Index

List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
- Audience
- Documentation Accessibility
- Related Documents
- Conventions
Changes in This Release for Oracle Database Real Application Security Administrator's and Developer's Guide
- Changes in Oracle Database Release 19c Version 19.1
  - New Features
  - Deprecated Features
- Changes in Oracle Database Release 18c Version 18.1
  - New Features
  - Deprecated Features
- Changes in Oracle Database 12c Release 2 (12.2.0.1)
  - New Features
  - Deprecated Features
1 Introducing Oracle Database Real Application Security
- What Is Oracle Database Real Application Security?
- Data Security Concepts Used in Real Application Security
- Application Session Concepts Used in Application Security
- Flow of Design and Development
  - Design Phase
  - Development Flow Steps
- Scenario: Security Human Resources (HR) Demonstration of Employee Information
  - Basic Security HR Demo Scenario: Description and Security Requirements
  - Basic HR Scenario: Implementation Overview
- About Auditing in an Oracle Database Real Application Security Environment
- Support for Pluggable Databases
2 Configuring Application Users and Application Roles
- About Configuring Application Users
- About Configuring Application Roles
- Effective Dates for Application Users and Application Roles
- About Granting Application Privileges to Principals
3 Configuring Application Sessions
- About Application Sessions
  - About Application Sessions in Real Application Security
  - Advantages of Application Sessions
- About Creating and Maintaining Application Sessions
- About Manipulating the Application Session State
- About Administrative APIs for External Users and Roles
- About Real Application Security Session Privilege Scoping Through ACL
  - Granting Session Privileges on a Principal Using an ACL
4 Configuring Application Privileges and Access Control Lists
- About Application Privileges
  - Aggregate Privilege
    - ALL Privilege
- About Configuring Security Classes
- About Configuring Access Control Lists
- Data Security
  - Data Realms
  - Parameterized ACL
- ACL Binding
5 Configuring Data Security
- About Data Security
- About Validating the Data Security Policy
- Understanding the Structure of the Data Security Policy
- About Designing Data Realms
- Applying Additional Application Privileges to a Column
- About Enabling Data Security Policy for a Database Table or View
- About Creating Real Application Security Policies on Master-Detail Related Tables
- About Managing Application Privileges for Data Security Policies
  - About Bypassing the Security Checks of a Real Application Security Policy
  - Using the SQL*Plus SET SECUREDCOL Command
- Using BEQUEATH CURRENT_USER Views
  - Using SQL Functions to Determine the Invoking Application User
- Real Application Security: Putting It All Together
  - Basic HR Scenario: Implementation Tasks
  - Running the Security HR Demo
- About Schema Level Real Application Security Policy Administration
  - Setting Up and Enabling a Schema Level Data Security Policy
6 Using Real Application Security in Java Applications
- About Initializing the Middle Tier
- About Managing Real Application Security Sessions
- Authenticating Application Users Using Java APIs
- About Authorizing Application Users Using ACLs
- Human Resources Administration Use Case: Implementation in Java
7 Oracle Fusion Middleware Integration with Real Application Security
- About External Users and External Roles
- Session APIs for External Users and Roles
8 Application Session Service in Oracle Fusion Middleware
- About Real Application Security Concepts
- About Application Session Service in Oracle Fusion Middleware
