Sumário Itens Encontrados: 490Preface 1Chapter 1: Basic Database Security 7Introduction 7Creating a password profile 8Getting ready 8How to do it⦠8How it works⦠9There's more⦠9See also 10Creating password-authenticated users 10Getting ready 10How to do it⦠11How it works⦠11There's more⦠12How to create a user using EM Express 12See also 16Changing a user's password 16Getting ready 17How to do it⦠17How it works⦠18There's more⦠18See also 18Creating a user with the same credentials on another database 19Getting ready 19How to do it⦠19How it works⦠20There's more⦠20See also 21Locking a user account 21Getting ready 21How to do it⦠22How it works⦠22See also 23Expiring a user's password 23Getting ready 24How to do it⦠24How it works⦠24See also 24Creating and using OS-authenticated users 25Getting ready 25How to do it⦠25How it works⦠26There's more⦠26Creating and using proxy users 27Getting ready 27How to do it⦠27How it works⦠28There's more⦠29Creating and using database roles 30Getting ready 30How to do it⦠30How it works⦠31There's more⦠32See also 33The sysbackup privilege â how, when, and why span /should/spanspanyou/span use it? 33Getting ready 33How to do it⦠33Database authentication 33OS authentication 35How it works⦠35There's more⦠38See also 38The syskm privilege â how, when, and why span /should/spanspanyou/span use it? 38Getting ready 39How to do it⦠39Database authentication 39OS authentication 40How it works⦠40There's more⦠41See also 41The sysdg privilege â how, when, and why span /should/spanspanyou/span use it? 41Getting ready 41How to do it⦠42Database authentication 42OS authentication 42How it works⦠43There's more⦠44See also 44Chapter 2: Security Considerations in Multitenant Environment 45Introduction 45Creating a common user 47Getting ready 48How to do it⦠48How it works⦠48Rules/guidelines for creating and managing common users 49There's more⦠49How to create a common user using OEM 12c 49Creating a local user 52Getting ready 52How to do it⦠52How it works⦠52Rules/guidelines for creating and managing local users 53There's more⦠53How to create a local user using OEM 12c 53Creating a common role 54Getting ready 55How to do it⦠55How it works⦠55There's more⦠56How to create a common role using OEM 12c 57Creating a local role 58Getting ready 58How to do it⦠59How it works⦠59There's more⦠60How to create a local role using OEM 12c 60Granting privileges and roles commonly 60Getting ready 60How to do it⦠61How it works⦠62Granting privileges and roles locally 65Getting ready 66How to do it⦠66How it works⦠67Effects of plugging/unplugging operations on users, roles, andprivileges 67Getting ready 68How to do it⦠68How it works⦠69Chapter 3: PL/SQL Security 71Introduction 71Creating and using definer's rights procedures 72Getting ready 72How to do it⦠72How it works⦠74Creating and using invoker's right procedures 74Getting ready 74How to do it⦠75How it works⦠76There's more⦠77Using span /code-based access control/span 82Getting ready 82How to do it⦠82How it works⦠84There's more⦠84Restricting access to program units by using span /accessible by/span 86Getting ready 86How to do it⦠86How it works⦠88Chapter 4: Virtual Private Database 89Introduction 89Creating different policy functions 92Getting ready 92How to do it⦠93How it works⦠97There's more⦠98See also 99Creating Oracle Virtual Private Database row-level policies 99Getting ready 99How to do it⦠100There's more⦠102See also 102Creating column-level policies 103Getting ready 103How to do it⦠103How it works⦠106Creating a driving context 106Getting ready 106How to do it⦠107Creating policy groups 107Getting ready 107How to do it⦠108Setting context as a driving context 108Getting ready 108How to do it⦠109Adding policy to a group 109Getting ready 109How to do it⦠110Exempting users from VPD policies 114Getting ready 114How to do it⦠115Chapter 5: Data Redaction 116Introduction 116Creating a redaction policy when using full redaction 119Getting ready 119How to do it⦠119How it works⦠122There's more⦠124How to change the default value 125See also 127Creating a redaction policy when using partial redaction 128How to do it⦠128How it works⦠131There's more⦠133Creating a redaction policy when using random redaction 133Getting ready 133How to do it⦠134How it works⦠136Creating a redaction policy when using regular expression redaction 137Getting ready 137How to do it⦠137How it works⦠140Using Oracle Enterprise Manager Cloud Control 12c to manageredaction policies 140Getting ready 140How to do it⦠140Changing the function parameters for a specified column 150Getting ready 151How to do it⦠151Add a column to the redaction policy 152Getting ready 152How to do it⦠153How it works⦠154See also 154Enabling, disabling, and dropping redaction policy 154Getting ready 154How to do it⦠155See also 160Exempting users from data redaction policies 161Getting ready 161How to do it⦠161How it works⦠162Chapter 6: Transparent Sensitive Data Protection 163Introduction 163Creating a sensitive type 164Getting ready 165How to do it⦠165How it works⦠165There's more⦠166Determining sensitive columns 166Getting ready 166How to do it⦠167How it works⦠168Creating transparent sensitive data protection policy 168Getting ready 169How to do it⦠169How it works⦠169See also 169Associating transparent sensitive data protection policy with sensitivetype 170Getting ready 170How to do it⦠170There's more⦠171See also 171Enabling, disabling, and