Index
A
- access control entry (ACE)
- access control lists (ACL)
- ACE
- acl
- troubleshooting 1
- ACL
- ACLS
- See: access control lists
- ACLs and ACEs
- aggregate privilege
- ALL_XDS_ACL_REFRESH view 1
- ALL_XDS_ACL_REFSTAT view 1
- ALL_XDS_LATEST_ACL_REFSTAT view 1
- ALL_XS_ACES view 1
- ALL_XS_ACL_PARAMETERS view 1
- ALL_XS_ACLS view 1
- ALL_XS_APPLIED_POLICIES view 1
- ALL_XS_COLUMN_CONSTRAINTS view 1
- ALL_XS_IMPLIED_PRIVILEGES view 1
- ALL_XS_INHERITED_REALMS view 1
- ALL_XS_POLICIES view 1
- ALL_XS_PRIVILEGES view 1
- ALL_XS_REALM_CONSTRAINTS view 1
- ALL_XS_SECURITY_CLASS_DEP view 1
- ALL_XS_SECURITY_CLASSES view 1
- ALL grant 1
- ALL privilege 1
- anonymous user 1
- application integration
- support for external users and roles 1
- application privileges
- application roles
- application sessions
- about 1
- advantages 1
- attaching 1
- cookies, setting for 1
- creating 1, 2, 3
- creating anonymous application session 1
- database session
- destroying 1
- event handling 1
- global callback events, using 1
- namespace
- namespaces
- roles
- roles, disabling from session 1
- roles, enabling for session 1
- saving 1
- security context, setting 1
- session cookie
- setting 1
- session state manipulating 1
- switch user 1
- troubleshooting 1
- users, assigning to 1
- users, creating namespace templates 1
- users, custom attributes 1
- users, destroying 1
- users, detaching from 1
- users, initializing namespaces 1, 2, 3, 4
- users, initializing namespaces explicitly 1
- users, switching to 1
- application sessions in the database
- architecture figure 1
- application user roles
- application users
- about 1, 2
- application sessions, assigning to 1
- application sessions, creating namespace templates 1
- application sessions, custom attributes 1
- application sessions, destroying 1
- application sessions, detaching from 1
- application sessions, initializing namespaces 1, 2, 3, 4
- application sessions, initializing namespaces explicitly 1
- application sessions, switching to 1
- compared with database user 1
- creating 1
- direct login users 1
- creating direct login user 1
- definition 1
- general procedure 1
- modifying 1
- validating 1
- application users and roles
- troubleshooting 1
- applying
- additional application privileges
- to a column 1
- additional application privileges
- assigning
- an application user to an anonymous application session 1
- attaching
- an application session 1
- auditing
- authentication
C
- callback event handler procedure
- creating 1
- checking
- ACLs for a privilege 1
- checking security attribute
- checking user authorization indicator
- COLUMN_AUTH_INDICATOR function 1
- column authorization
- column-level security 1
- configuring
- constraining ACL inheritance
- definition 1
- cookies
- application sessions, setting for 1
- create views
- using BEQUEATH clause 1
- creating
- ACLs and ACEs 1
- anonymous application session 1
- application sessions 1
- application user accounts 1
- application users 1
- custom attributes
- in application session 1
- direct login user 1
- dynamic application role 1, 2
- namespaces
- using namespace templates 1
- namespace templates 1
- regular application role 1, 2
- security class 1
- simple application user account 1
D
- database role
- about 1
- database user
- data realm constraints
- data realms 1