- About the Application Session Filter
  - About the Application Session Filter Operation
- About Deployment
- About Application Configuration of the Application Session Filter
- Domain Configuration: Setting Up an Application Session Service to Work with OPSS and Oracle Fusion Middleware
- About Application Session APIs
- Human Resources Demo Use Case: Implementation in Java
9 Oracle Database Real Application Security Data Dictionary Views
- DBA_XS_OBJECTS
- DBA_XS_PRINCIPALS
- DBA_XS_EXTERNAL_PRINCIPALS
- DBA_XS_USERS
- USER_XS_USERS
- USER_XS_PASSWORD_LIMITS
- DBA_XS_ROLES
- DBA_XS_DYNAMIC_ROLES
- DBA_XS_PROXY_ROLES
- DBA_XS_ROLE_GRANTS
- DBA_XS_PRIVILEGES
- USER_XS_PRIVILEGES
- ALL_XS_PRIVILEGES
- DBA_XS_IMPLIED_PRIVILEGES
- USER_XS_IMPLIED_PRIVILEGES
- ALL_XS_IMPLIED_PRIVILEGES
- DBA_XS_PRIVILEGE_GRANTS
- DBA_XS_SECURITY_CLASSES
- USER_XS_SECURITY_CLASSES
- ALL_XS_SECURITY_CLASSES
- DBA_XS_SECURITY_CLASS_DEP
- USER_XS_SECURITY_CLASS_DEP
- ALL_XS_SECURITY_CLASS_DEP
- DBA_XS_ACLS
- USER_XS_ACLS
- ALL_XS_ACLS
- DBA_XS_ACES
- USER_XS_ACES
- ALL_XS_ACES
- DBA_XS_POLICIES
- USER_XS_POLICIES
- ALL_XS_POLICIES
- DBA_XS_REALM_CONSTRAINTS
- USER_XS_REALM_CONSTRAINTS
- ALL_XS_REALM_CONSTRAINTS
- DBA_XS_INHERITED_REALMS
- USER_XS_INHERITED_REALMS
- ALL_XS_INHERITED_REALMS
- DBA_XS_ACL_PARAMETERS
- USER_XS_ACL_PARAMETERS
- ALL_XS_ACL_PARAMETERS
- DBA_XS_COLUMN_CONSTRAINTS
- USER_XS_COLUMN_CONSTRAINTS
- ALL_XS_COLUMN_CONSTRAINTS
- DBA_XS_APPLIED_POLICIES
- ALL_XS_APPLIED_POLICIES
- DBA_XS_MODIFIED_POLICIES
- DBA_XS_SESSIONS
- DBA_XS_ACTIVE_SESSIONS
- DBA_XS_SESSION_ROLES
- DBA_XS_SESSION_NS_ATTRIBUTES
- DBA_XS_NS_TEMPLATES
- DBA_XS_NS_TEMPLATE_ATTRIBUTES
- ALL_XDS_ACL_REFRESH
- ALL_XDS_ACL_REFSTAT
- ALL_XDS_LATEST_ACL_REFSTAT
- DBA_XDS_ACL_REFRESH
- DBA_XDS_ACL_REFSTAT
- DBA_XDS_LATEST_ACL_REFSTAT
- USER_XDS_ACL_REFRESH
- USER_XDS_ACL_REFSTAT
- USER_XDS_LATEST_ACL_REFSTAT
- V$XS_SESSION_NS_ATTRIBUTES
- V$XS_SESSION_ROLES
10 Oracle Database Real Application Security SQL Functions
- COLUMN_AUTH_INDICATOR Function
- XS_SYS_CONTEXT Function
- ORA_CHECK_ACL Function
- ORA_GET_ACLIDS Function
- ORA_CHECK_PRIVILEGE Function
- TO_ACLID Function
11 Oracle Database Real Application Security PL/SQL Packages
- DBMS_XS_SESSIONS Package
- XS_ACL Package
- XS_ADMIN_UTIL Package
- XS_DATA_SECURITY Package
- XS_DATA_SECURITY_UTIL Package
- XS_DIAG Package
  - Security Model
  - Summary of XS_DIAG Subprograms
- XS_NAMESPACE Package
- XS_PRINCIPAL Package
- XS_SECURITY_CLASS Package
  - Security Model for the XS_SECURITY_CLASS Package
  - Summary of XS_SECURITY_CLASS Subprograms
12 Real Application Security HR Demo
- Overview of the Security HR Demo
- What Each Script Does
- Setting Up the Security HR Demo Components
- Running the Security HR Demo Using Direct Logon
- Running the Security HR Demo Attached to a Real Application Security Session
- Running the Security HR Demo Cleanup Script
- Running the Security HR Demo in the Java Interface
- About Using RASADM to Run the Security HR Demo
A Predefined Objects in Real Application Security
- Users
- Roles
- Namespaces
- Security Classes
- ACLs
B Configuring OCI and JDBC Applications for Column Authorization
- About Using OCI to Retrieve Column Authorization Indicators
- About Using JDBC to Retrieve Column Authorization Indicators
C Real Application Security HR Demo Files
- How to Run the Security HR Demo
- Scripts for the Security HR Demo
- Generated Log Files for Each Script
D Troubleshooting Oracle Database Real Application Security
- About Real Application Security Diagnostics
- About Event-Based Tracing of Real Application Security Components
- About Exception State Dump Information
- About Session Statistics
- Using Middle-Tier Tracing
Glossary
Index

