oracle

Oracle Key Vault Administrators Separation of administrative duties is required for secure systems. Oracle Key Vault distinguishes between key, system, and audit management functions. The corresponding roles for these functions are system administrator, key administrator, and audit manager. If desired, one user can be granted multiple roles. However, for separation of duties, it is recommended that different users have different administrative roles. This would enable one administrator to … [Read more...] about What are Oracle Key Vault Roles

Oracle Key Vault is a central, secure key, management platform. It centrally manages encryption keys such as Oracle wallets, Java keystores, and credential files, and is optimized for Oracle Advanced Security Transparent Data Encryption (TDE) master keys. In other words, Oracle Key Vault is a turnkey solution that is based on a hardened stack. It is easy to install, configure, deploy, and patch. Oracle Key Vault includes separation of duties for administrative users, full auditing, … [Read more...] about What Is Oracle Key Vault

Required Privileges To log in to Cloud Control, a user must be granted the DV_OWNER, the DV_ADMIN, or the DV_SECANALYST role. To create a security officer account that has privileges to view reports, but does not have the rights to change the Database Vault configuration, perform the following: 1. As the Database Vault Account Manager, create the security officer user: CONNECT bea_dvacctmgr/[password] CREATE USER sec_rep IDENTIFIED BY [password]; GRANT CONNECT TO sec_rep; 2. As the … [Read more...] about Auditing with Oracle Database Vault Reports

Secure Application Roles A secure application role is a database role that can be enabled by using only a specific, declared PL/SQL procedure. This procedure is usually written by an application developer. In Database Vault, the procedure is implemented by the Database Vault packages. Database Vault changes the implementation of secure application roles to ease their administration, development, and use. You can create secure application roles that are enabled based on the outcome of a rule … [Read more...] about Oracle Database – Configuring Secure Application Roles

Using Factors Factors are evaluated at the session-level. Each session that accesses the factor can have a different identity (value). For example, the Client_IP factor evaluates to the IP address of the client machine for each session. You can use factors for activities, such as authorizing database accounts to connect to the database or creating filtering logic to restrict the visibility and manageability of data. Database Vault provides a selection of factors that enable you to set … [Read more...] about Extend rule sets by using factors in Oracle Database Vault

Command rules do not have a name. They are known by the unique combination of a command, an object owner, and an object name. Therefore, you can create multiple SELECT command rules—for example, as long as the object owner and object name attributes are different in these command rules. 1. Command: The command that is being protected against. This includes: Most DDL (CREATE, ALTER, DROP, and TRUNCATE) ALTER SYSTEM - EXECUTE SELECT, INSERT, UPDATE, and DELETE 2. Status: Indicates … [Read more...] about What are Command Rules in oracle Database

After you create a rule set, Database Vault makes it available for selection for realms, factors, command rules, and secure application roles. You can also use predefined rule sets. For example, use rule sets to: Define the conditions under which a realm authorization is active (as a further restriction to realm authorization) Define when to execute a command rule Enable a secure application role Define when to assign the identity of a factor Oracle-Defined Rule Sets It is … [Read more...] about Using Rule Sets in Oracle Database Vault

When a SQL statement is processed by Database Vault, it is checked for realm violations. The steps are as follows: 1. Does the SQL statement affect objects secured by a realm? If yes, then go to Step 2. If no, then realms do not affect the SQL statement. Go to Step 7. 2. Is the realm a mandatory realm? If yes, then go to Step 4. If it is a regular realm, then go to Step 3. 3. Is the database account using a system privilege to execute the SQL statement? If yes, then go to Step 4. If no, … [Read more...] about How Realms Work in Oracle Database Vault

What is privilege analysis? To determine the least privilege access, you need to find information about the actual privilege usage in a database. For example, you might need to know the privileges required to run an application module or the privileges used in a given user session. The privilege analysis includes both system privileges and object privileges. When a user performs an action and you want to monitor the privileges that are used for this action, you can create and enable a … [Read more...] about How to use Privilege Analysis in Oracle Database