablespaces, 7.3.4.5
- SQL statements
-
- auditing, 8.2, 8.5.1
-
- when records generated, 8.1.2
- disabling audit options, 12.4.4.1, 12.4.4.3
- dynamic, 15.2.1.3
- enabling audit options on, 12.4.3.1.1
- privileges required for, 5.1.2, 6.1, 13.7.2
- resource limits and, 5.3.1.2
- restricting ad hoc use, 14.5.1, 14.5.1
- SQL*Net, 7.6
- SQL*Plus
-
- connecting with, 4.1
- restricting ad hoc use, 14.5.1, 14.5.1
- statistics monitor, 5.4.1
- sqlnet.ora, 7.6
- sqlnet.ora file, 4.3
- SSL, 1.1.2, 2.4.1, 2.4.1, 7.1.2, 7.6, 7.6
- SSL. See Secure Sockets Layer.
- statement auditing
-
- turning off, 12.4.4.1
- turning on, 12.4.3.1
- STATEMENTID attribute, 14.3.1.2
- static, Preface, 15.10.1, 15.10.2.1
- storage
-
- quotas and, 11.1.1.4
- revoking tablespaces and, 11.1.1.4.1
- unlimited quotas, 11.1.1.4.2
- stored procedures
-
- encapsulating privileges, 3.2.2
- invoker's rights, 13.5.2
- using privileges granted to PUBLIC, 11.8
- strong authentication, 7.6
- symbolic links, 2.3, 7.6
- synonyms
-
- inherit privileges from object, 5.1.2.3
- SYS, 7.6
- SYS account
-
- policies for protecting, 7.3.3.1
- policy enforcement, 14.5.3
- SYS and SYSTEM, 7.6
-
- passwords, 2.3, 7.6, 7.6
- SYS and SYSTEM connections, 7.3.3.1
- SYS schema, 15.2.2
-
- AS SYSDBA, 7.3.3.2
- SYS username
-
- statement execution audited, 8.1.2
- SYS_CONTEXT
-
- and parallel query, Preface
- SYS_CONTEXT function
-
- access control, 15.3.2.3
- database links, 15.2.1.5
- dynamic SQL statements, 15.2.1.3
- parallel query, 15.2.1.4
- syntax, 15.2.1.1
- USERENV namespace, 14.3.1.2
- SYS.AUD$, 12.4.1.1, 12.4.1.1, 12.4.1.1
- SYS.AUD$ table
-
- audit trail, 12.2.6
- creating and deleting, 12.5
- SYSMAN, 2.3, 7.6, 7.6, 7.6
- SYS-privileged connections, 2.3, 7.6
- SYSTEM, 7.6
- SYSTEM account
-
- policies for protecting, 7.3.3.1
- system global area (SGA)
-
- limiting private SQL areas, 5.3.1.5
- system privileges, 2.3, 5.1.1, 7.6, 11.4.1
-
- ADMIN OPTION, 5.1.1.2
- ANY, 7.6
- CREATE, 7.3.4.4
- described, 5.1.1, 11.4.1
- DROP ANY TABLE statement, 7.6
- GRANT ANY OBJECT PRIVILEGE, 11.6.2.2, 11.7.2.1
- GRANT ANY PRIVILEGE, 5.1.1.2
- granting, 11.6.1
- granting and revoking, 5.1.1.1
- SELECT ANY DICTIONARY, 7.6
- system security policy, 7.1
-
- database user management, 7.1.1
- operating system security, 7.1.3
- user authentication, 7.1.2
T
- tables
-
- auditing, 8.4
- privileges on, 5.1.3
- tablespaces
-
- assigning defaults for users, 11.1.1.3
- default quota, 11.1.1.4
- quotas for users, 11.1.1.4
- revoking from users, 11.1.1.4.1
- temporary
-
- assigning to users, 11.1.1.5
- unlimited quotas, 11.1.1.4.2
- viewing quotas, 11.2.3
- tcps, 2.4.1, 7.6
- technical security, 1
- TELNET, 7.6
- TERMINAL attribute, USERENV, 14.3.1.2
- test and production databases
-
- application developer environment, 7.3.4.2
- testing VPD policies, 15.10.1
- text level access
-
- host operating system, 7.6
- unauthorized, 7.6
- TFTP, 7.6
- TIGER, 7.6
- token cards, 7.6
- trace files, 7.6, 7.6, 7.6, 8.1.1.5
- triggers
-
- auditing, 8.4.1
- CREATE TRIGGER ON, 13.7.2
- event, 15.3.3
- login, 15.2.3
- logon, 15.2.1, 15.3.1
- privileges for executing, 5.1.5.1
-
- roles, 5.2.5
- Triple DES, Preface
- tsnames.ora, 2.4.1
-
- typical directory, 2.4.1
- turning off
-
- network auditing, 12.4.4.3
- object auditing, 12.4.4.2
- statement and privilege auditing, 12.4.4.1
- turning on