Search

Print

Download

PDF for offline and print

Index

A C D E F G I J M N O P R S T U V W X

A

access control entry (ACE)
- about 1
- definition 1
access control lists (ACL)
- about 1
- directories
  - trace files, using to resolve predicate errors 1
- dynamic data realm constraints
  - about 1
  - ACL evaluation order 1
- evaluation order 1
- static data realm constraints
  - ACL evaluation order 1
- static data realms
  - about 1
- user-managed
  - example 1
ACE
- definition 1
- evaluation order 1
acl
- troubleshooting 1
ACL
- adding ACE 1
- binding 1
- changing security class 1
- constraining inheritance 1
- create 1
- extending inheritance 1
- identifiers
  - master-detail tables, retrieving ACL identifiers for 1
- inheritance 1
  - constraining 1
  - extending 1
- inheritance|ACL
  - changing parent ACL 1
- multilevel authentication 1
- removing ACL 1
- scope
  - definition 1
ACLS
- See: access control lists
ACLs and ACEs
- about 1
- creating 1
aggregate privilege
- about 1
- benefits 1
- definition 1
ALL_XDS_ACL_REFRESH view 1
ALL_XDS_ACL_REFSTAT view 1
ALL_XDS_LATEST_ACL_REFSTAT view 1
ALL_XS_ACES view 1
ALL_XS_ACL_PARAMETERS view 1
ALL_XS_ACLS view 1
ALL_XS_APPLIED_POLICIES view 1
ALL_XS_COLUMN_CONSTRAINTS view 1
ALL_XS_IMPLIED_PRIVILEGES view 1
ALL_XS_INHERITED_REALMS view 1
ALL_XS_POLICIES view 1
ALL_XS_PRIVILEGES view 1
ALL_XS_REALM_CONSTRAINTS view 1
ALL_XS_SECURITY_CLASS_DEP view 1
ALL_XS_SECURITY_CLASSES view 1
ALL grant 1
ALL privilege 1
anonymous user 1
application integration
- support for external users and roles 1
application privileges
- about 1
- granting to principles 1
application roles
- about 1, 4
- creating dynamic role 1, 2
- creating regular role 1, 2
- granting database role to an application role 1
- granting to another application role 1
- granting to existing application user 1
- granting to new application user 1
- using effective dates 1
- validating 1
application sessions
- about 1
- advantages 1
- attaching 1
- cookies, setting for 1
- creating 1, 2, 3
- creating anonymous application session 1
- database session
  - attaching to 1
  - detaching from 1
- destroying 1
- event handling 1
- global callback events, using 1
- namespace
  - creating 1
  - deleting 1
- namespaces
  - attributes, getting 1
  - attributes, setting 1
  - attribute values, getting 1
  - attribute values, setting 1
  - deleting 1
- roles
  - disabling for specified session 1
  - enabling for specified session 1
- roles, disabling from session 1
- roles, enabling for session 1
- saving 1
- security context, setting 1
- session cookie
  - setting 1
- session state manipulating 1
- switch user 1
- troubleshooting 1
- users, assigning to 1
- users, creating namespace templates 1
- users, custom attributes 1
- users, destroying 1
- users, detaching from 1
- users, initializing namespaces 1, 2, 3, 4
- users, initializing namespaces explicitly 1
- users, switching to 1
application sessions in the database
- architecture figure 1
application user roles
- application sessions, disabling from 1
- application sessions, enabling for 1
- disabling for specified session 1
- enabling for specified session 1
application users
- about 1, 2
- application sessions, assigning to 1
- application sessions, creating namespace templates 1
- application sessions, custom attributes 1
- application sessions, destroying 1
- application sessions, detaching from 1
- application sessions, initializing namespaces 1, 2, 3, 4
- application sessions, initializing namespaces explicitly 1
- application sessions, switching to 1
- compared with database user 1
- creating 1
  - direct login users 1
- creating direct login user 1
- definition 1
- general procedure 1
- modifying 1
- validating 1
application users and roles
- troubleshooting 1
applying
- additional application privileges
  - to a column 1
assigning
- an application user to an anonymous application session 1
attaching
- an application session 1
auditing
- DBA_XS_AUDIT_POLICY_OPTIONS view 1
- DBA_XS_AUDIT_TRAIL view 1
- DBA_XS_ENB_AUDIT_POLICIES view 1
- in an Oracle Database Real Application Security environment 1
- unified auditing 1, 2
authentication
- multilevel 1
- strong 1
- weak 1

C

callback event handler procedure
- creating 1
checking
- ACLs for a privilege 1
checking security attribute
- using getSecurityAttribute method
  - SecurityAttribute returns value ENABLED 1
  - SecurityAttribute returns value NONE 1
  - SecurityAttribute returns value UNKNOWN 1
checking user authorization indicator
- using getAuthorizationIndicator method
  - AuthorizationIndicator returns value NONE 1
  - AuthorizationIndicator returns value UNAUTHORIZED 1
  - AuthorizationIndicator returns value UNKNOWN 1
COLUMN_AUTH_INDICATOR function 1
column authorization
- JDBCI interface 1
- OCI interface 1
column-level security 1
configuring
- an application role 1
- application roles 1
- application users 1
- application user switch
  - proxying an application user 1
- global callback event handlers
  - for an application session 1
constraining ACL inheritance
- definition 1
cookies
- application sessions, setting for 1
create views
- using BEQUEATH clause 1
creating
- ACLs and ACEs 1
- anonymous application session 1
- application sessions 1
- application user accounts 1
- application users 1
- custom attributes
  - in application session 1
- direct login user 1
- dynamic application role 1, 2
- namespaces
  - using namespace templates 1
- namespace templates 1
- regular application role 1, 2
- security class 1
- simple application user account 1