- See also: dynamic data realms, static data realms
- data security
- data security documents
- DataSecurity module 1
- data security policy
- data security privileges
- DBA_XDS_ACL_REFRESH view 1
- DBA_XDS_ACL_REFSTAT view 1
- DBA_XDS_LATEST_ACL_REFSTAT view 1
- DBA_XS_ACES view 1, 2, 3
- DBA_XS_ACL_PARAMETERS view 1
- DBA_XS_ACLS view 1, 2
- DBA_XS_ACTIVE_SESSIONS view 1
- DBA_XS_APPLIED_POLICIES view 1
- DBA_XS_AUDIT_POLICY_OPTIONS view 1, 2
- DBA_XS_AUDIT_TRAIL view 1, 2
- DBA_XS_COLUMN_CONSTRAINTS view 1
- DBA_XS_DYNAMIC_ROLES view 1
- DBA_XS_ENB_AUDIT_POLICIES view 1, 2
- DBA_XS_EXTERNAL_PRINICIPALS view 1
- DBA_XS_IMPLIED_PRIVILEGES view 1
- DBA_XS_INHERITED_REALMS view 1
- DBA_XS_MODIFIED_POLICIES view 1
- DBA_XS_NS_TEMPLATE_ATTRIBUTES view 1
- DBA_XS_NS_TEMPLATES view 1
- DBA_XS_OBJECTS view 1
- DBA_XS_POLICIES view 1
- DBA_XS_PRINICIPALS view 1
- DBA_XS_PRIVILEGE_GRANTS view 1
- DBA_XS_PRIVILEGES view 1, 2
- DBA_XS_PROXY_ROLES view 1
- DBA_XS_REALM_CONSTRAINTS view 1
- DBA_XS_ROLE_GRANTS view 1
- DBA_XS_ROLES view 1
- DBA_XS_SECURITY_CLASS_DEP view 1, 2
- DBA_XS_SECURITY_CLASSES view 1, 2
- DBA_XS_SESSION_NS_ATTRIBUTES view 1
- DBA_XS_SESSION_ROLES view 1
- DBA_XS_SESSIONS view 1
- DBA_XS_USERS view 1
- DBMS_XS_SESSIONS PL/SQL package
- about 1
- ADD_GLOBAL_CALLBACK 1
- ASSIGN_USER 1
- ATTACH_SESSION 1
- constants 1
- CREATE_ATTRIBUTE 1
- CREATE_NAMESPACE 1
- CREATE_SESSION 1
- DELETE_GLOBAL_CALLBACK 1, 2
- DELETE_NAMESPACE 1
- DESTROY_SESSION 1
- DETACH_SESSION 1
- DISABLE_ROLE 1
- ENABLE_GLOBAL_CALLBACK 1
- ENABLE_ROLE 1
- GET_ATTRIBUTE 1
- object types, constructor functions 1
- SAVE_SESSION 1
- security model 1
- SET_ATTRIBUTE 1
- SWITCH_USER 1, 2
- default security class
- definition 1
- defining a basic data security policy
- deleting
- namespaces
- in application session 1
- namespaces
- destroying
- application session 1
- detaching
- application session
- from a traditional database session 1
- application session
- determining
- direct application user accounts
- setting password verifiers 1
- disabling
- application roles
- for an application session 1
- application roles
- displaying secure column values
- using SQL*Plus SET SECUREDCOL command 1
- dynamic application role 1
- dynamic application roles
- predefined 1
- dynamic data realm constraints
E
J
- Java environment
- aborting a session 1
- assigning a user to a session 1
- assigning or switching an application user 1
- attaching an application session 1
- external role behavior 1
- attachng an application session 1
- authenticating users using Java APIs 1
- authorizing application users using ACLs 1
- changing the middle-tier cache size 1
- clearing the cache 1
- getting the maximum cache idle time 1
- getting the maximum cache size 1
- removing entries from the cache 1
- removing entries from the cache, getting the high watermark for cache 1
- removing entries from the cache, getting the low watermark for cache 1
- removing entries from the cache, setting the watermark 1
- setting the maximum cache size 1
- setting the middle-tier cache idle time 1
- checking if application role is enabled 1
- constructing an ACL identifier 1
- creating an application session 1
- creating a session namespace attribute 1
- creating a user session 1
- creating namespaces 1
- deleting namespaces 1
- deleting session namespace attributes 1
