Index

Search

Print

Download

PDF for offline and print

Index

Symbols Numerics A B C D E F G H I J K L M N O P Q R S T U V W X

Symbols

"all permissions" 1

Numerics

12C password hash version
- about 1
12C password version
- recommended by Oracle 1

A

about 1, 2
about connection 1
ACCEPT_MD5_CERTS sqlnet.ora parameter 1
ACCEPT_SHA1_CERTS sqlnet.ora parameter 1
access configuration, DBCA 1
access configuration, silent mode 1
access configuration, system parameters 1
access control
- encryption, problems not solved by 1
- enforcing 1
- object privileges 1
- password encryption 1
access control list (ACL) 1
- examples
  - external network connection for email alert 1
  - external network connections 1
  - wallet access 1
- external network services
  - about 1
  - advantages 1
  - affect of upgrade from earlier release 1
  - email alert for audit violation tutorial 1
  - finding information about 1
  - network hosts, using wildcards to specify 1
  - ORA-06512 error 1
  - ORA-24247 error 1
  - ORA-24247 errors 1
  - order of precedence, hosts 1
  - port ranges 1
  - privilege assignments, about 1
  - privilege assignments, database administrators checking 1
  - privilege assignments, users checking 1
  - revoking privileges 1
- wallet access
  - about 1
  - advantages 1
  - client certificate credentials, using 1
  - finding information about 1
  - non-shared wallets 1
  - password credentials 1
  - password credentials, using 1
  - revoking 1
  - revoking access 1
  - shared database session 1
  - wallets without sensitive information 1
  - wallets with sensitive information 1
accounting, RADIUS 1
account locking
- example 1
- explicit 1
- PASSWORD_LOCK_TIME profile parameter 1
- password management 1
activating checksumming and encryption 1
adapters 1
ADD_SSLV3_TO_DEFAULT sqlnet.ora parameter 1
ADG_ACCOUNT_INFO_TRACKING initialization parameter
- guideline for securing 1
ad hoc tools
- database access, security problems of 1
ADM_PARALLEL_EXECUTE_TASK role
- about 1
administrative accounts
- about 1
- predefined, listed 1
administrative privileges
- about 1
- granting to users 1
- SYSBACKUP privilege 1
- SYSDBA privilege 1
- SYSDG privilege 1
- SYSKM privilege 1
- SYSOPER privilege 1
- SYSRAC privilege 1
administrative user passwords
- default, importance of changing 1
administrative users
- auditing 1
- last successful login time 1
- locked or expired accounts 1
- mandatorily audited 1
- password complexity verification functions 1
- password files, managing 1
- password files, multitenant environment 1
- password management 1
- password profile limits 1
administrator privileges
- access 1
- operating system authentication 1
- passwords 1, 2
- SYSDBA and SYSOPER access, centrally controlling 1
- write, on listener.ora file 1
ADMIN OPTION
- about 1
- revoking privileges 1
- revoking roles 1
- roles 1
- system privileges 1
Advanced Networking Option (ANO) (Oracle native encryption) 1
AES256 algorithm
- converting to in Oracle wallets 1
alerts, used in fine-grained audit policy 1
ALTER ANY LIBRARY statement
- security guidelines 1
ALTER DATABASE DICTIONARY DELETE CREDENTIALS statement 1
ALTER DATABASE DICTIONARY ENCRYPT CREDENTIALS statement 1
ALTER DATABASE DICTIONARY REKEY CREDENTIALS statement 1
altering users 1
ALTER PROCEDURE statement
- used for compiling procedures 1
ALTER PROFILE statement
- password management 1
ALTER RESOURCE COST statement 1, 2
ALTER ROLE statement
- changing authorization method 1
ALTER SESSION statement
- schema, setting current 1
ALTER USER privilege 1
ALTER USER statement
- default roles 1
- explicit account unlocking 1
- profiles, changing 1
- REVOKE CONNECT THROUGH clause 1
ANO encryption
- configuring with SSL authentication 1
anonymous 1
ANONYMOUS user account 1
ANSI operations
- Oracle Virtual Private Database affect on 1
ANY system privilege
- guidelines for security 1
application common users
- about 1
application containers
- application contexts 1
- Transport Layer Security 1
- Virtual Private Database policies 1
application contexts 1
- See also: client session-based application contexts, database session-based application contexts, global application contexts
- about 1
- application containers 1
- as secure data cache 1
- benefits of using 1
- bind variables 1
- components 1
- creating session based 1
- DBMS_SESSION.SET_CONTEXT procedure 1
- driving context 1
- editions, affect on 1
- finding errors by checking trace files 1
- finding information about 1
- global application contexts
  - authenticating user for multiple applications 1
  - creating 1
- logon trigger, creating 1
- Oracle Virtual Private Database, used with 1
- performance 1
- policy groups, used in 1
- returning predicate 1
- session information, retrieving 1
- support for database links 1
- types 1
- users, nondatabase connections 1, 2
- where values are stored 1
application developers
- CONNECT role change 1
applications
- about security policies for 1
- database users 1
- enhancing security with 1
- object privileges 1
- object privileges permitting SQL statements 1
- One Big Application User authentication
  - security considerations 1
  - security risks of 1
- Oracle Virtual Private Database, how it works with 1
- password handling, guidelines 1
- password protection strategies 1
- privileges, managing 1
- roles
  - multiple 1
  - privileges, associating with database roles 1
- security 1, 2
- security considerations for use 1
- security limitations 1
- security policies 1
- validating with security policies 1
application security
- finding privilege use by users 1
- restricting wallet access to current application 1
- revoking access control privileges from Oracle wallets 1
- sharing wallet with other applications 1
- specifying attributes 1
application users who are database users
- Oracle Virtual Private Database, how it works with 1
architecture 1
archiving
- operating system audit files 1
- standard audit trail 1
- timestamping audit trail 1
ARIA encryption algorithm 1
ASMSNMP user account 1
asynchronous authentication mode in RADIUS 1
attacks
- See: security attacks
AUDIT_ADMIN role 1
AUDIT_VIEWER role 1
audit files
- operating system audit trail
  - archiving, setting timestamp 1
- operating system file
  - archiving 1
- standard audit trail
  - archiving, setting timestamp 1
  - records, archiving 1
auditing 1
- See also: unified audit policies
- administrators, Database Vault 1
- audit options 1
- audit trail, sensitive data in 1
- CDBs 1
- committed data 1
- cursors, affect on auditing 1
- databases, when unavailable 1
- database user names 1
- Database Vault administrators 1
- distributed databases and 1
- DV_ADMIN role user 1
- DV_OWNER role user 1
- finding information about audit management 1
- finding information about usage 1
- fine-grained
  - See fine-grained auditing 1
- functions 1
- functions, Oracle Virtual Private Database 1
- general steps
  - commonly used security-relevant activities 1
  - specific fine-grained activities 1
  - SQL statements and other general activities 1
- general steps for 1
- guidelines for security 1
- historical information 1
- INHERIT PRIVILEGE privilege 1
- keeping information manageable 1
- loading audit records to unified audit trail 1
- mandatory auditing 1
- multitier environments
  - See standard auditing 1
- One Big Application User authentication, compromised by 1
- operating-system user names 1
- Oracle Virtual Private Database policy functions 1
- packages 1
- performance 1
- PL/SQL packages 1
- predefined policies
  - general steps for using 1
- privileges required 1
- procedures 1
- purging records
  - example 1
  - general steps for manual purges 1
  - general steps for scheduled purges 1
- range of focus 1
- READ object privileges in policies 1
- READ privileges
  - about 1
  - how recorded in audit trail 1
- recommended settings 1
- Sarbanes-Oxley Act
  - auditing, meeting compliance through 1
- SELECT privileges
  - about 1
  - how recorded in audit trail 1
- suspicious activity 1
- traditional 1
- triggers 1
- unified audit trail
  - about 1
- VPD predicates
  - fine-grained audit policies 1
  - unified audit policies 1
- when audit options take effect 1
- when records are created 1
auditing, purging records
- about 1
- cancelling archive timestamp 1
- creating audit trail
  - purge job 1
- creating the purge job 1
- DBMS_SCHEDULER package 1
- deleting a purge job 1
- disabling purge jobs 1
- enabling purge jobs 1
- general steps for 1
- purging audit trail manually 1
- roadmap 1
- scheduling the purge job 1
- setting archive timestamp 1
- time interval for named purge job 1
audit policies 1
- See also: unified audit policies
audit policies, application contexts
- about 1
- appearance in audit trail 1
- configuring 1
- disabling 1
- examples 1
audit records
- when written to OS files 1
audit trail
- archiving 1
- capturing syslog records 1
- capturing Windows Event Viewer records 1
- finding information about audit management 1
- finding information about usage 1
- SYSLOG records 1
- unified
  - archiving 1
AUDSYS user account 1
AUTHENTICATEDUSER role 1
authentication 1, 2
- See also: passwords, proxy authentication
- about 1
- administrators
  - operating system 1
  - passwords 1
  - SYSDBA and SYSOPER access, centrally controlling 1
- by database 1
- by SSL 1
- client 1
- client-to-middle tier process 1
- configuring multiple methods 1
- database administrators 1
- databases, using
  - about 1
  - advantages 1
  - procedure 1
- directory-based services 1
- directory service 1
- external authentication
  - about 1
  - advantages 1
  - operating system authentication 1
  - user creation 1
- global authentication
  - about 1
  - advantages 1
  - user creation for private schemas 1
  - user creation for shared schemas 1
- methods 1
- middle-tier authentication
  - proxies, example 1
- modes in RADIUS 1
- multitier 1
- network authentication
  - Secure Sockets Layer 1
  - third-party services 1
- One Big Application User, compromised by 1
- operating system authentication 1
  - about 1
  - advantages 1
  - disadvantages 1
- operating system user in PDBs 1
- ORA-28040 errors 1
- PDBs 1
- proxy user authentication
  - about 1
  - expired passwords 1
- public key infrastructure 1
- RADIUS 1
- remote 1
- schema-only accounts 1
  - about 1
  - altering 1
  - creating users 1
- schema-only accounts, users created with 1
- specifying when creating a user 1
- strong 1
- SYSDBA on Windows systems 1
- Windows native authentication 1
AUTHENTICATION parameter 1
authentication types 1
AUTHID DEFINER clause
- used with Oracle Virtual Private Database functions 1
authorization
- about 1
- changing for roles 1
- global
  - about 1
  - advantages 1
- multitier 1
- omitting for roles 1
- operating system 1
- roles, about 1
automatic reparse
- Oracle Virtual Private Database, how it works with 1

B

banners
- auditing user actions, configuring 1
- unauthorized access, configuring 1
BFILEs
- guidelines for security 1
bind variables
- application contexts, used with 1
- sensitive columns 1
BLOBS
- encrypting 1