D

database role
- about 1
database user
- about 1
- compared with application user 1
data realm constraints
- affect on database tables 1
- membership methods 1
- membership rule (WHERE predicate)
  - about 1
- membership rules
  - session variables, guideline for 1
- parameterized
  - about 1
- types defined by WHERE predicates 1
data realms 1
- See also: dynamic data realms, static data realms
- about 1
- definition 1
- structure 1
data security
- about 1
- ACLs 1
- automatic refreshment for static ACL 1
- troubleshooting 1
- with Oracle Database Real Application Security 1
data security documents
- example 1
- privileges
  - security checks, how handled 1
- privileges, column-level security 1
DataSecurity module 1
data security policy
- tables
  - enabling 1
  - removing from 1
data security privileges
- alter refreshment for static ACL 1, 2
- automatic refreshment for static ACL 1
DBA_XDS_ACL_REFRESH view 1
DBA_XDS_ACL_REFSTAT view 1
DBA_XDS_LATEST_ACL_REFSTAT view 1
DBA_XS_ACES view 1, 2, 3
DBA_XS_ACL_PARAMETERS view 1
DBA_XS_ACLS view 1, 2
DBA_XS_ACTIVE_SESSIONS view 1
DBA_XS_APPLIED_POLICIES view 1
DBA_XS_AUDIT_POLICY_OPTIONS view 1, 2
DBA_XS_AUDIT_TRAIL view 1, 2
DBA_XS_COLUMN_CONSTRAINTS view 1
DBA_XS_DYNAMIC_ROLES view 1
DBA_XS_ENB_AUDIT_POLICIES view 1, 2
DBA_XS_EXTERNAL_PRINICIPALS view 1
DBA_XS_IMPLIED_PRIVILEGES view 1
DBA_XS_INHERITED_REALMS view 1
DBA_XS_MODIFIED_POLICIES view 1
DBA_XS_NS_TEMPLATE_ATTRIBUTES view 1
DBA_XS_NS_TEMPLATES view 1
DBA_XS_OBJECTS view 1
DBA_XS_POLICIES view 1
DBA_XS_PRINICIPALS view 1
DBA_XS_PRIVILEGE_GRANTS view 1
DBA_XS_PRIVILEGES view 1, 2
DBA_XS_PROXY_ROLES view 1
DBA_XS_REALM_CONSTRAINTS view 1
DBA_XS_ROLE_GRANTS view 1
DBA_XS_ROLES view 1
DBA_XS_SECURITY_CLASS_DEP view 1, 2
DBA_XS_SECURITY_CLASSES view 1, 2
DBA_XS_SESSION_NS_ATTRIBUTES view 1
DBA_XS_SESSION_ROLES view 1
DBA_XS_SESSIONS view 1
DBA_XS_USERS view 1
DBMS_XS_SESSIONS PL/SQL package
- about 1
- ADD_GLOBAL_CALLBACK 1
- ASSIGN_USER 1
- ATTACH_SESSION 1
- constants 1
- CREATE_ATTRIBUTE 1
- CREATE_NAMESPACE 1
- CREATE_SESSION 1
- DELETE_GLOBAL_CALLBACK 1, 2
- DELETE_NAMESPACE 1
- DESTROY_SESSION 1
- DETACH_SESSION 1
- DISABLE_ROLE 1
- ENABLE_GLOBAL_CALLBACK 1
- ENABLE_ROLE 1
- GET_ATTRIBUTE 1
- object types, constructor functions 1
- SAVE_SESSION 1
- security model 1
- SET_ATTRIBUTE 1
- SWITCH_USER 1, 2
default security class
- definition 1
defining a basic data security policy
- implementation tasks 1
  - disable a data security policy for a table 1
- use case 1
deleting
- namespaces
  - in application session 1
destroying
- application session 1
detaching
- application session
  - from a traditional database session 1
determining
- invoker’s rights use for nested program units
  - using BEQUEATH clause when creating views 1
- the invoking application user
  - using SQL functions 1
direct application user accounts
- setting password verifiers 1
disabling
- application roles
  - for an application session 1
displaying secure column values
- using SQL*Plus SET SECUREDCOL command 1
dynamic application role 1
dynamic application roles
- predefined 1
dynamic data realm constraints
- about 1
- ACL evaluation order 1

E

enabling
- application roles
  - for application session 1
event-based tracing
- about 1
- components 1
event handlers 1
- See also: global callback events
examples
- JDBC
  - security attributes, checking 1
  - user authorization, checking 1
- OCI return codes 1
- Real Application Security policy on master-detail related tables 1
exception dumps 1
exception state dumps 1
extending ACL inheritance
- definition 1
external roles 1
external users 1
- namespaces for 1
- session modes 1
  - secure mode 1
  - trusted mode 1
external users and external roles
- createSession method 1
- for application integration 1
- session APIs for 1

F

firewall 1
- authentication 1
foreign_key
- specifies foreign key of detail table 1

G

getting
- session attributes
  - in application session 1
global callback events
- about 1
- adding 1
- deleting 1
- enable or disable 1
granting
- application privileges to principles 1
- application role
  - to existing application user 1
  - to new application role 1
  - to new application user 1
- database role
  - to an application role 1

I

inheritance
- master-detail related tables 1
inheritedFrom element, components 1
initializing
- namaspace
  - when session is attached 1
- namespace 1
  - application user is switched in application session 1
  - when session is created 1
- namespaces
  - explicitly 1
in-memory tracing 1