-
- network auditing, 12.4.3.4
- object auditing, 12.4.3.3
- privilege auditing, 12.4.3.2
- statement auditing, 12.4.3.1
- types
-
- privileges on, 5.1.6
- typical role, 7.3.4.4
U
- UDP and TCP ports
-
- close for ALL disabled services, 7.6
- uniform audit trail, Preface
- UNLIMITED, 7.4.3, 7.4.3
- UNLIMITED TABLESPACE privilege, 11.1.1.4.2
- unlock locked accounts, 7.3.3.1
- UPDATE privilege
-
- revoking, 11.7.2.2
- user authentication
-
- methods, 7.1.2
- user groups, 7.3.2
- USER pseudocolumn, 5.1.4.2
- user security policy, 7.3
- USERENV function, 14.3.1.2, 16.2.1.3.2, 17.3.1
- USERENV namespace, 14.3.1.2, 14.3.1.2
- usernames
-
- OS, 7.3.3.2
- schemas, 13.6
- users
-
- altering, 11.1.2
- assigning unlimited quotas for, 11.1.1.4.2
- auditing, 8.5.3
- authentication
-
- about, 7.1.2, 10.1
- authentication of, 4
- changing default roles, 11.1.2.2
- database authentication, 10.1.1
- default tablespaces, 11.1.1.3
- dropping, 11.1.3
- dropping profiles and, 11.3.1
- dropping roles and, 11.5.3
- enabling roles for, 13.5
- end-user security policies, 7.3.2
- enterprise, 10.1.3, 11.5.2.4, 13.6.2
- external authentication, 10.1.2
- global, 10.1.3
- listing, 11.2.1
- listing privileges granted to, 11.11.1
- listing roles granted to, 11.11.2
- managing, 11.1
- network authentication, 10.1.2.3
- objects after dropping, 11.1.3
- operating system authentication, 10.1.2.2
- password encryption, 4.3.1, 7.3.1.1
- password security, 7.3.1.1
- policies for managing privileges, 7.3.1.2
- privileges for changing passwords, 11.1.2
- privileges for creating, 11.1.1
- privileges for dropping, 11.1.3
- proxy authentication and authorization, 10.1.4
- PUBLIC group, 11.8
- PUBLIC user group, 5.2.4
- restricting application roles, 14.5.2
- roles and, 5.2.1
-
- for types of users, 5.2.2.2
- schema-independent, 13.6.2
- security and, 7.1.1
- security domains of, 5.2.4
- security for general users, 7.3.1
- specifying user names, 11.1.1.1
- tablespace quotas, 11.1.1.4
- viewing information on, 11.2.2
- viewing memory use, 11.2.5
- viewing tablespace quotas, 11.2.3
- UTL_FILE, 7.6
- UTL_HTTP, 7.6
- UTL_SMTP, 7.6
- UTL_TCP, 7.6
- UTLPWDMG.SQL, 4.3.5, 7.4.4
-
- formatting of password complexity verification routine, 7.4.4.1
V
- valid node checking, 2.4.4, 7.6
- view, 5.1.4
- views, 7.2
-
- auditing, 8.4, 8.4.1
- privileges for, 5.1.4
- security applications of, 5.1.4.2
- Virtual Private Database
-
- new features, Preface
- virtual private database (VPD), 3.2.1, 13.2.2, 14.1.1, 14.1.1.3, 14.5.2.3
-
- column-level VPD, 15.10.3
- defined, 14.1
- policies, 14.2
- VPD
-
- column masking behavior, 14.1.1.2
- column masking restrictions, 15.10.3.2
- objects it applies to, 14.1.1.1
- sec_relevant_cols parameter, 14.1.1.1
- see virtual private database
- sel_relevant_cols_opt parameter, 14.1.1.2
- with flashback query, 15.14
- VPD policies
-
- dynamic, 15.10.1
- testing with dynamic policy type, 15.10.1
- vulnerable data behind firewalls, 2.4.4, 7.6, 7.6
- vulnerable run-time call, 7.6
-
- made more secure, 7.6
W
- Wallet Manager, 4.2.2.2
- wallets, 4.2.2.2
- WHERE, 7.2
- WHERE clause, dynamic SQL, 14.1.1
- Windows operating system
-
- OS audit trail, 12.2.6, 12.4.1.2
- WK_TEST, 7.6
- WKPROXY, 7.6
- WKSYS, 7.6
- WMSYS, 7.6
X
- X.509 certificates, 7.6
- X.509 Version 3 certificates, 4.2.2.2
- XDB, 7.6
- XML, 12.4.1.1, 12.4.1.2