1/31

Contents

List of Examples

List of Figures

List of Tables

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Conventions

What's New in Oracle Database Vault?

• New Oracle Database Vault Features in Oracle Database 11g Release 2 (11.2.0.4)
• New Oracle Database Vault Features in Oracle Database 11g Release 2 (11.2.0.3)
• Changed Oracle Database Vault Features in Oracle Database 11g Release 2 (11.2.0.2)
• New Oracle Database Vault Features in Oracle Database 11g Release 2 (11.2.0.2)
• New Oracle Database Vault Features in Oracle Database 11g Release 2 (11.2.0.1)

1 Introducing Oracle Database Vault

• What Is Oracle Database Vault?
• Components of Oracle Database Vault
  • Oracle Database Vault Access Control Components
  • Oracle Database Vault Administrator
  • Oracle Database Vault DVSYS and DVF Schemas
  • Oracle Database Vault PL/SQL Interfaces and Packages
  • Oracle Database Vault and Oracle Label Security PL/SQL APIs
  • Oracle Database Vault Reporting and Monitoring Tools
• How Oracle Database Vault Addresses Compliance Regulations
• How Oracle Database Vault Addresses Insider Threats
• How Oracle Database Vault Allows for Flexible Security Policies
• How Oracle Database Vault Addresses Database Consolidation Concerns

2 What to Expect After You Install Oracle Database Vault

• Initialization and Password Parameter Settings That Change
• How Oracle Database Vault Restricts User Authorizations
• New Database Roles to Enforce Separation of Duties
• Privileges That Are Revoked from Existing Users and Roles
• Privileges That Are Prevented for Existing Users and Roles
• How Oracle Database Vault Affects Oracle Database Auditing
  • AUD$ Table Moved from SYS to the SYSTEM Schema
  • Modified AUDIT Statement Settings

3 Getting Started with Oracle Database Vault

• Registering (Enabling) Oracle Database Vault
• Starting Oracle Database Vault
  • Accessing the Oracle Database Vault Pages and DVA from Oracle Enterprise Manager
    • Accessing Oracle Database Vault Pages from Database Control
    • Accessing Oracle Database Vault Pages from Grid Control
    • Accessing Database Vault Administrator from Database Control
  • Starting Oracle Database Vault Administrator
• Quick Start Tutorial: Securing a Schema from DBA Access
  • About This Tutorial
  • Step 1: Adding the SYSTEM User to the Data Dictionary Realm
  • Step 2: Log On as SYSTEM to Access the HR Schema
  • Step 3: Create a Realm
  • Step 4: Secure the EMPLOYEES Table in the HR Schema
  • Step 5: Create an Authorization for the Realm
  • Step 6: Test the Realm
  • Step 7: Run a Report
  • Step 8: Remove the Components for This Tutorial

4 Configuring Realms

• What Are Realms?
• Default Realms
• Creating a Realm
• Editing a Realm
• Creating Realm-Secured Objects
• Defining Realm Authorization
• Disabling and Enabling a Realm
• Deleting a Realm
• How Realms Work
• How Authorizations Work in a Realm
• Enabling Access to Objects That Are Protected by a Realm
• Example of How Realms Work
• How Realms Affect Other Oracle Database Vault Components
• Guidelines for Designing Realms
• How Realms Affect Performance
• Related Reports and Data Dictionary Views

5 Configuring Rule Sets

• What Are Rule Sets?
• Default Rule Sets
• Creating a Rule Set
• Configuring or Editing a Rule Set
• Creating a Rule to Add to a Rule Set
  • Creating a New Rule
  • Adding Existing Rules to a Rule Set
• Deleting a Rule Set
• How Rule Sets Work
  • How Oracle Database Vault Evaluates Rules
  • Nesting Rules Within a Rule Set
  • Creating Rules to Apply to Everyone Except One User
• Tutorial: Creating an Email Alert for Security Violations
  • About This Tutorial
  • Step 1: Install and Configure the UTL_MAIL PL/SQL Package
  • Step 2: Create an Email Security Alert PL/SQL Procedure
  • Step 3: Configure an Access Control List File for Network Services
  • Step 4: Create a Rule Set and a Command Rule to Use the Email Security Alert
  • Step 5: Test the Email Security Alert
  • Step 6: Remove the Components for This Tutorial
• Tutorial: Configuring Two-Person Integrity, or Dual Key Security
  • About This Tutorial
  • Step 1: Create Users for This Tutorial
  • Step 2: Create a Function to Check if User patch_boss Is Logged In
  • Step 3: Create Rules, a Rule Set, and a Command Rule to Control the Users' Access
  • Step 4: Test the Users' Access
  • Step 5: Remove the Components for This Tutorial
• Guidelines for Designing Rule Sets
• How Rule Sets Affect Performance
• Related Reports and Data Dictionary Views

6 Configuring Command Rules

• What Are Command Rules?
• Default Command Rules
• SQL Statements That Can Be Protected by Command Rules
• Creating and Editing a Command Rule
• Deleting a Command Rule
• How Command Rules Work
• Tutorial: Using a Command Rule to Control Table Creations by a User
  • About This Tutorial
  • Step 1: Connect as User SCOTT and Create a Table
  • Step 2: Connect Using the DVOWNER or DV_ADMIN Role and Create a Command Rule
  • Step 3: Test the Command Rule
  • Step 4: Remove the Components for this Tutorial
• Guidelines for Designing Command Rules
• How Command Rules Affect Performance
• Related Reports and Data Dictionary View