J

Java environment
- aborting a session 1
- assigning a user to a session 1
- assigning or switching an application user 1
- attaching an application session 1
  - external role behavior 1
- attachng an application session 1
- authenticating users using Java APIs 1
- authorizing application users using ACLs 1
- changing the middle-tier cache size 1
  - clearing the cache 1
  - getting the maximum cache idle time 1
  - getting the maximum cache size 1
  - removing entries from the cache 1
  - removing entries from the cache, getting the high watermark for cache 1
  - removing entries from the cache, getting the low watermark for cache 1
  - removing entries from the cache, setting the watermark 1
  - setting the maximum cache size 1
  - setting the middle-tier cache idle time 1
- checking if application role is enabled 1
- constructing an ACL identifier 1
- creating an application session 1
- creating a session namespace attribute 1
- creating a user session 1
- creating namespaces 1
- deleting namespaces 1
- deleting session namespace attributes 1
- destroying an application session 1
- detaching an application session 1
- disabling application roles 1
- enabling and disabling application roles 1
- enabling application roles 1
- getting a session namespace attribute 1
- getting data privileges associated with a specific ACL 1
- getting the application user ID for the session 1
- getting the Oracle connection associated with the session 1
- getting the session cookie 1
- getting the session ID for the session 1
- getting the string representation of the session 1
- implicitly creating namespaces 1
- initializing the middle tier 1
  - mid-tier configuration mode 1
  - privileges for the session manager 1
  - roles for the session manager 1
  - using getSessionManager method 1
- listing session namespace attributes 1
- performing namespace operations as session manager 1
- performing namespace operations as session user 1
- resetting session namespace attributes 1
- saving a session 1
- setting a session namespace attribute 1
- setting session cookie as session manager 1
- setting session inactivity timeout as session manager 1
- using namespace attributes 1
- using the checkAcl method 1
JDBC
- column authorization, interface for 1

M

master detail data realm
- foreign_key
  - specifies foreign key of detail table 1
- parentObjectName element
  - specifies name of master table 1
- parentSchemaName element
  - specifies name of schema containing master table 1
- primary_key
  - specifies primary key from master table 1
- when element
  - specifies a predicate for detail table 1
master-detail tables
- ACL
  - identifiers, retrieving 1
- inheritedFrom element, components 1
- Real Application Security policies
  - about 1
  - creating for 1
Materialized View 1
membership rules (WHERE predicate) in data realm constraints
- about 1
membership rules in data realm constraints
- session variables, guideline for 1
modifying
- application users 1
multilevel authentication 1
- definition 1
- using 1

N

namespaces
- application sessions
  - attributes, getting 1
  - attributes, setting 1
  - creating 1
  - deleting 1, 2
- attributes
  - creating 1
  - deleting 1
  - resetting 1
- attribute values
  - getting 1
  - setting 1

O

OCI parameter handle attribute
- OCI_ATTR_XDS_POLICY_STATUS 1
  - OCI_XDS_POLICY_ENABLED value 1
  - OCI_XDS_POLICY_NONE value 1
  - OCI_XDS_POLICY_UNKNOWN value 1
OCI return codes
- ORA-24530
  - column value is unauthorized to the user 1
- ORA-24531
  - column value authorization is unknown 1
- ORA-24536
  - column authorization unknown 1
ORA_CHECK_ACL function 1, 2
ORA_CHECK_PRIVILEGE function 1
ORA_GET_ACLIDS function
- See: ORA_GET_ACLIDS function
ORA_INVOKING_USER function
- returns name of current database user 1
ORA_INVOKING_USERID function
- returns ID of current database user 1
ORA_INVOKING_XS_USER_GUID function
- returns ID of current Real Application Security application user 1
ORA_INVOKING_XS_USER function
- returns name of current Real Application Security application user 1
ORA-24530
- column value is unauthorized to the user
  - OCI return code 1
ORA-24531
- column value authorization is unknown
  - OCI return code 1
ORA-24536
- column authorization unknown
  - OCI return code 1
ORA-28113((colon)) policy predicate has error message 1
oracle.jdbc.OracleResultSetMetaData interface
- getAuthorizationIndicator method
  - about 1
  - example 1
- getSecurityAttribute method
  - about 1
  - example 1
Oracle Call Interface (OCI)
- column authorization, interface for 1
Oracle Database Real Application Security
- about data security 1
- access control entry (ACE) 1
- access control list (ACL) 1
- advantages of 1
- aggregate privilege 1
- application privileges 1
- application session concepts 1
- architecture 1
- data security concepts 1
- data security policy 1
- flow of design and development 1
- principals
  - users and roles 1
- security classes 1
- security components of 1
- use case scenario example policy 1
  - component requirements 1
  - description and security requirements 1
  - implementation overview 1
- what is 1
Oracle Label Security
- context established during attach session 1
- context established in application session 1
- context established in named user’s application session 1
- context switches to target_user session 1
Oracle Virtual Private Database (VPD)
- extended for Real Application Security 1