- destroying an application session 1
- detaching an application session 1
- disabling application roles 1
- enabling and disabling application roles 1
- enabling application roles 1
- getting a session namespace attribute 1
- getting data privileges associated with a specific ACL 1
- getting the application user ID for the session 1
- getting the Oracle connection associated with the session 1
- getting the session cookie 1
- getting the session ID for the session 1
- getting the string representation of the session 1
- implicitly creating namespaces 1
- initializing the middle tier 1
- listing session namespace attributes 1
- performing namespace operations as session manager 1
- performing namespace operations as session user 1
- resetting session namespace attributes 1
- saving a session 1
- setting a session namespace attribute 1
- setting session cookie as session manager 1
- setting session inactivity timeout as session manager 1
- using namespace attributes 1
- using the checkAcl method 1
- JDBC
- column authorization, interface for 1
M
O
- OCI parameter handle attribute
- OCI return codes
- ORA_CHECK_ACL function 1, 2
- ORA_CHECK_PRIVILEGE function 1
- ORA_GET_ACLIDS function
- See: ORA_GET_ACLIDS function
- ORA_INVOKING_USER function
- returns name of current database user 1
- ORA_INVOKING_USERID function
- returns ID of current database user 1
- ORA_INVOKING_XS_USER_GUID function
- returns ID of current Real Application Security application user 1
- ORA_INVOKING_XS_USER function
- returns name of current Real Application Security application user 1
- ORA-24530
- column value is unauthorized to the user
- OCI return code 1
- column value is unauthorized to the user
- ORA-24531
- column value authorization is unknown
- OCI return code 1
- column value authorization is unknown
- ORA-24536
- column authorization unknown
- OCI return code 1
- column authorization unknown
- ORA-28113((colon)) policy predicate has error message 1
- oracle.jdbc.OracleResultSetMetaData interface
- Oracle Call Interface (OCI)
- column authorization, interface for 1
- Oracle Database Real Application Security
- about data security 1
- access control entry (ACE) 1
- access control list (ACL) 1
- advantages of 1
- aggregate privilege 1
- application privileges 1
- application session concepts 1
- architecture 1
- data security concepts 1
- data security policy 1
- flow of design and development 1
- principals
- users and roles 1
- security classes 1
- security components of 1
- use case scenario example policy 1
- what is 1
- Oracle Label Security
- Oracle Virtual Private Database (VPD)
- extended for Real Application Security 1
P
- parameterized ACL 1
- parameterized data realm constraints
- about 1
- parentObjectName element
- specifies name of master table 1
- parentSchemaName element
- specifies name of schema containing master table 1
- password verifiers
- direct application user accounts 1
- PL/SQL functions
- pluggable databases
- Oracle Real Application Security support for 1
- predefined objects
- primary_key
- specifies primary key from master table 1
- principals
- about 1
- privileges
S
- scope, ACL
- definition 1
- security class
- session 1
- See also: application sessions
- Session
- session cookie
- application sessions
- setting 1
- application sessions
- SessionNamespace
- session privilege scoping through ACL 1