C

CAPTURE_ADMIN role 1
cascading revokes 1
catpvf.sql script (password complexity functions) 1
CDB_DBA role 1
CDB common users
- about 1
- plug-in operations 1
CDBs
- auditing
  - how affects 1
  - traditional 1
- CBAC role grants with DELEGATE option 1
- common privilege grants 1
- granting privileges and roles 1
- local privilege grants 1
- object privileges 1
- PDB lockdown profiles 1, 2
- privilege management 1
- privilege profiles 1
- revoking privileges 1
- roles
  - altering 1
  - creating common 1
  - creating local 1
  - granting common 1
  - how common roles work 1
  - managing 1
  - privileges required to manage 1
  - rules for creating common 1
- system privileges 1
- transparent sensitive data protection 1
- user accounts
  - creating 1
  - local 1
- user privileges, how affects 1
- users
  - CDB common 1
  - common 1
- viewing information about 1
- Virtual Private Database
  - policies 1
Center for Internet Security (CIS) 1
certificate 1
certificate authority 1
certificate key algorithm
- Secure Sockets Layer 1
certificate revocation list (CRL)
- deleting 1
- displaying 1
- displaying list of 1
- hash value generation 1
- uploading 1
certificate revocation lists 1
- manipulating with orapki tool 1
- uploading to LDAP directory 1
- where to store them 1
certificate revocation status checking
- disabling on server 1, 2
certificates 1
- creating signed with orapki 1
certificate validation error message
- CRL could not be found 1
- CRL date verification failed with RSA status 1
- CRL signature verification failed with RSA status 1
- Fetch CRL from CRL DP
  - No CRLs found 1
- OID hostname or port number not set 1
challenge-response authentication in RADIUS 1
change_on_install default password 1
character sets
- role names, multibyte characters in 1
- role passwords, multibyte characters in 1
cipher suites
- about 1
- authentication methods 1
- data integrity 1
- encryption algorithms used by 1
- procedure for specifying for server 1
- Secure Sockets Layer 1
- Secure Sockets Layer (SSL) 1
- TLS compatibility 1
Cipher Suites
- FIPS 140-2 settings 1
CLIENT_IDENTIFIER USERENV attribute 1
- See also: USERENV namespace
- setting and clearing with DBMS_SESSION package 1
- setting with OCI user session handle attribute 1
client authentication in SSL 1
client connections
- guidelines for security 1
- secure external password store 1
- securing 1
CLIENTID_OVERWRITE event 1
client identifier
- setting for applications that use JDBC 1
client identifiers 1
- See also: nondatabase users
- about 1
- auditing users 1
- consistency between DBMS_SESSION.SET_IDENTIFIER and DBMS_APPLICATION_INFO.SET_CLIENT_INFO 1
- global application context, independent of 1
- setting with DBMS_SESSION.SET_IDENTIFIER procedure 1
client session-based application contexts 1
- See also: application contexts
- about 1
- CLIENTCONTEXT namespace, clearing value from 1
- CLIENTCONTEXT namespace, setting value in 1
- retrieving CLIENTCONTEXT namespace 1
code based access control (CBAC)
- about 1
- granting and revoking roles to program unit 1
- how works with definers rights 1
- how works with invoker’s rights 1
- privileges 1
- tutorial 1
column masking behavior 1
- column specification 1
- restrictions 1
columns
- granting privileges for selected 1
- granting privileges on 1
- INSERT privilege and 1
- listing users granted to 1
- privileges 1
- pseudo columns
  - USER 1
- revoking privileges on 1
command line recall attacks 1, 2
committed data
- auditing 1
common privilege grants
- about 1
- granting 1
- revoking 1
- with object privileges 1
- with system privileges 1
common roles
- about 1
- auditing 1
- creating 1
- granting 1
- how they work 1
- privileges required to manage 1
- rules for creating 1
common user accounts
- creating 1
- enabling access to other PDBs 1
- granting privileges to 1
common users
- accessing data in PDBs 1
- altering 1
configuration
- guidelines for security 1
configuration files
- Kerberos 1
- listener.ora 1
- sample listener.ora file 1
- server.key encryption file 1
- tsnames.ora 1
- typical directory 1
configuring
- Kerberos authentication service parameters 1
- RADIUS authentication 1
- SSL 1
  - on the client 1
  - on the server 1
- thin JDBC support 1
connecting
- with username and password 1
connection pooling
- about 1
- finding unnecessarily granted privileges 1
- global application contexts 1
- nondatabase users 1
- proxy authentication 1
CONNECT role
- about 1
- applications
  - account provisioning 1
  - affects of 1
  - database upgrades 1
  - installation of 1
- script to create 1
- users
  - application developers, impact 1
  - client-server applications, impact 1
  - general users, impact 1
  - how affects 1
- why changed 1
CONTAINER_DATA objects
- viewing information about 1
container database (CDB)
- See: CDBs
container data objects
- about 1
context profiles
- privilege analysis 1
controlled step-in procedures 1
CPU time limit 1
CREATE ANY LIBRARY statement
- security guidelines 1
CREATE ANY PROCEDURE system privilege 1
CREATE CONTEXT statement
- example 1
CREATE LOCKDOWN PROFILE statement 1
CREATE PROCEDURE system privilege 1
CREATE PROFILE statement
- password aging and expiration 1
- password management 1
- passwords, example 1
CREATE ROLE statement
- IDENTIFIED EXTERNALLY option 1
CREATE SCHEMA statement
- securing 1
CREATE SESSION statement
- CONNECT role privilege 1
- securing 1
CREATE USER statement
- explicit account locking 1
- IDENTIFIED BY option 1
- IDENTIFIED EXTERNALLY option 1
creating Oracle service directory user account 1
CRL 1
CRLAdmins directory administrative group 1
CRLs
- disabling on server 1, 2
- where to store them 1
cryptographic hardware devices 1
cryptographic libraries
- FIPS 140-2 1
CSW_USR_ROLE role 1
CTXAPP role 1
CTXSYS user account 1
cursors
- affect on auditing 1
- reparsing, for application contexts 1
- shared, used with Virtual Private Database 1
CWM_USER role 1

D

database administrators (DBAs)
- access, controlling 1
- authentication 1
- malicious, encryption not solved by 1
Database Configuration Assistant (DBCA)
- default passwords, changing 1
- user accounts, automatically locking and expiring 1
database links
- application contexts 1
- application context support 1
- authenticating with Kerberos 1
- authenticating with third-party services 1
- definer’s rights procedures 1
- global user authentication 1
- object privileges 1
- operating system accounts, care needed 1
- RADIUS not supported 1
- sensitive credential data
  - about 1
  - data dictionary views 1
  - deleting 1
  - encrypting 1
  - multitenant environment 1
  - rekeying 1
  - restoring functioning of after lost keystore 1
- session-based application contexts, accessing 1
databases
- access control
  - password encryption 1
- additional security resources 1
- authentication 1
- database user and application user 1
- default password security settings 1
  - DBCA-created databases 1
  - manually-created databases 1
- default security features, summary 1
- granting privileges 1
- granting roles 1
- limitations on usage 1
- schema-only accounts 1
- security and schemas 1
- security embedded, advantages of 1
- security policies based on 1
database session-based application contexts 1
- See also: application contexts
- about 1
- cleaning up after user exits 1
- components 1
- database links 1
- dynamic SQL 1
- externalized, using 1
- how to use 1
- initializing externally 1
- initializing globally 1
- ownership 1
- parallel queries 1
- PL/SQL package creation 1
- session information, setting 1
- SYS_CONTEXT function 1
- trusted procedure 1
- tutorial 1
database upgrades and CONNECT role 1
data definition language (DDL)
- roles and privileges 1
data dictionary
- about 1
- data dictionary views 1
- deleting 1
- encrypting sensitive information in 1, 2, 3, 4, 5, 6, 7
- multitenant environment 1
- procedure 1
- protecting 1
- rekeying 1
- restoring lost keystore 1
- securing with O7_DICTIONARY_ACCESSIBILITY 1
data encryption and integrity parameters
- about 1
- SQLNET.CRYPTO_CHECKSUM_CLIENT 1
- SQLNET.CRYPTO_CHECKSUM_SERVER 1
- SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT 1
- SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER 1
- SQLNET.ENCRYPTION_CLIENT 1
- SQLNET.ENCRYPTION_SERVER 1
- SQLNET.ENCRYPTION_TYPES_CLIENT 1
- SQLNET.ENCRYPTION_TYPES_SERVER 1
Data Encryption Standard (DES)
- DES40 encryption algorithm 1
- Triple-DES encryption algorithm 1
data files 1
- guidelines for security 1
data manipulation language (DML)
- privileges controlling 1
DATAPUMP_EXP_FULL_DATABASE role 1
DATAPUMP_IMP_FULL_DATABASE role 1
data security
- encryption, problems not solved by 1
DBA_CONTAINER_DATA data dictionary view 1
DBA_ROLE_PRIVS view
- application privileges, finding 1
DBA_ROLES data dictionary view
- PUBLIC role 1
DBA role
- about 1
DBFS_ROLE role 1
DBMS_CREDENTIAL.CREATE_CREDENTIAL procedure 1
DBMS_CRYPTO package
- examples 1
DBMS_CRYPTO PL/SQL package
- enabling for FIPS 140-2 1
DBMS_FGA package
- about 1
- ADD_POLICY procedure 1
- DISABLE_POLICY procedure 1
- DROP_POLICY procedure 1
- editions 1
- ENABLE_POLICY procedure 1
- PDBs 1
DBMS_NETWORK_ACL_ADMIN.REMOVE_HOST_ACE procedure 1
DBMS_PRIVILEGE_CAPTURE PL/SQL package 1
DBMS_RLS.ADD_POLICY
- sec_relevant_cols_opt parameter 1
- sec_relevant_cols parameter 1
DBMS_RLS.ADD_POLICY procedure
- transparent sensitive data protection polices 1
DBMS_SESSION.SET_CONTEXT procedure
- about 1
- syntax 1
- username and client_id settings 1
DBMS_SESSION.SET_IDENTIFIER procedure
- client session ID, setting 1
- DBMS_APPLICATION.SET_CLIENT_INFO value, overwritten by 1
DBMS_SESSION package
- client identifiers, using 1
- global application context, used in 1
- SET_CONTEXT procedure
  - about 1
DBSNMP user account
- about 1
- password usage 1
DDL
- See: data definition language
debugging
- Java stored procedures 1
- PL/SQL stored procedures 1
default command rules
- ORA_DV_AUDPOL2 predefined audit policy for 1
default passwords 1
- change_on_install or manager passwords 1
- changing, importance of 1
- finding 1
default permissions 1
default profiles
- about 1
default realms
- ORA_DV_AUDPOL2 predefined audit policy for 1
default roles
- setting for user 1
- specifying 1
defaults
- tablespace quota 1
- user tablespaces 1
default users
- accounts 1
- Enterprise Manager accounts 1
- passwords 1
definers’s rights, database links
- about 1
- ORA-25433 error 1
definer’s rights
- about 1
- code based access control
  - about 1
  - granting and revoking roles to program unit 1
  - how code based access control works 1
- compared with invoker’s rights 1
- example of when to use 1
- procedure privileges, used with 1
- procedure security 1
- schema privileges for 1
- secure application roles 1
- used with Oracle Virtual Private Database functions 1
- views 1
definer’s rights, database links
- grants of INHERIT ANY REMOTE PRIVILEGES 1
- grants of INHERIT ANY REMOTE PRIVILEGES on connected user to current user, example 1
- grants of INHERIT REMOTE PRIVILEGES to other users 1
- revokes of INHERIT [ANY] REMOTE PRIVILEGES 1
- revoking INHERIT REMOTE PRIVILEGES from PUBLIC, example 1
- revoking INHERIT REMOTE PRIVILEGES on connecting user from procedure owner, example 1
- tutorial 1
DELETE_CATALOG_ROLE role
- SYS schema objects, enabling access to 1
denial of service (DoS) attacks
- about 1
denial-of-service (DoS) attacks
- bad packets, preventing 1
- networks, securing 1
- password concurrent guesses 1
Department of Defense Database Security Technical Implementation Guide 1, 2
dictionary protection mechanism 1
dictionary tables
- auditing 1
Diffie-Hellman 1
Diffie-Hellman key negotiation algorithm 1
DIP user account 1
directories
- auditing 1
directory authentication, configuring for SYSDBA or SYSOPER access 1
directory-based services authentication 1
directory objects
- granting EXECUTE privilege on 1
direct path load
- fine-grained auditing effects on 1
disabling unnecessary services
- FTP, TFTP, TELNET 1
dispatcher processes (Dnnn)
- limiting SGA space for each session 1
distributed databases
- auditing and 1
DML
- See: data manipulation language
driving context 1
DROP PROFILE statement
- example 1
DROP ROLE statement
- example 1
- security domain, affected 1
DROP USER statement
- about 1
- schema objects of dropped user 1
dsi.ora file
- about 1
DVF schema
- ORA_DV_AUDPOL predefined audit policy for 1
DVSYS schema
- ORA_DV_AUDPOL predefined audit policy for 1
dynamic Oracle Virtual Private Database policy types 1
DYNAMIC policy type 1