P

parameterized ACL 1
parameterized data realm constraints
- about 1
parentObjectName element
- specifies name of master table 1
parentSchemaName element
- specifies name of schema containing master table 1
password verifiers
- direct application user accounts 1
PL/SQL functions
- COLUMN_AUTH_INDICATOR 1
- XS_SYS_CONTEXT 1
pluggable databases
- Oracle Real Application Security support for 1
predefined objects
- ACLs
  - NS_UNRESTRICTED_ACL 1
  - SESSIONACL 1
  - SYSTEMACL 1
- database roles
  - PROVISIONER 1
  - XS_CACHE_ADMIN 1
  - XS_NAMESPACE_ADMIN 1
  - XS_SESSION_ADMIN 1
- dynamic application roles 1
  - DBMS_AUTH 1
  - DBMS_PASSWD 1
  - EXTERNAL_DBMS_AUTH 1
  - MIDTIER_AUTH 1
  - XSAUTHENTICATED 1
  - XSSWITCH 1
- namespaces
  - XS$GLOBAL_VAR 1
  - XS$SESSION 1
- regular application roles
  - XSBYPASS 1
  - XSCACHEADMIN 1
  - XSCONNECT 1
  - XSDISPATCHER 1
  - XSNAMESPACEADMIN 1
  - XSPROVISIONER 1
  - XSPUBLIC 1
  - XSSESSIONADMIN 1
- security classes
  - DML 1
  - NSTEMPLATE_SC 1
  - SESSION 1
  - SYSTEM 1
- users
  - XSGUEST 1
primary_key
- specifies primary key from master table 1
principals
- about 1
privileges
- about application 1
- check 1
- constrain 1
- data security documents
  - columns, applying additional to 1
  - security checks, how handled 1

R

regular application role 1
roles 1, 2
- See also: application roles
- dynamic
  - assigning to user 1
  - removing from user 1

S

scope, ACL
- definition 1
security class
- about 1
- adding parent|security class
  - inheritance 1
- configuration 1
- create 1
- definition 1
- inheritance 1
- inheritance|security class
  - adding privileges 1
  - deleting 1
  - description string 1
  - removing implied privileges 1
  - removing parent 1
  - removing privileges 1
- manipulating 1
- troubleshooting 1
session 1
- See also: application sessions
- application 1
- IDs
  - authentication time, updating 1
  - time-out values, setting 1
- statistics 1
Session
- isRoleEnabled 1
- setCookie 1
- setInactivityTimeout 1
session cookie
- application sessions
  - setting 1
SessionNamespace
- deleteAttribute 1
- toString 1
session privilege scoping through ACL 1
session service
- application configuration of the session filter 1
- authorization (checkACL) 1
- check privilege API 1
- deployment 1
- domain configuration 1
  - automatic 1
  - manual 1
  - prerequisites 1
- namespace APIs 1
- namespace operations 1
- Oracle Platform Security Service (OPSS) 1
- privilege elevation 1
- privilege elevation API 1
- Real Application Security servlet filter 1
- session APIs 1, 2
- session filter 1
- session filter operation 1
- supports JavaEE web application
  - using OPSS as application security provider 1
SET SECUREDCOL command
- SQL*Plus
  - displaying secure column values 1
setting
- a cookie for an application session 1
- password verifiers 1
- session attributes
  - in application session 1
SQL functions
- ORA_CHECK_ACL 1, 2
- ORA_CHECK_PRIVILEGE 1
- ORA_INVOKING_USER
  - returns name of current datanase user 1
- ORA_INVOKING_USERID
  - returns ID of current database user 1
- ORA_INVOKING_XS_USER
  - returns name of current Real Application Security application user 1
- ORA_INVOKING_XS_USER_GUID
  - returns ID of current Real Application Security application user 1
- TO_ACLID 1
SQL operators
- ORA_CHECK_ACL
  - checking ACLs for a privilege 1
static data realms
- about 1
- constraints
  - ACL evaluation order 1
statistics in troubleshooting 1
switching
- application users
  - in current application session 1
SYS_GET_ACLIDS function
- See: ORA_GET_ACLIDS function
system-constraining ACL
- about 1
- definition 1

T

tables
- data security policy
  - enabling 1
  - removing from 1
- master-detail tables, Real Application Security policies
  - about 1
  - creating for 1
time-out values
- session
  - IDs, setting for 1
TO_ACLID function 1
trace files
- acl 1
- application roles 1
- application sessions 1
- application users 1
- data security 1
- policy predicate errors 1
- Real Application Security components 1
- security classes 1
tracing
- event and in-memory 1
traditional security model
- manging application users
  - disadvantages of 1
troubleshooting
- acl 1
- application principals 1
- application sessions 1
- data security 1
- event-based tracing
  - about 1
  - components 1
- exception dumps 1
- exception state dumps 1
- in-memory tracing 1
- Real Application Security diagnostics 1
- security classes 1
- session statistics 1
- statistics 1
- using the ORA_CHECK_ACL function 1
- using the ORA_GET_ACLIDS function 1
- using validation APIs 1

U

use case scenario example policy
- human resources administration of employee information 1
  - component requirements 1
  - description and security requirements 1
  - implementation overview 1
- Java implementation 1
  - authorizing with middle-tier API 1
  - main method 1
  - performing cleanup operations 1
  - running a query on the database 1
  - setting up connection 1
  - setting up session 1
USER_XDS_ACL_REFRESH view 1
USER_XDS_ACL_REFSTAT view 1
USER_XDS_LATEST_ACL_REFSTAT view 1
USER_XS_ACES view 1
USER_XS_ACL_PARAMETERS view 1
USER_XS_ACLS view 1
USER_XS_COLUMN_CONSTRAINTS view 1
USER_XS_IMPLIED_PRIVILEGES view 1
USER_XS_INHERITED_REALMS view 1
USER_XS_PASSWORD_LIMITS view 1
USER_XS_POLICIES view 1
USER_XS_PRIVILEGES view 1
USER_XS_REALM_CONSTRAINTS view 1
USER_XS_SECURITY_CLASS_DEP view 1
USER_XS_SECURITY_CLASSES view 1
USER_XS_USERS view 1
users 1
- See also: application users
user sessions 1
- See also: application sessions
using
- constraining application privilege 1
- effective dates with application roles 1
- multilevel authentication 1
- ORA_CHECK_ACL SQL operator 1
- SQL functions
  - to determine the invoking application user 1
- XS_DIAG.VALIDATE_PRINCIPAL function 1, 2