dropping policy 171Getting ready 171How to do it⦠171How it works⦠176There's more⦠176Altering transparent sensitive data protection policy 177Getting ready 177How to do it⦠177How it works⦠179See also 180Chapter 7: Privilege Analysis 181Introduction 181Creating database analysis policy 183Getting ready 183How to do it⦠183How it works⦠184There's more⦠184See also 186Creating role analysis policy 187Getting ready 187How to do it⦠187There's more⦠188See also 189Creating context analysis policy 189Getting ready 189How to do it⦠190There's more⦠190See also 193Creating combined analysis policy 193Getting ready 193How to do it⦠194There's more⦠194See also 196Starting and stopping privilege analysis 196Getting ready 196How to do it⦠197How it works⦠199There's more⦠200Reporting on used system privileges 204Getting ready 205How to do it⦠205There's more⦠206Reporting on used object privileges 207Getting ready 207How to do it⦠207There's more⦠208Reporting on unused system privileges 209Getting ready 209How to do it⦠209There's more⦠210Reporting on unused object privileges 210Getting ready 210How to do it⦠210There's more⦠211How to revoke unused privileges 212How to do it⦠212There's more⦠215Dropping the analysis 216Getting ready 216How to do it⦠216There's more⦠217Chapter 8: Transparent Data Encryption 218Introduction 218Configuring keystore location in sqlnet.ora 221How to do it⦠222Creating and opening the keystore 222Getting ready 223How to do it⦠223How it works⦠224There's more⦠224Setting master encryption key in software keystore 225Getting ready 225How to do it⦠225There's more⦠226See also 226Column encryption â adding new encrypted column to table 227Getting ready 227How to do it⦠227Column encryption â creating new table that has encrypted column(s) 228Getting ready 228How to do it⦠228Using salt and MAC 230Getting ready 230How to do it⦠230How it works⦠231There's more⦠231Column encryption â encrypting existing column 233Getting ready 233How to do it⦠233There's more⦠234Auto-login keystore 235Getting ready 235How to do it⦠235How it works⦠236Encrypting tablespace 236Getting ready 236How to do it⦠236How it works⦠237There's more⦠238Rekeying 238Getting ready 238How to do it⦠238How it works⦠239Backup and Recovery 240How to do it⦠240There's more⦠241Chapter 9: Database Vault 242Introduction 242Registering Database Vault 243Getting ready 243How to do it⦠244How it works⦠245There's more⦠245See also 246Preventing users from exercising system privileges on schemaobjects 246Getting ready 246How to do it⦠247There's more⦠254See also 256Securing roles 256Getting ready 256How to do it⦠256There's more⦠260See also 261Preventing users from executing specific command on specific object 262How to do it⦠262How it works⦠263Creating a rule set 264Getting ready 264How to do it⦠264There's more⦠267Creating a secure application role 268How to do it⦠268There's more⦠270See also 272Using Database Vault to implement that administrators cannot viewdata 272How to do it⦠272There's more⦠275Running Oracle Database Vault reports 277How to do it⦠278Disabling Database Vault 280How to do it⦠280Re-enabling Database Vault 281How to do it⦠282Chapter 10: Unified Auditing 284Introduction 284Enabling Unified Auditing mode 286Getting ready 286How to do it⦠286How it works⦠287Predefined unified audit policies 288There's more⦠289See also 289Configuring whether loss of audit data is acceptable 289Getting ready 290How to do it⦠290How it works⦠291Which roles do you need to have to be able to create audit policiesand to view audit data? 291Getting ready 291How to do it⦠291How it works⦠292There's more⦠293Auditing RMAN operations 295Getting ready 295How to do it⦠295How it works⦠297See also 297Auditing Data Pump operations 298Getting ready 298How to do it⦠298See also 299Auditing Database Vault operations 299Getting ready 299How to do it⦠299How it works⦠300There's more⦠300See also 300Creating audit policies to audit privileges, actions and roles underspecified conditions 301Getting ready 301How to do it⦠301How it works⦠302See also 303Enabling audit policy 303Getting ready 303How to do it⦠304How it works⦠304Finding information about audit policies and audited data 305Getting ready 305How to do it⦠305Auditing application contexts 307Getting ready 307How to do it⦠307How it works⦠308There's more⦠308See also 309Purging audit trail 309Getting ready 309How to do it⦠309How it works⦠310There's more⦠310Disabling and dropping audit policies 310Getting ready 310How to do it⦠310How it works⦠311See also 311Chapter 11: Additional Topics 312Introduction 312Exporting data using Oracle Data Pump in Oracle Database Vaultenvironment 312Getting ready 313How to do it⦠314How it works⦠316There's more⦠317See also 317Creating factors in Oracle Database Vault 317Getting ready 318How to do it⦠319How it works⦠332There's more⦠333See also 334Using TDE in a multitenant environment 334Getting ready 335How to do it⦠335How it works⦠342See also 342Chapter 12: Appendix â Application Contexts 343Introduction 343Exploring and using built-in contexts 344Getting ready 344How to do it⦠345How it works⦠346There's more⦠347See also 347Creating an application context 348Getting ready 348How to do it⦠348How it works⦠349Setting application context attributes 349Getting ready 349How to do it⦠349How it works⦠351There's more⦠351See also 351Using an application context 351Getting ready 352How to do it⦠352How it works⦠353See also 353Index 354