E

ECB ciphertext encryption mode 1
editions
- application contexts, how affects 1
- fine-grained auditing packages, results in 1
- global application contexts, how affects 1
- Oracle Virtual Private Database packages, results in 1
EJBCLIENT role 1
EM_EXPRESS_ALL role 1
EM_EXPRESS_BASIC role 1
email alert example 1
encrypting information in 1
encryption
- access control 1
- BLOBS 1
- challenges 1
- data security, problems not solved by 1
- data transfer 1
- deleted encrypted data 1
- examples 1
- finding information about 1
- indexed data 1
- key generation 1
- keys, changing 1
- key storage 1
- key transmission 1
- malicious database administrators 1
- network encryption 1
- network traffic 1
- problems not solved by 1
- Transparent Data Encryption 1
- transparent tablespace encryption 1
encryption algorithms
- ARIA 1
- GOST 1
- SEED 1
encryption and checksumming
- activating 1
- negotiating 1
- parameter settings 1
encryption of data dictionary sensitive data 1
ENFORCE_CREDENTIAL configuration parameter
- security guideline 1
enterprise directory service 1
enterprise roles 1, 2
enterprise user management 1
enterprise users
- centralized management 1
- global role, creating 1
- One Big Application User authentication, compromised by 1
- proxy authentication 1
- shared schemas, protecting users 1
Enterprise User Security
- application context, globally initialized 1
- proxy authentication
  - Oracle Virtual Private Database, how it works with 1
error messages
- ORA-12650 1, 2, 3, 4, 5, 6
- ORA-25433 1
errors
- ORA-00036 1
- ORA-01720 1
- ORA-06512 1, 2
- ORA-06598 1
- ORA-1000 1
- ORA-1536 1
- ORA-24247 1, 2, 3
- ORA-28009 1
- ORA-28017 1
- ORA-28040 1, 3
- ORA-28046 1
- ORA-28144 1
- ORA-28575 1
- ORA-45622 1
example 1
examples 1
- See also: tutorials
- access control lists
  - external network connections 1
  - wallet access 1
- account locking 1
- auditing user SYS 1
- audit trail, purging unified trail 1
- data encryption
  - encrypting and decrypting BLOB data 1
  - encrypting and decrypting procedure with AES 256-Bit 1
- directory objects, granting EXECUTE privilege on 1
- encrypting procedure 1
- Java code to read passwords 1
- locking an account with CREATE PROFILE 1
- login attempt grace period 1
- nondatabase user authentication 1
- O7_DICTIONARY_ACCESSIBILITY initialization parameter, setting 1
- passwords
  - aging and expiration 1
  - changing 1
  - creating for user 1
- privileges
  - granting ADMIN OPTION 1
  - views 1
- procedure privileges affecting packages 1, 2
- profiles, assigning to user 1
- roles
  - altering for external authorization 1
  - creating for application authorization 1
  - creating for external authorization 1
  - creating for password authorization 1, 2
  - default, setting 1
  - external 1
  - global 1
  - using SET ROLE for password-authenticated roles 1
  - views 1
- secure external password store 1
- session ID of user
  - finding 1
- system privilege and role, granting 1
- tablespaces
  - assigning default to user 1
  - quota, assigning to user 1
  - temporary 1
- type creation 1
- users
  - account creation 1
  - creating with GRANT statement 1
  - dropping 1
  - middle-tier server proxying a client 1
  - object privileges granted to 1
  - proxy user, connecting as 1
exceptions
- WHEN NO DATA FOUND, used in application context package 1
- WHEN OTHERS, used in triggers
  - development environment (debugging) example 1
  - production environment example 1
Exclusive Mode
- SHA-2 password hashing algorithm, enabling 1
EXECUTE_CATALOG_ROLE role
- SYS schema objects, enabling access to 1
EXECUTE ANY LIBRARY statement
- security guidelines 1
EXEMPT ACCESS POLICY privilege
- Oracle Virtual Private Database enforcements, exemption 1
EXP_FULL_DATABASE role
- about 1
expiring a password
- explicitly 1
exporting data
- direct path export impact on Oracle Virtual Private Database 1
- policy enforcement 1
extended data objects
- views and Virtual Private Database 1
external authentication
- about 1
- advantages 1
- network 1
- operating system 1
- user creation 1
external network services, fine-grained access to
- See: access control list (ACL)
external network services, syntax for 1
external procedures
- configuring extproc process for 1
- credentials 1
- DBMS_CREDENTIAL.CREATE_CREDENTIAL procedure 1
- legacy applications 1
- security guideline 1
external roles 1
external tables 1
extproc process
- about 1
- configuring credential for 1
- legacy applications 1

F

failed login attempts
- account locking 1
- password management 1
- resetting 1
fallback authentication, Kerberos 1
Federal Information Processing Standard (FIPS)
- DBMS_CRYPTO package 1
- FIPS 140-2
  - Cipher Suites 1
  - postinstallation checks 1
  - SSLFIPS_140 1
  - verifying connections 1
- Transparent Data Encryption 1
files
- BFILEs
  - operating system access, restricting 1
- BLOB 1
- keys 1
- listener.ora file
  - guidelines for security 1, 2
- restrict listener access 1
- server.key encryption file 1
- symbolic links, restricting 1
- tnsnames.ora 1
fine-grained access control
- See: Oracle Virtual Private Database (VPD)
fine-grained auditing
- about 1
- alerts, adding to policy 1
- archiving audit trail 1
- columns, specific 1
- DBMS_FGA package 1
- direct loads of data 1
- edition-based redefinitions 1
- editions, results in 1
- finding errors by checking trace files 1
- how audit records are generated 1
- how to use 1
- policies
  - adding 1
  - disabling 1
  - dropping 1
  - enabling 1
  - modifying 1
- policy creation syntax 1
- privileges required 1
- records
  - archiving 1
- transparent sensitive data protection policy settings 1
- TSDP policies and 1
- VPD predicates 1
fips.ora file 1
FIPS 140-2 cryptographic libraries
- about 1
FIPS Parameter
- Configuring 1
firewalls
- advice about using 1
- database server location 1
- ports 1
- supported types 1
flashback query
- Oracle Virtual Private Database, how it works with 1
foreign keys
- privilege to use parent key 1
FTP service 1
functions
- auditing 1, 2
- granting roles to 1
- Oracle Virtual Private Database
  - components of 1
  - privileges used to run 1
- privileges for 1
- roles 1

G

GATHER_SYSTEM_STATISTICS role 1
GLOBAL_AQ_USER_ROLE role 1
GLOBAL_EXTPROC_CREDENTIAL configuration parameter
- security guideline 1
global application contexts 1
- See also: application contexts
- about 1
- authenticating nondatabase users 1
- checking values set globally for all users 1
- clearing values set globally for all users 1
- components 1
- editions, affect on 1
- example of authenticating nondatabase users 1
- example of authenticating user moving to different application 1
- example of setting values for all users 1
- Oracle RAC environment 1
- Oracle RAC instances 1
- ownership 1
- PL/SQL package creation 1
- process, lightweight users 1
- process, standard 1
- sharing values globally for all users 1
- system global area 1
- tutorial for client session IDs 1
- used for One Big Application User scenarios 1
- uses for 1
global authentication
- about 1
- advantages 1
- user creation for private schemas 1
- user creation for shared schemas 1
global authorization
- about 1
- advantages 1
- role creation 1
- roles 1
global roles 1
- about 1
global users 1
GOST encryption algorithm 1
grace period for login attempts
- example 1
grace period for password expiration 1
GRANT ALL PRIVILEGES statement
- SELECT ANY DICTIONARY privilege, exclusion of 1
GRANT ANY PRIVILEGE system privilege 1
GRANT CONNECT THROUGH clause
- consideration when setting FAILED_LOGIN_ATTEMPTS parameter 1
- for proxy authorization 1
granting privileges and roles
- about 1
- specifying ALL 1
GRANT statement 1
- ADMIN OPTION 1
- creating a new user 1
- object privileges 1, 2
- system privileges and roles 1
- when takes effect 1
- WITH GRANT OPTION 1
guidelines for security
- auditing 1
- custom installation 1
- data files and directories 1
- encrypting sensitive data 1
- guidelines for security
  - custom installation 1
- installation and configuration 1
- networking security 1
- operating system accounts, limiting privileges 1
- operating system users, limiting number of 1
- ORACLE_DATAPUMP access driver 1
- Oracle home default permissions, disallowing modification 1
- passwords 1
- products and options
  - install only as necessary 1
- sample schemas 1
- Sample Schemas
  - remove or relock for production 1
  - test database 1
- Secure Sockets Layer
  - mode 1
  - TCPS protocol 1
- symbolic links, restricting 1
- user accounts and privileges 1

H

hackers
- See: security attacks
handshake
- SSL 1
how it works 1
HR user account 1
HS_ADMIN_EXECUTE_ROLE role
- about 1
HS_ADMIN_ROLE role
- about 1
HS_ADMIN_SELECT_ROLE role
- about 1
HTTP authentication
- See: access control lists (ACL), wallet access
HTTPS
- port, correct running on 1

I

IMP_FULL_DATABASE role
- about 1
INACTIVE_ACCOUNT_TIME profile parameter 1
inactive user accounts, locking automatically 1
indexed data
- encryption 1
indirectly granted roles 1
INHERIT ANY PRIVILEGES privilege
- about 1
- managing 1
- revoking from powerful users 1
- when it should be granted 1
INHERIT ANY REMOTE PRIVILEGES 1
INHERIT PRIVILEGES privilege
- about 1
- auditing 1
- managing 1
- when it should be granted 1
INHERIT REMOTE PRIVILEGES
- about 1
initialization parameter file
- parameters for clients and servers using Kerberos 1
- parameters for clients and servers using RADIUS 1
- parameters for clients and servers using SSL 1
initialization parameters
- application protection 1
- MAX_ENABLED_ROLES 1
- O7_DICTIONARY_ACCESSIBILITY 1
- OS_AUTHENT_PREFIX 1
- OS_ROLES 1
- SEC_MAX_FAILED_LOGIN_ATTEMPTS 1
- SEC_RETURN_SERVER_RELEASE_BANNER 1
- SEC_USER_AUDIT_ACTION_BANNER 1
- SEC_USER_UNAUTHORIZED_ACCESS_BANNER 1
INSERT privilege
- granting 1
- revoking 1
installation
- guidelines for security 1
intruders
- See: security attacks
invoker’s rights
- about 1
- code based access control
  - about 1
  - granting and revoking roles to program unit 1
  - how code based access control works 1
  - tutorial 1
- compared with definer’s rights 1
- controlled step-in 1
- procedure privileges, used with 1
- procedure security 1
- secure application roles 1
- secure application roles, requirement for enabling 1
- security risk 1
- views
  - about 1
  - finding user who invoked invoker’s right view 1
IP addresses
- falsifying 1
IX user account 1

J

JAVA_ADMIN role 1
JAVA_RESTRICT initialization parameter
- security guideline 1
Java Byte Code Obfuscation 1
Java Database Connectivity (JDBC)
- configuration parameters 1
- Oracle extensions 1
- thin driver features 1
JAVADEBUGPRIV role 1
Java Debug Wire Protocol (JDWP)
- network access for debugging operations 1
JAVAIDPRIV role 1
Java schema objects
- auditing 1
Java stored procedures
- network access for debugging operations 1
JAVASYSPRIV role 1
JAVAUSERPRIV role 1
JDBC
- See: Java Database Connectivity
JDBC connections
- JDBC/OCI proxy authentication 1
  - multiple user sessions 1
  - Oracle Virtual Private Database 1
- JDBC Thin Driver proxy authentication
  - configuring 1
  - with real user 1
JDeveloper
- debugging using Java Debug Wire Protocol 1
JMXSERVER role 1

K

Kerberos 1
- authentication adapter utilities 1
- authentication fallback behavior 1
- configuring authentication 1, 2
- configuring for database server 1
- configuring for Windows 2008 Domain Controller KDC 1
- connecting to database 1
- interoperability with Windows 2008 Domain Controller KDC 1
- kinstance 1
- kservice 1
- realm 1
- sqlnet.ora file sample 1
- system requirements 1
Kerberos authentication 1
- configuring for SYSDBA or SYSOPER access 1
- password management 1
Kerberos Key Distribution Center (KDC) 1
key generation
- encryption 1
key storage
- encryption 1
key transmission
- encryption 1
kinstance (Kerberos) 1
kservice (Kerberos) 1

L

large objects (LOBs)
- about securing 1
- encryption management 1
LBAC_DBA role 1
LBACSYS.ORA_GET_AUDITED_LABEL function
- about 1
LBACSYS schema
- ORA_DV_AUDPOL predefined audit policy for 1
LBACSYS user account 1
ldap.ora
- which directory SSL port to use for no authentication 1
ldap.ora file
- creating for Microsoft Active Directory services 1, 2
least privilege principle 1
- about 1
- granting user privileges 1
- middle-tier privileges 1
libraries
- auditing 1
lightweight users
- example using a global application context 1
- Lightweight Directory Access Protocol (LDAP) 1
listener
- endpoint
  - SSL configuration 1
- not an Oracle owner 1
- preventing online administration 1
- restrict privileges 1
- secure administration 1
listener.ora file
- administering remotely 1
- default location 1
- FIPS 140-2 Cipher Suite settings 1
- online administration, preventing 1
- Oracle wallet setting 1
- TCPS, securing 1
lists data dictionary
- See: views
- data dictionary views
  - See: views
- granting privileges and roles
  - finding information about 1
- privileges
  - finding information about 1
- roles
  - finding information about 1
- views
  - privileges 1
  - roles 1
LOB_SIGNATURE_ENABLE initialization parameter 1
LOBs
- about securing 1
- encryption management 1
local privilege grants
- about 1
- granting 1
- revoking 1
local roles
- about 1
- creating 1
- rules for creating 1
local user accounts
- creating 1
local users
- about 1
lock and expire
- default accounts 1
- predefined user accounts 1
lockdown profiles, PDB 1
locking inactive user accounts automatically 1
log files
- owned by trusted user 1
logical reads limit 1
logon triggers
- externally initialized application contexts 1
- for application context packages 1
- running database session application context package 1
- secure application roles 1
LOGSTDBY_ADMINISTRATOR role 1