V

V$XS_SESSION_NS_ATTRIBUTES view 1
V$XS_SESSION_ROLES view 1
validating
- ACLs 1, 2
- application roles 1
- application users 1
- data security policy 1, 2
- namespaces 1
- principals 1
- security classes 1, 2
- workspace objects 1
views 1
- ALL_XDS_ACL_REFRESH 1
- ALL_XDS_ACL_REFSTAT 1
- ALL_XDS_LATEST_ACL_REFSTAT 1
- ALL_XS_ACES 1
- ALL_XS_ACL_PARAMETERS 1
- ALL_XS_ACLS 1
- ALL_XS_APPLIED_POLICIES 1
- ALL_XS_COLUMN_CONSTRAINTS 1
- ALL_XS_IMPLIED_PRIVILEGES 1
- ALL_XS_INHERITED_REALMS 1
- ALL_XS_POLICIES 1
- ALL_XS_PRIVILEGES 1
- ALL_XS_REALM_CONSTRAINTS 1
- ALL_XS_SECURITY_CLASS_DEP 1
- ALL_XS_SECURITY_CLASSES 1
- DBA_XDS_ACL_REFRESH 1
- DBA_XDS_ACL_REFSTAT 1
- DBA_XDS_LATEST_ACL_REFSTAT 1
- DBA_XS_ACES 1
- DBA_XS_ACL_PARAMETERS 1
- DBA_XS_ACLS 1
- DBA_XS_ACTIVE_SESSIONS 1
- DBA_XS_APPLIED_POLICIES 1
- DBA_XS_COLUMN_CONSTRAINTS 1
- DBA_XS_DYNAMIC_ROLES 1
- DBA_XS_EXTERNAL_PRINCIPALS 1
- DBA_XS_IMPLIED_PRIVILEGES 1
- DBA_XS_INHERITED_REALMS 1
- DBA_XS_MODIFIED_POLICIES 1
- DBA_XS_NS_TEMPLATE_ATTRIBUTES 1
- DBA_XS_NS_TEMPLATES 1
- DBA_XS_OBJECTS 1
- DBA_XS_POLICIES 1
- DBA_XS_PRINCIPALS 1
- DBA_XS_PRIVILEGE_GRANTS 1
- DBA_XS_PRIVILEGES 1
- DBA_XS_PROXY_ROLES 1
- DBA_XS_REALM_CONSTRAINTS 1
- DBA_XS_ROLE_GRANTS 1
- DBA_XS_ROLES 1
- DBA_XS_SECURITY_CLASS_DEP 1
- DBA_XS_SECURITY_CLASSES 1
- DBA_XS_SESSION_NS_ATTRIBUTES 1
- DBA_XS_SESSION_ROLES 1
- DBA_XS_SESSIONS 1
- DBA_XS_USERS 1
- privileges in data security documents 1
- USER_XDS_ACL_REFRESH 1
- USER_XDS_ACL_REFSTAT 1
- USER_XDS_LATEST_ACL_REFSTAT 1
- USER_XS_ACES 1
- USER_XS_ACL_PARAMETERS 1
- USER_XS_ACLS 1
- USER_XS_COLUMN_CONSTRAINTS 1
- USER_XS_IMPLIED_PRIVILEGES 1
- USER_XS_INHERITED_REALMS 1
- USER_XS_PASSWORD_LIMITS 1
- USER_XS_POLICIES 1
- USER_XS_PRIVILEGES 1
- USER_XS_REALM_CONSTRAINTS 1
- USER_XS_SECURITY_CLASS_DEP 1
- USER_XS_SECURITY_CLASSES 1
- USER_XS_USERS 1
- V$XS_SESSION_NS_ATTRIBUTES 1
- V$XS_SESSION_ROLES 1