- session service
- application configuration of the session filter 1
- authorization (checkACL) 1
- check privilege API 1
- deployment 1
- domain configuration 1
- namespace APIs 1
- namespace operations 1
- Oracle Platform Security Service (OPSS) 1
- privilege elevation 1
- privilege elevation API 1
- Real Application Security servlet filter 1
- session APIs 1, 2
- session filter 1
- session filter operation 1
- supports JavaEE web application
- using OPSS as application security provider 1
- SET SECUREDCOL command
- SQL*Plus
- displaying secure column values 1
- SQL*Plus
- setting
- SQL functions
- ORA_CHECK_ACL 1, 2
- ORA_CHECK_PRIVILEGE 1
- ORA_INVOKING_USER
- returns name of current datanase user 1
- ORA_INVOKING_USERID
- returns ID of current database user 1
- ORA_INVOKING_XS_USER
- returns name of current Real Application Security application user 1
- ORA_INVOKING_XS_USER_GUID
- returns ID of current Real Application Security application user 1
- TO_ACLID 1
- SQL operators
- ORA_CHECK_ACL
- checking ACLs for a privilege 1
- ORA_CHECK_ACL
- static data realms
- statistics in troubleshooting 1
- switching
- application users
- in current application session 1
- application users
- SYS_GET_ACLIDS function
- See: ORA_GET_ACLIDS function
- system-constraining ACL
T
- tables
- time-out values
- session
- IDs, setting for 1
- session
- TO_ACLID function 1
- trace files
- tracing
- event and in-memory 1
- traditional security model
- manging application users
- disadvantages of 1
- manging application users
- troubleshooting
- acl 1
- application principals 1
- application sessions 1
- data security 1
- event-based tracing
- exception dumps 1
- exception state dumps 1
- in-memory tracing 1
- Real Application Security diagnostics 1
- security classes 1
- session statistics 1
- statistics 1
- using the ORA_CHECK_ACL function 1
- using the ORA_GET_ACLIDS function 1
- using validation APIs 1
U
- use case scenario example policy
- USER_XDS_ACL_REFRESH view 1
- USER_XDS_ACL_REFSTAT view 1
- USER_XDS_LATEST_ACL_REFSTAT view 1
- USER_XS_ACES view 1
- USER_XS_ACL_PARAMETERS view 1
- USER_XS_ACLS view 1
- USER_XS_COLUMN_CONSTRAINTS view 1
- USER_XS_IMPLIED_PRIVILEGES view 1
- USER_XS_INHERITED_REALMS view 1
- USER_XS_PASSWORD_LIMITS view 1
- USER_XS_POLICIES view 1
- USER_XS_PRIVILEGES view 1
- USER_XS_REALM_CONSTRAINTS view 1
- USER_XS_SECURITY_CLASS_DEP view 1
- USER_XS_SECURITY_CLASSES view 1
- USER_XS_USERS view 1
- users 1
- See also: application users
- user sessions 1
- See also: application sessions
- using
V
- V$XS_SESSION_NS_ATTRIBUTES view 1
- V$XS_SESSION_ROLES view 1
- validating
- views 1
- ALL_XDS_ACL_REFRESH 1
- ALL_XDS_ACL_REFSTAT 1
- ALL_XDS_LATEST_ACL_REFSTAT 1
- ALL_XS_ACES 1
- ALL_XS_ACL_PARAMETERS 1
- ALL_XS_ACLS 1
- ALL_XS_APPLIED_POLICIES 1
- ALL_XS_COLUMN_CONSTRAINTS 1
- ALL_XS_IMPLIED_PRIVILEGES 1
- ALL_XS_INHERITED_REALMS 1
- ALL_XS_POLICIES 1
- ALL_XS_PRIVILEGES 1
- ALL_XS_REALM_CONSTRAINTS 1
- ALL_XS_SECURITY_CLASS_DEP 1
- ALL_XS_SECURITY_CLASSES 1
- DBA_XDS_ACL_REFRESH 1
- DBA_XDS_ACL_REFSTAT 1
- DBA_XDS_LATEST_ACL_REFSTAT 1
- DBA_XS_ACES 1
- DBA_XS_ACL_PARAMETERS 1
- DBA_XS_ACLS 1
- DBA_XS_ACTIVE_SESSIONS 1
- DBA_XS_APPLIED_POLICIES 1
- DBA_XS_COLUMN_CONSTRAINTS 1
- DBA_XS_DYNAMIC_ROLES 1
- DBA_XS_EXTERNAL_PRINCIPALS 1
- DBA_XS_IMPLIED_PRIVILEGES 1
- DBA_XS_INHERITED_REALMS 1