M

malicious database administrators 1
- See also: security attacks
manager default password 1
managing roles with RADIUS server 1
materialized views
- auditing 1
MD5 message digest algorithm 1
MDDATA user account 1
MDSYS user account 1
memory
- users, viewing 1
MERGE INTO statement, affected by DBMS_RLS.ADD_POLICY statement_types parameter 1
metadata links
- privilege management 1
methods
- privileges on 1
Microsoft Active Directory services 1, 2, 3, 4, 5, 6, 7, 8, 9
- about configuring connection 1
- about password authentication 1
- access, Kerberos authentication 1
- access, PKI authentication 1
- access configuration, Oracle wallet verification 1
- access configuration, testing integration 1
- account policies 1
- administrative user configuration, exclusive mapping 1
- administrative user configuration, shared access accounts 1
- dsi.ora file, about 1
- DSI file, about 1
- extending Active Directory schema 1
- ldap.ora file, creating 1, 2
- logon user name with password authentication 1
- net naming services 1
- same net service name 1
- user authorization, about 1
- user authorization, mapping Directory user group to global role 1
- user authorization, verifying 1
- user management, altering mapping definition 1
- user management, exclusively mapping Directory user to database global user 1
- user management, mapping group to shared global user 1
- user management, migrating mapping definition 1
Microsoft Active Directory services integration 1, 2
Microsoft Directory Access services 1
Microsoft Windows
- Kerberos
  - configuring for Windows 2008 Domain Controller KDC 1
middle-tier systems
- client identifiers 1
- enterprise user connections 1
- password-based proxy authentication 1
- privileges, limiting 1
- proxies authenticating users 1
- proxying but not authenticating users 1
- reauthenticating user to database 1
- USERENV namespace attributes, accessing 1
mining models
- auditing 1
mixed mode auditing capabilities 1
monitoring user actions 1
- See also: auditing, standard auditing, fine-grained auditing
multiplex multiple-client network sessions 1
multitenant container database (CDB)
- See: CDBs
multitenant option 1
My Oracle Support
- security patches, downloading 1
- user account for logging service requests 1

N

native network enryption
- disabling 1
nCipher hardware security module
- using Oracle Net tracing to troubleshoot 1
Net8
- See: Oracle Net
Netscape Communications Corporation 1
network authentication
- external authentication 1
- guidelines for securing 1
- roles, granting using 1
- Secure Sockets Layer 1
- smart cards 1
- third-party services 1
- token cards 1
- X.509 certificates 1
network connections
- denial-of-service (DoS) attacks, addressing 1
- guidelines for security 1, 2, 3
- securing 1
network encryption
- about 1
- configuring 1
network IP addresses
- guidelines for security 1
network traffic encryption 1
nondatabase users 1
- See also: application contexts, client identifiers
- about 1
- auditing 1
- clearing session data 1
- creating client session-based application contexts 1
- global application contexts
  - package example 1
  - reason for using 1
  - setting 1
  - tutorial 1
- One Big Application User authentication
  - about 1
  - features compromised by 1
  - security risks 1
- Oracle Virtual Private Database
  - how it works with 1
  - tutorial for creating a policy group 1

O

O7_DICTIONARY_ACCESSIBILITY initialization parameter
- about 1
- data dictionary protection 1
- default setting 1
- securing data dictionary with 1
obfuscation 1
object privileges 1, 2
- See also: schema object privileges
- about 1
- granting on behalf of the owner 1
- managing 1
- revoking 1
- revoking on behalf of owner 1
- schema object privileges 1
- synonyms 1
- with common privilege grants 1
objects
- applications, managing privileges in 1
- granting privileges 1
- privileges
  - applications 1
  - managing 1
- protecting in shared schemas 1
- protecting in unique schemas 1
- SYS schema, access to 1
object types
- auditing 1
OEM_ADVISOR role 1
OEM_MONITOR role 1
OE user account 1
OFB ciphertext encryption mode 1
okcreate
- Kerberos adapter utility 1
okcreate options 1
okdstry
- Kerberos adapter utility 1
okdstry options 1
okinit
- Kerberos adapter utility 1
okinit utility options 1
oklist
- Kerberos adapter utility 1
OLAP_DBA role 1
OLAP_USER role 1
OLAP_XS_ADMIN role 1
OLAPSYS user account 1
One Big Application User authentication
- See: nondatabase users
operating system
- audit files written to 1
operating systems 1
- accounts 1
- authentication
  - about 1
  - advantages 1
  - disadvantages 1
  - external 1
  - operating system user for PDB 1
  - roles, using 1
- default permissions 1
- enabling and disabling roles 1
- operating system account privileges, limiting 1
- role identification 1
- roles, granting using 1
- roles and 1
- users, limiting number of 1
operating system users
- configuring for PDBs 1
OPTIMIZER_PROCESSING_RATE role 1
ORA_ACCOUNT_MGMT predefined unified audit policy 1
ORA_CIS_RECOMMENDATIONS predefined unified audit policy 1
ORA_DATABASE_PARAMETER predefined unified audit policy 1
ORA_DV_AUDPOL2 predefined unified audit policy 1
ORA_DV_AUDPOL predefined unified audit policy 1
ORA_LOGON_FAILURES predefined unified audit policy 1
ORA_SECURECONFIG predefined unified audit policy 1
ORA_STIG_PROFILE profile 1
ORA$DEPENDENCY profile 1
ORA-01720 error 1
ORA-06512 error 1, 2
ORA-06598 error 1
ORA-12650 error 1
ORA-1536 error 1
ORA-24247 error 1, 2, 3
ORA-28009 error 1
ORA-28017 error 1
ORA-28040 error 1, 2
ORA-28575 error 1
ORA-40300 error 1
ORA-40301 error 1
ORA-40302 error 1
ORA-45622 errors 1
ORA-64219: invalid LOB locator encountered 1
ORACLE_DATAPUMP access driver
- guidelines for security 1
ORACLE_OCM user account 1
Oracle Advanced Security
- checksum sample for sqlnet.ora file 1
- configuration parameters 1
- encryption sample for sqlnet.ora file 1
- Java implementation 1
- network authentication services 1
- SSL features 1
- user access to application schemas 1
Oracle Audit Vault and Database Firewall
- schema-only accounts 1
Oracle Call Interface (OCI)
- application contexts, client session-based 1
- proxy authentication 1
  - Oracle Virtual Private Database, how it works with 1
- proxy authentication with real user 1
- security-related initialization parameters 1
Oracle Connection Manager
- securing client networks with 1
Oracle Database Enterprise User Security
- password security threats 1
Oracle Database Real Application Clusters
- archive timestamp for audit records 1
- global contexts 1
Oracle Database Real Application Security
- ALL audit events 1
- auditing 1
- security class and ACL audit events 1
- session audit events 1
- user, privilege, and role audit events 1
Oracle Database Vault
- auditing 1
- command rules, audit events 1
- Data Pump, audit events 1
- enable and disable, audit events 1
- factors, audit events 1
- OLS, audit events 1
- realms, audit events 1
- rule sets and rules, audit events 1
- secure application roles, audit events 1
Oracle Data Guard
- SYSDG administrative privilege 1
Oracle Data Mining
- audit events 1
Oracle Data Pump
- audit events 1
- exported data from VPD policies 1
- unified audit trail 1
Oracle Developer Tools For Visual Studio (ODT)
- debugging using Java Debug Wire Protocol 1
Oracle E-Business Suite
- schema-only accounts 1
Oracle Enterprise Manager
- PDBs 1
- statistics monitor 1
Oracle Enterprise Security Manager
- role management with 1
Oracle home
- default permissions, disallowing modification 1
Oracle Internet Directory
- Diffie-Hellman SSL port 1
Oracle Internet Directory (OID)
- authenticating with directory-based service 1
- SYSDBA and SYSOPER access, controlling 1
Oracle Java Virtual Machine
- JAVA_RESTRICT initialization parameter security guideline 1
Oracle Java Virtual Machine (OJVM)
- permissions, restricting 1
Oracle Label Security
- audit events 1
- auditing 1
- auditing internal predicates in policies 1
- user session label audit events 1
Oracle Label Security (OLS)
- Oracle Virtual Private Database, using with 1
OracleMetaLink
- See: My Oracle Support
Oracle native encryption
- configured with SSL authentication 1
Oracle Net
- firewall support 1
Oracle parameters
- authentication 1
Oracle Password Protocol 1
Oracle Real Application Clusters
- global application contexts 1
- SYSRAC administrative privilege 1
Oracle Real Application Security
- auditing internal predicates in policies 1
Oracle Recovery Manager
- audit events 1
- auditing 1
- SYSBACKUP administrative privilege 1
Oracle Scheduler
- sensitive credential data
  - about 1
  - data dictionary views 1
  - deleting 1
  - encrypting 1
  - multitenant environment 1
  - rekeying 1
  - restoring functioning of lost keystore 1
Oracle SQL*Loader
- Direct Load Path audit events 1
Oracle Technology Network
- security alerts 1
Oracle Virtual Private Database
- exporting data using Data Pump Export 1
Oracle Virtual Private Database (VPD)
- about 1
- ANSI operations 1
- application containers 1
- application contexts
  - tutorial 1
  - used with 1
- applications
  - how it works with 1
  - users who are database users, how it works with 1
- applications using for security 1
- automatic reparsing, how it works with 1
- benefits 1
- CDBs 1
- column level 1
- column-level display 1
- column masking behavior
  - enabling 1
  - restrictions 1
- components 1
- configuring 1
- cursors, shared 1
- edition-based redefinitions 1
- editions, results in 1
- Enterprise User Security proxy authentication, how it works with 1
- exporting data 1
- extended data objects in views 1
- finding information about 1
- flashback query, how it works with 1
- function
  - components 1
  - how it is executed 1
- JDBC proxy authentication, how it works with 1
- nondatabase user applications, how works with 1
- OCI proxy authentication, how it works with 1
- Oracle Label Security
  - exceptions in behavior 1
  - using with 1
- outer join operations 1
- performance benefit 1
- policies, Oracle Virtual Private Database
  - about 1
  - applications, validating 1
  - attaching to database object 1
  - column display 1
  - column-level display, default 1
  - dynamic 1
  - multiple 1
  - optimizing performance 1
  - privileges used to run 1
  - SQL statements, specifying 1
- policy groups
  - about 1
  - benefits 1
  - creating 1
  - default 1
  - tutorial, implementation 1
- policy types
  - context sensitive, about 1
  - context sensitive, altering existing policy 1
  - context-sensitive, audited 1
  - context sensitive, creating 1
  - context sensitive, refreshing 1
  - context sensitive, restricting evaluation 1
  - context sensitive, when to use 1
  - DYNAMIC 1
  - dynamic, audited 1
  - shared context sensitive, about 1
  - shared context sensitive, when to use 1
  - shared static, about 1
  - shared static, when to use 1
  - static, about 1
  - static, audited 1
  - static, when to use 1
  - summary of features 1
- privileges required to create policies 1
- SELECT FOR UPDATE statements in policies 1
- tutorial, simple 1
- user models 1
- Web-based applications, how it works with 1
Oracle Virtual Private Datebase (VPD)
- predicates
  - audited in fine-grained audit policies 1
  - audited in unified audit policies 1
Oracle Wallet Manager
- X.509 Version 3 certificates 1
Oracle wallets
- authentication method 1
- setting location 1
- sqlnet.listener.ora setting 1
- sqlnet.ora location setting 1
orapki utility
- about 1
- adding a certificate request to a wallet with 1
- adding a root certificate to a wallet with 1
- adding a trusted certificate to a wallet with 1
- adding user certificates to a wallet with 1
- cert create command 1
- cert display command 1
- certificate revocation lists 1
- changing the wallet password with 1
- converting wallet to use AES256 algorithm 1
- creating a local auto-login wallet with 1
- creating an auto-login wallet with 1, 2
- creating a wallet with 1
- creating signed certificates for testing 1
- crl delete command 1
- crl display command 1
- crl hash command 1
- crl list command 1
- crl upload command 1
- examples 1
- exporting a certificate from a wallet with 1
- exporting a certificate request from a wallet with 1
- managing certificate revocation lists 1
- syntax 1
- viewing a test certificate with 1
- viewing a wallet with 1
- wallet add command 1
- wallet convert command 1
- wallet create command 1
- wallet display command 1
- wallet export command 1
ORAPWD utility
- case sensitivity in passwords 1
- changing SYS password 1
- changing SYS password with 1
ORDDATA user account 1
ORDPLUGINS user account 1
ORDSYS user account 1
OS_AUTHENT_PREFIX parameter 1
OS_ROLES initialization parameter
- operating-system authorization and 1
- operating system role grants 1
- REMOTE_OS_ROLES and 1
- using 1
OSS.SOURCE.MY_WALLET parameter 1, 2
outer join operations
- Oracle Virtual Private Database affect on 1