W

when element
- specifies a predicate for detail table 1

X

XS_ACL PL/SQL package
- about 1
- ADD_ACL_PARAMETER 1
- APPEND_ACES 1, 2
- constants 1
- CREATE_ACL 1
- DELETE_ACL 1
- object types, constructor functions 1
- REMOVE_ACES 1, 2
- REMOVE_ACL_PARAMETERS 1
- security model 1
- SET_DESCRIPTION 1
- SET_PARENT_ACL 1, 2, 3, 4
- SET_SECURITY_CLASS 1, 2
XS_ADMIN_UTIL PL/SQL package
- about 1
- constants 1
- GRANT_SYSTEM_PRIVILEGE 1
- object types 1
- REVOKE_SYSTEM_PRIVILEGE 1
- security model 1
XS_DATA_SECURITY_UTIL PL/SQL package
- about 1
- ALTER_STATIC_ACL_REFRESH Procedure 1
- constants 1
- SCHEDULE_STATIC_ACL_REFRESH Procedure 1
- security model 1
XS_DATA_SECURITY PL/SQL package
- about 1
- ADD_COLUMN_CONSTRAINTS Procedure 1
- APPEND_REALM_CONSTRAINTS Procedure 1
- APPLY_OBJECT_POLICY 1
- APPLY_OBJECT_POLICY Procedure 1
- CREATE_ACL_PARAMETER Procedure 1
- CREATE_POLICY Procedure 1
- DELETE_ACL_PARAMETER Procedure 1
- DELETE_POLICY Procedure 1
- DISABLE_OBJECT_POLICY Procedure 1
- ENABLE_OBJECT_POLICY
  - affect on database tables 1
- ENABLE_OBJECT_POLICY Procedure 1
- object types, constructor functions 1
- REMOVE_COLUMN_CONSTRAINTS Procedure 1
- REMOVE_OBJECT_POLICY Procedure 1
- REMOVE_REALM_CONSTRAINTS Procedure 1
- security model 1
- SET_DESCRIPTION Procedure 1
XS_DIAG PL/SQL package
- about 1
- security model 1
- VALIDATE_ACL 1
- VALIDATE_ACL Function 1
- VALIDATE_DATA_SECURITY 1
- VALIDATE_DATA_SECURITY Function 1
- VALIDATE_PRINCIPAL 1, 2
- VALIDATE_PRINCIPAL Function 1
- VALIDATE_SECURITY_CLASS 1
- VALIDATE_SECURITY_CLASS Function 1
- VALIDATE_WORKSPACE Function 1
XS_DIAG PL/SQL PL/SQL package
- VALIDATE_NAMESPACE_TEMPLATE Function 1
XS_NAMESPACE PL/SQL package
- about 1
- ADD_ATTRIBUTES Procedure 1
- constants 1
- CREATE_TEMPLATE 1
- CREATE_TEMPLATE Procedure 1
- DELETE_TEMPLATE 1
- object types, constructor functions 1
- REMOVE_ATTRIBUTES Procedure 1
- security model 1
- SET_DESCRIPTION Procedure 1
- SET_HANDLER Procedure 1
XS_PRINCIPAL PL/SQL package
- about 1
- ADD_PROXY_TO_DBUSER Procedure 1
- ADD_PROXY_USER 1
- ADD_PROXY_USER Procedure 1
- constants 1
- CREATE_DYNAMIC_ROLE 1
- CREATE_DYNAMIC_ROLE Procedure 1
- CREATE_ROLE 1
- CREATE_ROLE Procedure 1
- CREATE_USER 1, 2
- CREATE_USER Procedure 1
- DELETE_PRINCIPAL Procedure 1
- ENABLE_BY_DEFAULT Procedure 1
- ENABLE_ROLES_BY_DEFAULT Procedure 1
- GRANT_ROLES 1, 2
- GRANT_ROLES Procedure 1
- object types, constructor functions 1
- REMOVE_PROXY_FROM_DBUSER Procedure 1
- REMOVE_PROXY_USERS Procedure 1
- REVOKE_ROLES Procedure 1
- security model 1
- SET_ACL Procedure 1
- SET_DESCRIPTION Procedure 1
- SET_DYNAMIC_ROLE_DURATION Procedure 1
- SET_DYNAMIC_ROLE_SCOPE Procedure 1
- SET_EFFECTIVE_DATES Procedure 1
- SET_GUID Procedure 1
- SET_PASSWORD 1
- SET_PASSWORD Procedure 1
- SET_PROFILE 1
- SET_PROFILE Procedure 1
- SET_USER_SCHEMA Procedure 1
- SET_USER_STATUS Procedure 1
- SET_VERIFIER 1
- SET_VERIFIER Procedure 1
XS_SECURITY_CLASS PL/SQL package
- about 1
- ADD_IMPLIED_PRIVILEGES 1, 2
- ADD_IMPLIED_PRIVILEGES Procedure 1
- ADD_PARENTS 1
- ADD_PARENTS Procedure 1
- ADD_PRIVILEGES 1, 2
- ADD_PRIVILEGES Procedure 1
- CREATE_SECURITY_CLASS Procedure 1
- DELETE_SECURITY_CLASS 1
- DELETE_SECURITY_CLASS Procedure 1
- REMOVE_IMPLIED_PRIVILEGES 1
- REMOVE_IMPLIED_PRIVILEGES Procedure 1
- REMOVE_PARENTS 1
- REMOVE_PARENTS Procedure 1
- REMOVE_PRIVILEGES 1
- REMOVE_PRIVILEGES Procedure 1
- security model 1
- SET_DESCRIPTION 1
- SET_DESCRIPTION Procedure 1
XS_SYS_CONTEXT function 1
XSSessionManager
- clearCache 1
- createAnonymousSession 1
- createSession 1
- getLowWaterMark 1