An entry in the access control list that grants or denies access to a given principal. One or more ACEs are listed within an access control list (ACL), in which the ordering of the ACEs is relevant.

A list of access control entries that determines which principals have access to a given resource or resources. In Oracle Database Real Application Security, you use ACLs to define user privileges.

See access control entry (ACE).

See access control list (ACL).

A privilege that contains other privileges. When an aggregate privilege has been granted or denied, then all of its child privileges are granted or denied as well.

A role that can only be granted to a application user or to another application role.

A user session that contains information pertinent only to the application. Unlike traditional "heavyweight" database sessions, an application session does not hold its own database resources such as transactions and cursors.

A user account that does not own a schema and can create a application session through the middle tier to the database.

The ability to apply specific privileges to a table column.

A privilege not predefined by Oracle Database. See also system privilege.

A set of rows within a database table whose access you control by associating it with an access control list (ACL). It is comprised of one or more object instances. See also dynamic data realm constraint and static data realm constraint.

A role that can only be granted to a database user. It is also called a heavyweight role. See also application role.

A user account that is created within the database and has a schema. It is also called a heavyweight user. See also application user.

An access control list that has been associated with a dynamic data realm constraint.

A role that is enabled only under certain conditions, for example, when a user has logged on using SSL, or during a specified period.

An data realm whose WHERE predicate is rerun each time the user performs a query on the data realm constraint data. See also static data realm constraint.

The mechanism by which user access to an applications functionality is controlled. For example, for Oracle Database Real Application Security, use the checkPrivilege() method to check the privilege on the ACL for a row to determine if a specific privilege on one or more given ACLs is associated with that row. See About the Check Privilege API for more information.

The external ID that applications can use to manage the user's session information. This identifier is not guaranteed to be unique across all tiers, but the number of unique keys that comprises it is so large that the chances of it being duplicated are small. See also unique identifier (UID).

See globally unique identifier (GUID).

A traditional database role.

A traditional database user account that owns a schema.

A container consisting of attribute-value pairs that reflects the state of the application session.

A single relational table row that is part of an data realm. It is identified by its primary key value.

A hashed version of a clear text password, which is then encoded as a BASE64 encoded string.

A user or collection of users alternately called a group or a role. See also application user and application role.

A right or permission that can be granted or denied to a principal. See also aggregate privilege, custom privilege, and system privilege.

A named collection of privileges that can be associated with an ACL.

An access control list that has been associated with a static data realm constraint.

An data realm whose WHERE predicate is stored in cache, so that it is not rerun each time the user performs a query on the data realm constraint data. See also dynamic data realm constraint.

Predefined privilege supplied by Oracle Database. See also custom privilege.

A unique internal identifier that Oracle Database uses to track the user or role. It is used to manage the user's session information across the database enterprise. See also globally unique identifier (GUID).

See unique identifier (UID).

The ability of an application user to proxy as another user. The application state (that is, namespaces and attributes) is maintained from the previous user, but the security context reflects that of the new user.