P

packages
- auditing 1, 2
- examples 1
- examples of privilege use 1
- granting roles to 1
- privileges
  - divided by construct 1
  - executing 1, 2
parallel execution servers 1
parallel query, and SYS_CONTEXT 1
parameters
- authentication
  - Kerberos 1
  - RADIUS 1
  - Secure Sockets Layer (SSL) 1
- configuration for JDBC 1
- encryption and checksumming 1
pass phrase
- read and parse server.key file 1
PASSWORD_LIFE_TIME profile parameter 1
PASSWORD_LOCK_TIME profile parameter 1
PASSWORD_REUSE_MAX profile parameter 1
PASSWORD_REUSE_TIME profile parameter 1
PASSWORD command
- about 1
password complexity functions
- aboutr 1
- administrative users, for 1
- customizing 1
- enabling 1
- how database checks password complexity 1
- ora12c_stig_verify_function 1
- ora12c_strong_verify_function 1
- ora12c_verify_function 1
- privileges required 1
- verify_function_11G 1
password files
- case sensitivity, effect on SEC_CASE_SENSITIVE_LOGON parameter 1
- how used to authenticate administrators 1
- migration of for administrative users 1
password limits
- administrative logins 1
password management
- inactive user accounts, locking automatically 1
passwords 1
- See also: authentication, and access control list (ACL), wallet access
- 10G password version, finding and resetting 1
- about managing 1
- account locking 1
- administrator
  - authenticating with 1
  - guidelines for securing 1
- aging and expiration 1
- altering 1
- ALTER PROFILE statement 1
- application design guidelines 1
- applications, strategies for protecting passwords 1
- brute force attacks 1
- case sensitivity, configuring 1
- changing for roles 1
- changing SYS with ORAPWD utility 1
- complexity, guidelines for enforcing 1
- complexity verification
  - about 1
- connecting without 1
- CREATE PROFILE statement 1
- danger in storing as clear text 1
- database user authentication 1
- default, finding 1
- default profile settings
  - about 1
- default user account 1
- delays for incorrect passwords 1
- duration 1
- encrypting 1, 2
- examples of creating 1
- expiring
  - explicitly 1
  - procedure for 1
  - proxy account passwords 1
  - with grace period 1
- failed logins, resetting 1
- grace period, example 1
- guidelines for security 1
- history 1, 3
- Java code example to read passwords 1
- length 1
- lifetime for 1
- life time set too low 1
- lock time 1
- management rules 1
- managing 1
- maximum reuse time 1
- ORAPWD utility 1
- PASSWORD_LOCK_TIME profile parameter 1
- PASSWORD_REUSE_MAX profile parameter 1
- PASSWORD_REUSE_TIME profile parameter 1
- password complexity verification 1
  - how database checks 1
  - ora12c_stig_verify_function 1
  - ora12c_verify_function function 1
  - privileges required 1
  - verify_function_11G function 1
- password file risks 1
- policies 1
- privileges for changing for roles 1
- privileges to alter 1
- protections, built-in 1
- proxy authentication 1
- requirements
  - additional 1
  - minimum 1
- reusing 1, 2
- reusing passwords 1
- role password case sensitivity 1
- roles authenticated by passwords 1
- roles enabled by SET ROLE statement 1
- secure external password store 1
- security risks 1
- SYS account 1
- SYS and SYSTEM 1
- used in roles 1
- utlpwdmg.sql password script
  - password management 1
- verified using SHA-512 hash function 1
- versions, management of 1
password versions
- target databases that run earlier releases 1
- using 12C exclusively 1
PDB_DBA role 1
PDB lockdown profiles
- about 1
- creating 1
- default 1
- disabling 1
- dropping 1
- enabling 1
- inheritance 1
PDBs
- application common users
  - about 1
- auditing
  - types of audit settings allowed 1
  - unified audit policy syntax 1
  - what can be audited 1
- CDB common users
  - about 1
- common roles
  - about 1
  - creating 1
  - granting 1
  - how they work 1
  - privileges required for management 1
  - revoking 1
  - rules for creating 1
- common users
  - accessing data in PDBs 1
  - creating 1
  - viewing privilege information 1
- Enterprise Manager
  - about 1
  - creating common roles 1
  - creating common users 1
  - creating local roles 1
  - creating local users 1
  - dropping common roles 1
  - dropping common users 1
  - dropping local roles 1
  - dropping local users 1
  - editing common roles 1
  - editing common users 1
  - editing local roles 1
  - editing local users 1
  - logging in 1
  - revoking common privilege grants 1
  - revoking local privilege grants 1
  - switching to different container 1
- fine-grained audit policies 1
- local roles
  - about 1
  - creating 1
  - rules for creating 1
- local users
  - about 1
  - creating 1
- operating system user configuration 1
- operating system user for, setting 1
- privilege analysis 1
- privileges
  - common 1
  - granting 1
  - how affected 1
  - object 1
  - revoking 1
  - viewing information about 1
- PUBLIC role 1
- sqlnet.ora settings 1
- transparent sensitive data protection 1
- viewing information about 1
- Virtual Private Database policies 1
performance
- application contexts 1
- auditing 1
- Oracle Virtual Private Database policies 1
- Oracle Virtual Private Database policy types 1
- resource limits and 1
permissions
- default 1
- run-time facilities 1
PKCS #11 devices 1
PKCS #11 error
- ORA-40300 1
- ORA-40301 1
- ORA-40302 1
PKI
- See: public key infrastructure (PKI)
PL/SQL
- roles in procedures 1
PL/SQL packages
- auditing 1, 2
PL/SQL procedures
- setting application context 1
PL/SQL stored procedures
- network access for debugging operations 1
PMON background process
- application contexts, cleaning up 1
PM user account 1
POODLE attacks, preventing with 1
positional parameters
- security risks 1
predefined schema user accounts 1
principle of least privilege 1
- about 1
- granting user privileges 1
- middle-tier privileges 1
privilege analysis
- about 1
- accessing reports in Cloud Control 1
- benefits 1
- CDBs 1
- creating 1
- creating role in Cloud Control 1
- data dictionary views 1
- DBMS_PRIVILEGE_CAPTURE PL/SQL package 1
- disabling 1
- dropping 1
- enabling 1
- examples of creating and enabling 1
- general steps for managing 1
- generating regrant scripts 1
- generating reports
  - about 1
  - in Cloud Control 1
  - using DBMS_PRIVILEGE_CAPTURE.GENERATE_REPORT 1
- generating revoke scripts 1
- logon users 1
- multiple named capture runs 1
- pre-compiled database objects 1
- privilege uses captured 1
- requirements for using 1
- restrictions 1
- revoking and re-granting in Cloud Control 1
- revoking and regranting using scripts 1
- tutorial 1
- tutorial for ANY privileges 1
- use cases 1
  - finding application pool privileges 1
  - finding overly privileged users 1
privileges 1
- See also: access control list (ACL) and system privileges, privilege captures
- about 1
- access control lists, checking for external network services 1
- altering
  - passwords 1
  - users 1
- altering role authentication method 1
- applications, managing 1
- auditing, recommended settings for 1
- auditing use of 1
- cascading revokes 1
- column 1
- compiling procedures 1
- creating or replacing procedures 1
- creating users 1
- data links 1
  - privilege management 1
- dropping profiles 1
- extended data links 1
  - privilege management 1
- granting
  - about 1, 2
  - examples 1, 2
  - object privileges 1, 2
  - system 1
  - system privileges 1
- grants, listing 1
- grouping with roles 1
- managing 1
- metadata links 1
- middle tier 1
- object 1, 2, 3
  - granting and revoking 1
- on selected columns 1
- procedures 1
  - creating and replacing 1
  - executing 1
  - in packages 1
- READ ANY TABLE system privilege
  - about 1
  - restrictions 1
- READ object privilege 1
- reasons to grant 1
- revoking privileges
  - about 1
  - object 1
  - object privileges, cascading effect 1
  - object privileges, requirements for 1
  - schema object 1
- revoking system privileges 1
- roles
  - creating 1
  - dropping 1
  - restrictions on 1
- roles, why better to grant 1
- schema object 1
  - DML and DDL operations 1
  - packages 1
  - procedures 1
- SELECT system privilege 1
- SQL statements permitted 1
- synonyms and underlying objects 1
- system
  - granting and revoking 1
  - SELECT ANY DICTIONARY 1
- SYSTEM and OBJECT 1
- system privileges
  - about 1
- trigger privileges 1
- used for Oracle Virtual Private Database policy functions 1
- view privileges
  - creating a view 1
  - using a view 1
- views 1
procedures
- auditing 1, 2
- compiling 1
- definer’s rights
  - about 1
  - roles disabled 1
- examples of 1
- examples of privilege use 1
- granting roles to 1
- invoker’s rights
  - about 1
  - roles used 1
- privileges for procedures
  - create or replace 1
  - executing 1
  - executing in packages 1
- privileges required for 1
- security enhanced by 1
process monitor process (PMON)
- cleans up timed-out sessions 1
PRODUCT_USER_PROFILE table
- SQL commands, disabling with 1
profile parameters
- FAILED_LOGIN_ATTEMPTS 1
- INACTIVE_ACCOUNT_TIME 1, 2
- PASSWORD_GRACE_TIME 1, 2
- PASSWORD_LIFE_TIME 1, 2, 3
- PASSWORD_LOCK_TIME 1, 2
- PASSWORD_REUSE_MAX 1, 2
- PASSWORD_REUSE_TIME 1, 2
profiles 1
- about 1
- application 1
- assigning to user 1
- CDB 1
- common 1
- creating 1
- dropping 1
- finding information about 1
- finding settings for default profile 1
- managing 1
- ora_stig_profile user profile 1
- privileges for dropping 1
- specifying for user 1
- viewing 1
program units
- granting roles to 1
PROVISIONER role 1
PROXY_USERS view 1
proxy authentication
- about 1
- advantages 1
- auditing operations 1
- auditing users 1
- client-to-middle tier sequence 1
- creating proxy user accounts 1
- middle-tier
  - authorizing but not authenticating users 1
  - authorizing to proxy and authenticate users 1
  - limiting privileges 1
  - reauthenticating users 1
- passwords, expired 1
- privileges required for creating users 1
- secure external password store, used with 1
- security benefits 1
- users, passing real identity of 1
proxy user accounts
- privileges required for creation 1
pseudo columns
- USER 1
PUBLIC_DEFAULT profile
- profiles, dropping 1
public key infrastructure (PKI) 1
- about 1
Public Key Infrastructure (PKI)
- certificate 1
- certificate authority 1
- certificate revocation lists 1
- PKCS #11 hardware devices 1
- wallets 1
PUBLIC role
- about 1
- granting and revoking privileges 1
- procedures and 1
- security domain of users 1
PUBLIC role, CDBs 1