- DBA_XS_MODIFIED_POLICIES 1
- DBA_XS_NS_TEMPLATE_ATTRIBUTES 1
- DBA_XS_NS_TEMPLATES 1
- DBA_XS_OBJECTS 1
- DBA_XS_POLICIES 1
- DBA_XS_PRINCIPALS 1
- DBA_XS_PRIVILEGE_GRANTS 1
- DBA_XS_PRIVILEGES 1
- DBA_XS_PROXY_ROLES 1
- DBA_XS_REALM_CONSTRAINTS 1
- DBA_XS_ROLE_GRANTS 1
- DBA_XS_ROLES 1
- DBA_XS_SECURITY_CLASS_DEP 1
- DBA_XS_SECURITY_CLASSES 1
- DBA_XS_SESSION_NS_ATTRIBUTES 1
- DBA_XS_SESSION_ROLES 1
- DBA_XS_SESSIONS 1
- DBA_XS_USERS 1
- privileges in data security documents 1
- USER_XDS_ACL_REFRESH 1
- USER_XDS_ACL_REFSTAT 1
- USER_XDS_LATEST_ACL_REFSTAT 1
- USER_XS_ACES 1
- USER_XS_ACL_PARAMETERS 1
- USER_XS_ACLS 1
- USER_XS_COLUMN_CONSTRAINTS 1
- USER_XS_IMPLIED_PRIVILEGES 1
- USER_XS_INHERITED_REALMS 1
- USER_XS_PASSWORD_LIMITS 1
- USER_XS_POLICIES 1
- USER_XS_PRIVILEGES 1
- USER_XS_REALM_CONSTRAINTS 1
- USER_XS_SECURITY_CLASS_DEP 1
- USER_XS_SECURITY_CLASSES 1
- USER_XS_USERS 1
- V$XS_SESSION_NS_ATTRIBUTES 1
- V$XS_SESSION_ROLES 1
X
- XS_ACL PL/SQL package
- XS_ADMIN_UTIL PL/SQL package
- XS_DATA_SECURITY_UTIL PL/SQL package
- XS_DATA_SECURITY PL/SQL package
- about 1
- ADD_COLUMN_CONSTRAINTS Procedure 1
- APPEND_REALM_CONSTRAINTS Procedure 1
- APPLY_OBJECT_POLICY 1
- APPLY_OBJECT_POLICY Procedure 1
- CREATE_ACL_PARAMETER Procedure 1
- CREATE_POLICY Procedure 1
- DELETE_ACL_PARAMETER Procedure 1
- DELETE_POLICY Procedure 1
- DISABLE_OBJECT_POLICY Procedure 1
- ENABLE_OBJECT_POLICY
- affect on database tables 1
- ENABLE_OBJECT_POLICY Procedure 1
- object types, constructor functions 1
- REMOVE_COLUMN_CONSTRAINTS Procedure 1
- REMOVE_OBJECT_POLICY Procedure 1
- REMOVE_REALM_CONSTRAINTS Procedure 1
- security model 1
- SET_DESCRIPTION Procedure 1
- XS_DIAG PL/SQL package
- XS_DIAG PL/SQL PL/SQL package
- VALIDATE_NAMESPACE_TEMPLATE Function 1
- XS_NAMESPACE PL/SQL package
- XS_PRINCIPAL PL/SQL package
- about 1
- ADD_PROXY_TO_DBUSER Procedure 1
- ADD_PROXY_USER 1
- ADD_PROXY_USER Procedure 1
- constants 1
- CREATE_DYNAMIC_ROLE 1
- CREATE_DYNAMIC_ROLE Procedure 1
- CREATE_ROLE 1
- CREATE_ROLE Procedure 1
- CREATE_USER 1, 2
- CREATE_USER Procedure 1
- DELETE_PRINCIPAL Procedure 1
- ENABLE_BY_DEFAULT Procedure 1
- ENABLE_ROLES_BY_DEFAULT Procedure 1
- GRANT_ROLES 1, 2
- GRANT_ROLES Procedure 1
- object types, constructor functions 1
- REMOVE_PROXY_FROM_DBUSER Procedure 1
- REMOVE_PROXY_USERS Procedure 1
- REVOKE_ROLES Procedure 1
- security model 1
- SET_ACL Procedure 1
- SET_DESCRIPTION Procedure 1
- SET_DYNAMIC_ROLE_DURATION Procedure 1
- SET_DYNAMIC_ROLE_SCOPE Procedure 1
- SET_EFFECTIVE_DATES Procedure 1
- SET_GUID Procedure 1
- SET_PASSWORD 1
- SET_PASSWORD Procedure 1
- SET_PROFILE 1
- SET_PROFILE Procedure 1
- SET_USER_SCHEMA Procedure 1
- SET_USER_STATUS Procedure 1
- SET_VERIFIER 1
- SET_VERIFIER Procedure 1
- XS_SECURITY_CLASS PL/SQL package
- about 1
- ADD_IMPLIED_PRIVILEGES 1, 2
- ADD_IMPLIED_PRIVILEGES Procedure 1
- ADD_PARENTS 1
- ADD_PARENTS Procedure 1
- ADD_PRIVILEGES 1, 2
- ADD_PRIVILEGES Procedure 1
- CREATE_SECURITY_CLASS Procedure 1
- DELETE_SECURITY_CLASS 1
- DELETE_SECURITY_CLASS Procedure 1
- REMOVE_IMPLIED_PRIVILEGES 1
- REMOVE_IMPLIED_PRIVILEGES Procedure 1
- REMOVE_PARENTS 1
- REMOVE_PARENTS Procedure 1
- REMOVE_PRIVILEGES 1
- REMOVE_PRIVILEGES Procedure 1
- security model 1
- SET_DESCRIPTION 1
- SET_DESCRIPTION Procedure 1
- XS_SYS_CONTEXT function 1
- XSSessionManager