Q

quotas
- tablespace 1
- temporary segments and 1
- unlimited 1
- viewing 1

R

RADIUS 1
- accounting 1
- asynchronous authentication mode 1
- authentication modes 1
- authentication parameters 1
- challenge-response
  - authentication 1
  - user interface 1, 2
- configuring 1
- database links not supported 1
- initialization parameter file setting 1
- location of secret key 1
- minimum parameters to set 1
- smartcards and 1, 2, 3, 4
- SQLNET.AUTHENTICATION_SERVICES parameter 1
- sqlnet.ora file sample 1
- SQLNET.RADIUS_ALTERNATE_PORT parameter 1
- SQLNET.RADIUS_ALTERNATE_RETRIES parameter 1
- SQLNET.RADIUS_ALTERNATE_TIMEOUT parameter 1
- SQLNET.RADIUS_ALTERNATE parameter 1
- SQLNET.RADIUS_AUTHENTICATION_INTERFACE parameter 1
- SQLNET.RADIUS_AUTHENTICATION_PORT parameter 1
- SQLNET.RADIUS_AUTHENTICATION_RETRIES parameter 1
- SQLNET.RADIUS_AUTHENTICATION parameter 1
- SQLNET.RADIUS_CHALLENGE_KEYWORD parameter 1
- SQLNET.RADIUS_CHALLENGE_RESPONSE parameter 1
- SQLNET.RADIUS_CLASSPATH parameter 1
- SQLNET.RADIUS_SECRET parameter 1
- SQLNET.RADIUS_SEND_ACCOUNTING parameter 1
- synchronous authentication mode 1
- system requirements 1
RADIUS authentication 1
READ ANY TABLE system privilege
- about 1
- restrictions 1
READ object privilege
- about 1
- guideline for using 1
- SQL92_SECURITY initialization parameter 1
reads
- limits on data blocks 1
realm (Kerberos) 1
REDACT_AUDIT transparent sensitive data protection default policy 1
redo log files
- auditing committed and rolled back transactions 1
REFERENCES privilege
- CASCADE CONSTRAINTS option 1
- revoking 1, 2
REMOTE_OS_AUTHENT initialization parameter
- guideline for securing 1
- setting 1
REMOTE_OS_ROLES initialization parameter
- OS role management risk on network 1
- setting 1
remote authentication 1
remote debugging
- configuring network access 1
resource limits
- about 1
- call level, limiting 1
- connection time for each session 1
- CPU time, limiting 1
- determining values for 1
- idle time in each session 1
- logical reads, limiting 1
- private SGA space for each session 1
- profiles 1
- session level, limiting 1
- sessions
  - concurrent for user 1
  - elapsed connection time 1
  - idle time 1
  - SGA space 1
- types 1
RESOURCE privilege
- CREATE SCHEMA statement, needed for 1
RESOURCE role 1
- about 1
restrictions 1
REVOKE CONNECT THROUGH clause
- revoking proxy authorization 1
REVOKE statement
- system privileges and roles 1
- when takes effect 1
revoking privileges and roles
- cascading effects 1
- on selected columns 1
- REVOKE statement 1
- specifying ALL 1
- when using operating-system roles 1
ROLE_SYS_PRIVS view
- application privileges 1
ROLE_TAB_PRIVS view
- application privileges, finding 1
role identification
- operating system accounts 1
roles 1
- See also: secure application roles
- about 1, 2
- ADM_PARALLEL_EXECUTE_TASK role 1
- ADMIN OPTION and 1
- advantages in application use 1
- application 1, 2, 3, 5
- application privileges 1
- applications, for user 1
- AUDIT_ADMIN role 1
- AUDIT_VIEWER role 1
- AUTHENTICATEDUSER role 1
- authorization 1
- authorized by enterprise directory service 1
- CAPTURE_ADMIN role 1
- CDB_DBA role 1
- changing authorization for 1
- changing passwords 1
- common, auditing 1
- common, granting 1
- CONNECT role
  - about 1
- create your own 1
- CSW_USR_ROLE role 1
- CTXAPP role 1
- CWM_USER role 1
- database role, users 1
- DATAPUMP_EXP_FULL_DATABASE role 1
- DATAPUMP_IMP_FULL_DATABASE role 1
- DBA role 1
- DBFS_ROLE role 1
- DDL statements and 1
- default 1
- default, setting for user 1
- definer’s rights procedures disable 1
- dependency management in 1
- disabling 1
- dropping 1
- EJBCLIENT role 1
- EM_EXPRESS_ALL role 1
- EM_EXPRESS_BASIC role 1
- enabled or disabled 1, 2
- enabling 1, 2
- enterprise 1, 2
- EXP_FULL_DATABASE role 1
- external 1
- functionality 1, 2
- functionality of 1
- GATHER_SYSTEM_STATISTICS role 1
- GLOBAL_AQ_USER_ROLE role 1
- global authorization 1
  - about 1
- global roles
  - about 1
  - creating 1
  - example 1
  - external sources, and 1
- granted to other roles 1
- granting and revoking to program units 1
- granting roles
  - about 1
  - methods for 1
  - system 1
  - system privileges 1
- granting to program units 1
- GRANT statement 1
- guidelines for security 1
- HS_ADMIN_EXECUTE_ROLE role 1
- HS_ADMIN_ROLE role 1
- HS_ADMIN_SELECT_ROLE role 1
- IMP_FULL_DATABASE role 1
- in applications 1
- indirectly granted 1
- invoker’s rights procedures use 1
- JAVA_ADMIN role 1
- JAVADEBUGPRIV role 1
- JAVAIDPRIV role 1
- JAVASYSPRIV role 1
- JAVAUSERPRIV role 1
- JMXSERVER role 1
- job responsibility privileges only 1
- LBAC_DBA role 1
- listing grants 1
- listing privileges and roles in 1
- listing roles 1
- LOGSTDBY_ADMINISTRATOR role 1
- management using the operating system 1
- managing roles
  - about 1
  - categorizing users 1
- managing through operating system 1
- managing with RADIUS server 1
- maximum number a user can enable 1
- multibyte characters in names 1
- multibyte characters in passwords 1
- naming 1
- network authorization 1
- network client authorization 1
- OEM_ADVISOR role 1
- OEM_MONITOR role 1
- OLAP_DBA role 1
- OLAP_USER role 1
- OLAP_XS_ADMIN role 1
- One Big Application User, compromised by 1
- operating system 1
- operating system authorization 1
- operating-system authorization 1
- operating system granting of 1
- operating system identification of 1
- operating system-managed 1, 2
- operating system management and the shared server 1
- OPTIMIZER_PROCESSING_RATE role 1
- password case sensitivity 1
- PDB_DBA role 1
- predefined 1
- privilege analysis 1
- privileges, changing authorization method for 1
- privileges, changing passwords 1
- privileges for creating 1
- privileges for dropping 1
- PROVISIONER role 1
- RESOURCE role 1
- restricting from tool users 1
- restrictions on privileges of 1
- REVOKE statement 1
- revoking 1, 2
- SCHEDULER_ADMIN role 1
- schemas do not contain 1
- security domains of 1
- SET ROLE statement
  - about 1
  - example 1
  - OS_ROLES parameter 1
- setting in PL/SQL blocks 1
- SODA_APP role 1
- SPATIAL_CSW_ADMIN role 1
- SPATIAL_WFS_ADMIN role 1
- unique names for 1
- use of passwords with 1
- user 1, 2
- users capable of granting 1
- uses of 1, 2
- WFS_USR_ROLE role 1
- WITH GRANT OPTION and 1
- without authorization 1
- WM_ADMIN_ROLE role 1
- XDB_SET_INVOKER roles 1
- XDB_WEBSERVICES_OVER_HTTP role 1
- XDB_WEBSERVICES_WITH_PUBLIC role 1
- XDB_WEBSERVICES role 1
- XDBADMIN role 1
- XS_CACHE_ADMIN role 1
- XS_NSATTR_ADMIN role 1
- XS_RESOURCE role 1
root container
- viewing information about 1
root file paths
- for files and packages outside the database 1
row-level security
- See: fine-grained access control, Oracle Virtual Private Database (VPD)
RSA private key 1
run-time facilities 1
- restriction permissions 1

S

Sarbanes-Oxley Act
- auditing to meet compliance 1
SCHEDULER_ADMIN role
- about 1
schema-independent users 1
schema object privileges 1
schema objects
- cascading effects on revoking 1
- default tablespace for 1
- dropped users, owned by 1
- granting privileges 1
- privileges
  - DML and DDL operations 1
  - granting and revoking 1
  - view privileges 1
- privileges on 1
- privileges to access 1
- privileges with 1
- revoking privileges 1
schema-only accounts 1
schemas
- auditing, recommended settings for 1
- private 1
- shared, protecting objects in 1
- shared among enterprise users 1
- unique 1
- unique, protecting objects in 1
schema user accounts, predefined 1
SCOTT user
- about 1
SCOTT user account
- restricting privileges of 1
SEC_CASE_SENSITIVE_LOGON initialization parameter
- deprecated 1
SEC_CASE_SENSITIVE_LOGON parameter
- conflict with SQLNET.ALLOWED_LOGON_VERSION_SERVER setting 1
- secure role passwords 1
SEC_MAX_FAILED_LOGIN_ATTEMPTS initialization parameter 1
SEC_PROTOCOL_ERROR_FURTHER_ACTION initialization parameter 1
sec_relevant_cols_opt parameter 1
SEC_RETURN_SERVER_RELEASE_BANNER initialization parameter 1
SEC_USER_AUDIT_ACTION_BANNER initialization parameter 1
SEC_USER_UNAUTHORIZED_ACCESS_BANNER initialization parameter 1
secconf.sql script
- password settings 1
secret key
- location in RADIUS 1
secure application roles
- about 1
- creating 1
- creating PL/SQL package 1
- finding with DBA_ROLES view 1
- invoker’s rights 1
- invoker’s rights requirement 1
- package for 1
- user environment information from SYS_CONTEXT SQL function 1
- using to ensure database connection 1
secure external password store
- about 1
- client configuration 1
- examples 1
- how it works 1
- proxy authentication, used with 1
Secure Sockets Layer (SSL) 1
- about 1
- ANO encryption and 1
- architecture 1
- AUTHENTICATION parameter 1
- authentication parameters 1
- authentication process in an Oracle environment 1
- certificate key algorithm 1
- cipher suites 1, 2
- client and server parameters 1
- client authentication parameter 1
- client configuration 1
- combining with other authentication methods 1
- configuration files, securing 1
- configuration troubleshooeting 1
- configuring 1
- configuring ANO encryption with 1
- configuring for SYSDBA or SYSOPER access 1
- enabling 1
- filtering certificates 1
- FIPS mode setting (SSLFIPS_140) 1
- global users with private schemas 1
- guidelines for security 1
- handshake 1
- industry standard protocol 1
- listener, administering 1
- MD5 certification 1
- mode 1
- multiple certificates, filtering 1
- parameters, ways of configuring 1
- pass phrase 1
- requiring client authentication 1
- RSA private key 1
- Secure Sockets Layer (SSL)
  - SSL_CLIENT_AUTHENTICATION 1
- securing SSL connection 1
- server.key file 1
- server configuration 1
- SHA–1 certification 1
- SQLNET.AUTHENTICATION_SERVICES parameter 1
- sqlnet.ora file sample 1
- SSL_CIPHER_SUITES parameter 1
- SSL_CLIENT_AUTHENTICATION parameter 1
- SSL_SERVER_CERT_DN 1
- SSL_SERVER_DN_MATCH 1
- SSL_VERSION parameter 1
- system requirements 1
- TCPS 1
- version parameter 1
- wallet location, parameter 1
- ways to configure parameters for 1
SecurID 1
- token cards 1
security 1
- See also: security risks
- application enforcement of 1
- default user accounts
  - locked and expired automatically 1
  - locking and expiring 1
- domains, enabled roles and 1
- enforcement in application 1
- enforcement in database 1
- multibyte characters in role names 1
- multibyte characters in role passwords 1
- passwords 1
- policies
  - applications 1
  - SQL*Plus users, restricting 1
  - tables or views 1
- procedures enhance 1
- resources, additional 1
- roles, advantages in application use 1
security alerts 1
security attacks 1
- See also: security risks
- access to server after protocol errors, preventing 1
- application context values, attempts to change 1
- application design to prevent attacks 1
- command line recall attacks 1, 2
- denial of service 1
- denial-of-service
  - bad packets, addressing 1
- denial-of-service attacks through listener 1
- disk flooding, preventing 1
- eavesdropping 1
- encryption, problems not solved by 1
- falsified IP addresses 1
- falsified or stolen client system identities 1
- hacked operating systems or applications 1
- intruders 1
- password cracking 1
- password protections against 1
- preventing malicious attacks from clients 1
- preventing password theft with proxy authentication and secure external password store 1
- session ID, need for encryption 1
- shoulder surfing 1
- SQL injection attacks 1
- unlimited authenticated requests, preventing 1
- user session output, hiding from intruders 1
security domains
- enabled roles and 1
security patches
- about 1
- downloading 1
security policies
- See: Oracle Virtual Private Database, policies
security risks 1
- See also: security attacks
- ad hoc tools 1
- applications enforcing rather than database 1
- application users not being database users 1
- bad packets to server 1
- database version displaying 1
- encryption keys, users managing 1
- invoker’s rights procedures 1
- password files 1
- passwords, exposing in programs or scripts 1
- passwords exposed in large deployments 1
- positional parameters in SQL scripts 1
- privileges carelessly granted 1
- remote user impersonating another user 1
- sensitive data in audit trail 1
- server falsifying identities 1
- users with multiple roles 1
security settings scripts
- password settings
  - secconf.sql 1
Security Sockets Layer (SSL)
- use of term includes TLS 1
Security Technical Implementation Guides (STIG)
- ora_stig_profile user profile 1
- ora12c_stig_verify_function password complexity function 1
SEED encryption algorithm 1
SELECT_CATALOG_ROLE role
- SYS schema objects, enabling access to 1
SELECT ANY DICTIONARY privilege
- data dictionary, accessing 1
- exclusion from GRANT ALL PRIVILEGES privilege 1
SELECT FOR UPDATE statement in Virtual Private Database policies 1
SELECT object privilege
- guideline for using 1
- privileges enabled 1
separation of duty concepts 1
sequences
- auditing 1
server.key file
- pass phrase to read and parse 1
SESSION_ROLES data dictionary view
- PUBLIC role 1
SESSION_ROLES view
- queried from PL/SQL block 1
sessions
- listing privilege domain of 1
- memory use, viewing 1
- time limits on 1
- when auditing options take effect 1
SET ROLE statement
- application code, including in 1
- associating privileges with role 1
- disabling roles with 1
- enabling roles with 1
- when using operating-system roles 1
SGA
- See: System Global Area (SGA)
SHA-512 cryptographic hash function
- enabling exclusive mode 1
Shared Global Area (SGA)
- See: System Global Area (SGA)
shared server
- limiting private SQL areas 1
- operating system role management restrictions 1
shoulder surfing 1
SH user account 1
SI_INFORMTN_SCHEMA user account 1
smartcards 1
- and RADIUS 1, 2, 3, 4
smart cards
- guidelines for security 1
SODA_APP role 1
SPATIAL_CSW_ADMIN_USR user account 1
SPATIAL_CSW_ADMIN role 1
SPATIAL_WFS_ADMIN_USR user account 1
SPATIAL_WFS_ADMIN role 1
SQL*Net
- See: Oracle Net Services
SQL*Plus
- connecting with 1
- restricting ad hoc use 1
- statistics monitor 1
SQL92_SECURITY initialization parameter
- READ object privilege impact 1
SQL Developer
- debugging using Java Debug Wire Protocol 1
SQL injection attacks 1
SQLNET.ALLOWED_LOGON_VERSION
- See: SQLNET.ALLOWED_LOGON_VERSION_CLIENT, SQLNET.ALLOWED_LOGON_VERSION_SERVER,
SQLNET.ALLOWED_LOGON_VERSION_CLIENT
- target databases from earlier releases 1
SQLNET.ALLOWED_LOGON_VERSION_SERVER
- target databases from earlier releases 1
- using only 12C password version 1
SQLNET.ALLOWED_LOGON_VERSION_SERVER parameter
- conflict with SEC_CASE_SENSITIVE_LOGON FALSE setting 1
- effect on role passwords 1
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter 1
SQLNET.AUTHENTICATION_SERVICES parameter 1, 2, 4, 5, 6, 7, 8, 9, 10, 11
SQLNET.CRYPTO_CHECKSUM_CLIENT parameter 1, 2
SQLNET.CRYPTO_CHECKSUM_SERVER parameter 1, 2
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter 1, 2
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter 1, 2
SQLNET.ENCRYPTION_CLIENT
- with ANO encryption and SSL authentication 1
SQLNET.ENCRYPTION_CLIENT parameter 1, 2, 3
SQLNET.ENCRYPTION_SERVER
- with ANO encryption and SSL authentication 1
SQLNET.ENCRYPTION_SERVER parameter 1, 2, 3
SQLNET.ENCRYPTION_TYPES_CLIENT parameter 1, 2
SQLNET.ENCRYPTION_TYPES_SERVER parameter 1, 2
SQLNET.IGNORE_ANO_ENCRYPTION_FOR_TCPS
- setting 1
- with ANO encryption and SSL authentication 1
SQLNET.KERBEROS5_CC_NAME parameter 1
SQLNET.KERBEROS5_CLOCKSKEW parameter 1
SQLNET.KERBEROS5_CONF parameter 1
SQLNET.KERBEROS5_REALMS parameter 1
sqlnet.ora file
- Common sample 1
- FIPS 140-2
  - Cipher Suite settings 1
  - enabling tracing 1
- Kerberos sample 1
- Oracle Advanced Security checksum sample 1
- Oracle Advanced Security encryption sample 1
- Oracle wallet setting 1
- OSS.SOURCE.MY_WALLET parameter 1, 2
- parameters for clients and servers using Kerberos 1
- parameters for clients and servers using RADIUS 1
- parameters for clients and servers using SSL 1
- PDBs 1
- RADIUS sample 1
- sample 1
- SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter 1
- SQLNET.AUTHENTICATION_SERVICES parameter 1, 2, 4, 5, 6, 7, 8
- SQLNET.CRYPTO_CHECKSUM_CLIENT parameter 1
- SQLNET.CRYPTO_CHECKSUM_SERVER parameter 1
- SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter 1, 2
- SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter 1, 2
- SQLNET.ENCRYPTION_CLIEN parameter 1
- SQLNET.ENCRYPTION_CLIENT parameter 1
- SQLNET.ENCRYPTION_SERVER parameter 1, 2, 3
- SQLNET.ENCRYPTION_TYPES_CLIENT parameter 1
- SQLNET.ENCRYPTION_TYPES_SERVER parameter 1
- SQLNET.KERBEROS5_CC_NAME parameter 1
- SQLNET.KERBEROS5_CLOCKSKEW parameter 1
- SQLNET.KERBEROS5_CONF parameter 1
- SQLNET.KERBEROS5_REALMS parameter 1
- SQLNET.SSL_EXTENDED_KEY_USAGE 1
- SSL_CLIENT_AUTHENTICATION parameter 1
- SSL_CLIENT_AUTHETNICATION parameter 1
- SSL_VERSION parameter 1, 2
- SSL sample 1
- Trace File Set Up sample 1
sqlnet.ora parameters
- ADD_SSLV3_TO_DEFAULT 1
SQLNET.RADIUS_ALTERNATE_PORT parameter 1, 2
SQLNET.RADIUS_ALTERNATE_RETRIES parameter 1, 2
SQLNET.RADIUS_ALTERNATE_TIMEOUT parameter 1, 2
SQLNET.RADIUS_ALTERNATE parameter 1, 2
SQLNET.RADIUS_AUTHENTICATION_INTERFACE parameter 1
SQLNET.RADIUS_AUTHENTICATION_PORT parameter 1
SQLNET.RADIUS_AUTHENTICATION_RETRIES parameter 1
SQLNET.RADIUS_AUTHENTICATION_TIMEOUT parameter 1
SQLNET.RADIUS_AUTHENTICATION parameter 1
SQLNET.RADIUS_CHALLENGE_KEYWORDparameter 1
SQLNET.RADIUS_CHALLENGE_RESPONSE parameter 1
SQLNET.RADIUS_CLASSPATH parameter 1
SQLNET.RADIUS_SECRET parameter 1
SQLNET.RADIUS_SEND_ACCOUNTING parameter 1, 2
SQLNET.SSL_EXTENDED_KEY_USAGE parameter 1
SQL statements
- dynamic 1
- object privileges permitting in applications 1
- privileges required for 1, 2
- resource limits and 1
- restricting ad hoc use 1
SQL statements, top-level in unified audit policies 1
SSL
- See: Secure Sockets Layer (SSL)
SSL_CIPHER_SUITES parameter 1
SSL_CLIENT_AUTHENTICATION parameter 1, 2
SSL_SERVER_CERT_DN parameter 1
SSL_SERVER_DN_MATCH parameter 1
SSL_VERSION parameter 1, 2, 3
standard auditing
- affected by editions 1
- archiving audit trail 1
- privilege auditing
  - about 1
  - multitier environment 1
- records
  - archiving 1
- statement auditing
  - multitier environment 1
standard audit trail
- records, purging 1
statement_types parameter of DBMS_RLS.ADD_POLICY procedure 1
storage
- quotas and 1
- unlimited quotas 1
stored procedures
- using privileges granted to PUBLIC role 1
strong authentication
- centrally controlling SYSDBA and SYSOPER access to multiple databases 1
- disabling 1
- guideline 1
symbolic links
- restricting 1
synchronous authentication mode, RADIUS 1
synonyms
- object privileges 1
- privileges, guidelines on 1
SYS_CONTEXT function
- about 1
- auditing nondatabase users with 1
- Boolean expressions used in privilege analysis 1
- database links 1
- dynamic SQL statements 1
- example 1
- parallel query 1
- syntax 1
- unified audit policies 1
- used in views 1
- validating users 1
SYS_DEFAULT Oracle Virtual Private Database policy group 1
SYS_SESSION_ROLES namespace 1
SYS.AUD$ table
- archiving 1
SYS.FGA_LOG$ table
- archiving 1
SYS.LINK$ system table 1
SYS.SCHEDULER$_CREDENTIAL system table 1
SYS account
- auditing 1
- changing password 1
- policy enforcement 1
- privilege analysis 1
SYS and SYSTEM
- passwords 1
SYS and SYSTEM accounts
- auditing 1
SYSASM privilege
- password file 1
SYSBACKUP privilege
- operations supported 1
- password file 1
SYSBACKUP user account
- about 1
SYSDBA privilege 1
- directory authentication 1
- Kerberos authentication 1
- password file 1
- SSL authentication 1
SYSDG privilege
- operations supported 1
- password file 1
SYSDG user account
- about 1
SYSKM privilege
- operations supported 1
- password file 1
SYSKM user account
- about 1
syslog
- capturing audit trail records 1
SYSLOG
- audit trail records 1
SYSMAN user account 1
SYS objects
- auditing 1
SYSOPER privilege 1
- directory authentication 1
- password file 1
SYSRAC privilege
- operations supported 1
SYS schema
- objects, access to 1
System Global Area (SGA)
- application contexts, storing in 1
- global application context information location 1
- limiting private SQL areas 1
system privileges 1
- about 1
- ADMIN OPTION 1
- ANY
  - guidelines for security 1
- CDBs 1
- GRANT ANY PRIVILEGE 1
- granting 1
- granting and revoking 1
- power of 1
- restriction needs 1
- revoking, cascading effect of 1
- SELECT ANY DICTIONARY 1
- with common privilege grants 1
system requirements
- Kerberos 1
- RADIUS 1
- SSL 1
- strong authentication 1
SYSTEM user account
- about 1
SYS user
- auditing example 1
SYS user account
- about 1

T

table encryption
- transparent sensitive data protection policy settings 1
tables
- auditing 1
- privileges on 1
tablespaces
- assigning defaults for users 1
- default quota 1
- quotas, viewing 1
- quotas for users 1
- temporary
  - assigning to users 1
- unlimited quotas 1
TCPS protocol
- Secure Sockets Layer, used with 1
- tnsnames.ora file, used in 1
TELNET service 1
TFTP service 1
thin JDBC support 1
TLS See Secure Sockets Layer (SSL) 1
token cards 1, 2
trace file
- set up sample for sqlnet.ora file 1
trace files
- access to, importance of restricting 1
- bad packets 1
- FIPS 140-2 1
- location of, finding 1
Transparent Data Encryption
- about 1
- enabling for FIPS 140-2 1
- SYSKM administrative privilege 1
Transparent Data Encryption (TDE) 1
- TSDP with TDE column encryption 1
transparent sensitive data protection (TSDP
- unified auditing
  - general steps 1
transparent sensitive data protection (TSDP)
- about 1
- altering policies 1
- benefits 1
- bind variables
  - about 1
  - expressions of conditions 1
- creating policies 1
- disabling policies 1
- disabling REDACT_AUDIT policy 1
- dropping policies 1
- enabling REDACT_AUDIT policy 1
- finding information about 1
- fine-grained auditing
  - general steps 1
- general steps 1
- PDBs 1
- privileges required 1
- REDACT_AUDIT policy 1
- sensitive columns in INSERT or UPDATE operations 1
- sensitive columns in same SELECT query 1
- sensitive columns in views 1
- TDE column encryption
  - general steps 1
  - settings used 1
- unified auditing:settings used 1
- use cases 1
- Virtual Private Database
  - DBMS_RLS.ADD_POLICY parameters 1
  - general steps 1
  - tutorial 1
transparent sensitive data protection (TSDP);
- fine-grained auditing
  - settings used 1
transparent tablespace encryption
- about 1
Transport Layer Security (SSL)
- compared to SSL 1
Transport Layer Security (TLS)
- application containers 1
triggers
- auditing 1, 2
- CREATE TRIGGER ON 1
- logon
  - examples 1
  - externally initialized application contexts 1
- privileges for executing 1
  - roles 1
- WHEN OTHERS exception 1
troubleshooting 1
- finding errors by checking trace files 1
trusted procedure
- database session-based application contexts 1
tsnames.ora configuration file 1
tutorials 1
- See also: examples
- application context, database session-based 1
- auditing
  - creating policy to audit nondatabase users 1
  - creating policy using email alert 1
- definer’s rights, database links 1
- external network services, using email alert 1
- global application context with client session ID 1
- invoker’s rights procedure using CBAC 1
- nondatabase users
  - creating Oracle Virtual Private Database policy group 1
  - global application context 1
- Oracle Virtual Private Database
  - policy groups 1
  - policy implementing 1
  - simple example 1
- privilege analysis 1
- privilege analysis for ANY privileges 1
- TSDP with VPD 1
types
- creating 1
- privileges on 1
- user defined
  - creation requirements 1

U

UDP and TCP ports
- close for ALL disabled services 1
UGA
- See: User Global Area (UGA)
UNIFIED_AUDIT_SYSTEMLOG initialization parameter
- about 1
- using 1
UNIFIED_AUDIT_TRAIL data dictionary view
- best practices for using 1
unified auditing
- benefits 1
- compared with mixed mode auditing 1
- database creation 1
- disabling 1
- enablement of 1
- finding if migrated to 1
- mixed mode auditing
  - about 1
  - capabilities 1
- purging records
  - example 1
  - general steps for manual purges 1
  - general steps for scheduledl purges 1
- transparent sensitive data protection policy settings 1
- tutorial 1
unified audit policies
- about 1
- best practices for creating 1
- dropping
  - about 1
  - procedure 1
- location of 1
- predefined
  - ORA_ACCOUNT_MGMT 1
  - ORA_CIS_RECOMMENDATIONS 1
  - ORA_DATABASE_PARAMETER 1
  - ORA_DV_AUDPOL 1
  - ORA_DV_AUDPOL2 1
  - ORA_LOGON_FAILURES 1
  - ORA_SECURECONFIG 1
- syntax for creating 1
- top-level statements 1
- users, applying to 1
- users, excluding 1
- users, success or failure 1
unified audit policies, administrative users
- configuring 1
- example 1
- users that can be audited 1
unified audit policies, altering
- about 1
- configuring 1
- examples 1
unified audit policies, application containers
- example 1
unified audit policies, CDBs
- about 1
- appearance in audit trail 1
- configuring 1
- examples 1, 2
unified audit policies, conditions
- about 1
- configuring 1
- examples 1
unified audit policies, disabling
- about 1, 2
- configuring 1
unified audit policies, enabling
- about 1
- configuring 1
- for groups of users through roles 1
unified audit policies, object actions
- about 1
- actions that can be audited 1
- appearance in audit trail 1
- configuring 1
- dictionary tables
  - auditing 1
- examples 1
- SYS objects 1
unified audit policies, Oracle Database Real Application Security
- about 1
- configuring 1
- events to audit 1
- examples 1
- how events appear in audit trail 1
- predefined
  - about 1
  - ORA_RAS_POLICY_MGMT 1
  - ORA_RAS_SESSION_MGMT 1
unified audit policies, Oracle Database Vault
- about 1
- appearance in audit trail 1
- attributes to audit 1
- configuring 1
- data dictionary views 1
- example of auditing factors 1
- example of auditing realm 1
- example of auditing rule set 1
- example of auditing two events 1
- how events appear in audit trail 1
unified audit policies, Oracle Data Miner
- about 1
unified audit policies, Oracle Data Mining
- configuring 1
- how events appear in audit trail 1
unified audit policies, Oracle Data Pump
- about 1
- appearance in audit trail 1, 2
- configuring 1
- examples 1
- how events appear in audit trail 1
unified audit policies, Oracle Label Security
- about 1
- appearance in audit trail 1
- configuring 1
- examples 1
- how events appear in audit trail 1
- LBACSYS.ORA_GET_AUDITED_LABEL function 1
unified audit policies, Oracle Recovery Manager
- about 1
- how events appear in audit trail 1
unified audit policies, Oracle SQL*Loader
- about 1
- configuring 1
- example 1
- how events appear in audit trail 1
unified audit policies, privileges
- about 1
- appearance in audit trail 1
- configuring 1
- examples 1
- privileges that can be audited 1
- privileges that cannot be audited 1
unified audit policies, roles
- about 1
- configuring 1
- examples 1
unified audit policies, top-level statements 1
- appearance in audit trail 1
- how events appear in audit trail 1
unified audit session ID, finding 1
unified audit trail
- about 1
- archiving 1
- loading audit records to 1
- Oracle Data Pump 1
- when records are created 1
- writing audit trail records to AUDSYS
  - about 1
  - immediate-write mode 1
  - minimum flush threshold for queues 1
  - queued-write mode 1
unified audit trail, object actions
- READ object actions 1
- SELECT object actions 1
unified audit trail, Oracle Data Mining
- examples 1
unified audit trail, top-level statements 1
unified audit trial
- Oracle Database Real Application Security ALL audit events 1
- Oracle Database Real Application Security security class and ACL audit events 1
- Oracle Database Real Application Security session audit events 1
- Oracle Database Real Application Security user, privilege, and role audit events 1
- Oracle Database Vault command rule events 1
- Oracle Database Vault Data Pump events 1
- Oracle Database Vault enable and disable events 1
- Oracle Database Vault factor events 1
- Oracle Database Vault OLS events 1
- Oracle Database Vault realm events 1
- Oracle Database Vault rule set and rule events 1
- Oracle Database Vault secure application role events 1
- Oracle Data Mining audit events 1
- Oracle Data Pump audit events 1
- Oracle Label Security audit events 1
- Oracle Label Security user session label events 1
- Oracle Recovery Manager audit events 1
- Oracle SQL*Loader Direct Load Path audit events 1
unified audting
- TSDP policies and 1
UNLIMITED TABLESPACE privilege 1
UPDATE privilege
- revoking 1
user accounts
- administrative user passwords 1
- application common user
  - about 1
- CDB common user
  - about 1
- common
  - creating 1
- default user account 1
- local
  - creating 1
- local user
  - about 1
- password guidelines 1
- passwords, encrypted 1
- predefined
  - administrative 1
  - non-administrative 1
  - sample schema 1
- predefined schema 1
- privileges required to create 1
- proxy users 1
user accounts, predefined
- ANONYMOUS 1
- ASMSNMP 1
- AUDSYS 1
- CTXSYS 1
- DBSNMP 1
- DIP 1
- HR 1
- IX 1
- LBACSYS 1
- MDDATA 1
- MDSYS 1
- OE 1
- OLAPSYS 1
- ORACLE_OCM 1
- ORDDATA 1
- ORDPLUGINS 1
- ORDSYS 1
- PM 1
- SCOTT 1
- SH 1
- SI_INFORMTN_SCHEMA 1
- SPATIAL_CSW_ADMIN_USR 1
- SPATIAL_WFS_ADMIN_USR 1
- SYS 1
- SYSBACKUP 1
- SYSDG 1
- SYSKM 1
- SYSTEM 1
- WMSYS 1
- XDB 1
- XS$NULL 1
USERENV function 1
- used in views 1
USERENV namespace 1
- See also: CLIENT_IDENTIFIER USERENV attribute
- about 1
User Global Area (UGA)
- application contexts, storing in 1
user names
- schemas 1
user privileges
- CDBs 1
USER pseudo column 1
users
- administrative option (ADMIN OPTION) 1
- altering 1
- altering common users 1
- altering local users 1
- application users not known to database 1
- assigning unlimited quotas for 1
- auditing 1
- database role, current 1
- default roles, changing 1
- default tablespaces 1
- dropping 1, 2
- dropping profiles and 1
- dropping roles and 1
- enabling roles for 1
- enterprise 1, 2
- enterprise, shared schema protection 1
- external authentication
  - about 1
  - advantages 1
  - assigning profiles 1
  - operating system 1
  - user creation 1
- finding information about 1
- finding information about authentication 1
- global 1
  - assigning profiles 1
- hosts, connecting to multiple
  - See external network services, fine-grained access to 1
- information about, viewing 1
- listing roles granted to 1
- memory use, viewing 1
- names
  - case sensitivity 1
  - how stored in database 1
- network authentication, external 1
- nondatabase 1, 2
- objects after dropping 1
- operating system external authentication 1
- password encryption 1
- privileges
  - for changing passwords 1
  - for creating 1
  - granted to, listing 1
  - of current database role 1
- profiles
  - assigning 1
  - creating 1
  - specifying 1
- profiles, CDB or application 1
- proxy authentication 1
- proxy users, connecting as 1
- PUBLIC role 1, 2
- quota limits for tablespace 1
- restricting application roles 1
- restrictions on user names 1
- roles and 1
  - for types of users 1
- schema-independent 1
- schemas, private 1
- security, about 1
- security domains of 1
- tablespace quotas 1
- tablespace quotas, viewing 1
- user accounts, creating 1
- user models and Oracle Virtual Private Database 1
- user name, specifying with CREATE USER statement 1
- views for finding information about 1
user sessions, multiple within single database connection 1
users supported 1
utlpwdmg.sql
- about 1

V

valid node checking 1
views
- about 1
- access control list data
  - external network services 1
  - wallet access 1
- application contexts 1
- audited activities 1
- auditing 1
- audit management settings 1
- audit trail usage 1
- authentication 1
- bind variables in TSDP sensitive columns 1
- DBA_COL_PRIVS 1
- DBA_HOST_ACES 1
- DBA_HOST_ACLS 1
- DBA_ROLE_PRIVS 1
- DBA_ROLES 1
- DBA_SYS_PRIVS 1
- DBA_TAB_PRIVS 1
- DBA_USERS_WITH_DEFPWD 1
- DBA_WALLET_ACES 1
- DBA_WALLET_ACLS 1
- definer’s rights 1
- encrypted data 1
- invoker’s rights 1
- Oracle Virtual Private Database policies 1
- privileges 1
- profiles 1
- ROLE_SYS_PRIVS 1
- ROLE_TAB_PRIVS 1
- security applications of 1
- SESSION_PRIVS 1
- SESSION_ROLES 1
- transparent sensitive data protection 1
- USER_HOST_ACES 1
- USER_WALLET_ACES 1
- users 1
Virtual Private Database
- See: Oracle Virtual Private Database
VPD
- See: Oracle Virtual Private Database
vulnerable run-time call 1
- made more secure 1

W

Wallet Manager
- See: Oracle Wallet Manager
wallets 1, 2
- See also: access control lists (ACL), wallet access
- adding certificate to 1
- authentication method 1
- certificates
  - adding to wallet 1
Web applications
- user connections 1, 2
Web-based applications
- Oracle Virtual Private Database, how it works with 1
WFS_USR_ROLE role 1
WHEN OTHERS exceptions
- logon triggers, used in 1
Windows Event Viewer
- capturing audit trail records 1
Windows native authentication 1
WITH GRANT OPTION clause
- about 1
- user and role grants 1
WM_ADMIN_ROLE role 1
WMSYS user account 1

X

X.509 certificates
- guidelines for security 1
XDB_SET_INVOKER role 1
XDB_WEBSERVICES_OVER_HTTP role
- about 1
XDB_WEBSERVICES_WITH_PUBLIC role 1
XDB_WEBSERVICES role 1
XDBADMIN role 1
XDB user account 1
XS_CACHE_ADMIN role 1
XS_NSATTR_ADMIN role 1
XS_RESOURCE role 1
XS$NULL user account 1