7 Configuring Factors

• What Are Factors?
• Default Factors
• Creating a Factor
• Editing a Factor
• Adding an Identity to a Factor
  • About Factor Identities
  • Creating and Configuring a Factor Identity
  • Using Identity Mapping to Configure an Identity to Use Other Factors
• Deleting a Factor
• How Factors Work
  • How Factors Are Processed When a Session Is Established
  • How Factors Are Retrieved
  • How Factors Are Set
• Tutorial: Preventing Ad Hoc Tool Access to the Database
  • About This Tutorial
  • Step 1: Enable the SCOTT User Account
  • Step 2: Create the Module Factor
  • Step 3: Create the Limit SQL*Plus Access Rule and Rule Set
  • Step 4: Create the CONNECT Command Rule
  • Step 5: Test the Ad Hoc Tool Access Restriction
  • Step 6: Remove the Components for This Tutorial
• Tutorial: Restricting User Activities Based on Session Data
  • About This Tutorial
  • Step 1: Create an Administrative User
  • Step 2: Add Identities to the Domain Factor
  • Step 3: Map the Domain Factor Identities to the Client_IP Factor
  • Step 4: Create a Rule Set to Set the Hours and Select the Factor Identity
  • Step 5: Create a Command Rule That Uses the Rule Set
  • Step 6: Test the Factor Identity Settings
  • Step 7: Remove the Components for This Tutorial
• Guidelines for Designing Factors
• How Factors Affect Performance
• Related Reports and Data Dictionary Views

8 Configuring Secure Application Roles for Oracle Database Vault

• What Are Secure Application Roles in Oracle Database Vault?
• Creating and Editing Secure Application Roles
• Securing a Secure Application Role
• Deleting a Secure Application Role
• How Secure Application Roles Work
• Tutorial: Granting Access with Database Vault Secure Application Roles
  • About This Tutorial
  • Step 1: Create Users for This Tutorial
  • Step 2: Enable the OE User Account
  • Step 3: Create the Rule Set and Its Rules
  • Step 4: Create the Database Vault Secure Application Role
  • Step 5: Grant the SELECT Privilege to the Secure Application Role
  • Step 6: Test the Database Vault Secure Application Role
  • Step 7: Remove the Components for This Tutorial
• How Secure Application Roles Affect Performance
• Related Reports and Data Dictionary View

9 Integrating Oracle Database Vault with Other Oracle Products

• Integrating Oracle Database Vault with Enterprise User Security
• Integrating Oracle Database Vault with Transparent Data Encryption
• Attaching Factors to an Oracle Virtual Private Database
• Integrating Oracle Database Vault with Oracle Label Security
  • How Oracle Database Vault Is Integrated with Oracle Label Security
  • Requirements for Using Oracle Database Vault with Oracle Label Security
  • Using Oracle Database Vault Factors with Oracle Label Security Policies
  • Tutorial: Integrating Oracle Database Vault with Oracle Label Security
    • About This Tutorial
    • Step 1: Create Users for This Tutorial
    • Step 2: Create the Oracle Label Security Policy
    • Step 3: Create Oracle Database Vault Rules to Control the OLS Authorization
    • Step 4: Update the ALTER SYSTEM Command Rule to Use the Rule Set
    • Step 5: Test the Authorizations
    • Step 6: Remove the Components for This Tutorial
  • Related Reports and Data Dictionary Views

10 DBA Operations in an Oracle Database Vault Environment

• Using Oracle Database Vault with Oracle Enterprise Manager
  • Setting the Database Vault Administrator URL in Oracle Enterprise Manager
  • Propagating Oracle Database Vault Policies to Other Databases
  • Using Enterprise Manager Grid Control Alerts for Oracle Database Vault Policies
  • Using Oracle Database Vault-Specific Reports in Enterprise Manager Grid Control
  • Changing the DBSNMP Account Password in an Oracle Database Vault Environment
• Using Oracle Data Pump in an Oracle Database Vault Environment
  • About Using Oracle Data Pump in an Oracle Database Vault Environment
  • Granting a Database Administrator Authorization to Use Oracle Data Pump
  • Guidelines for Exporting or Importing Data in an Oracle Database Vault Environment
  • Revoking Authorization from Databases Administrators Who Are Using Data Pump
• Scheduling Database Jobs in an Oracle Database Vault Environment
  • About Scheduling Database Jobs in an Oracle Database Vault Environment
  • Granting a Job Scheduling Administrator Authorization for Oracle Database Vault
  • Revoking Authorization from Job Scheduling Administrators
• Using Oracle Database Vault with Oracle Recovery Manager
• Using Oracle Streams in an Oracle Database Vault Environment
• Using XStream in an Oracle Database Vault Environment
• Using Oracle GoldenGate in an Oracle Database Vault Environment
• Using Data Masking in an Oracle Database Vault Environment
  • About Data Masking in an Oracle Database Vault Enabled Database
  • Adding Data Masking Users to the Data Dictionary Realm Authorizations
  • Giving Users Access to Tables or Schemas That They Want to Mask
  • Creating a Command Rule to Enable Data Masking Privileges

11 Oracle Database Vault Objects

• Oracle Database Vault Schemas
  • DVSYS Schema
  • DVF Schema
• Oracle Database Vault Roles
  • About Oracle Database Vault Roles
  • DV_OWNER Database Vault Owner Role
  • DV_ADMIN Database Vault Configuration Administrator Role
  • DV_MONITOR Database Vault Monitoring Role
  • DV_SECANALYST Database Vault Security Analyst Role
  • DV_AUDIT_CLEANUP Audit Trail Cleanup Role
  • DV_STREAMS_ADMIN Oracle Streams Configuration Role
  • DV_XSTREAM_ADMIN XStream Administrative Role
  • DV_GOLDENGATE_ADMIN Oracle GoldenGate Administrative Role
  • DV_GOLDENGATE_REDO_ACCESS Oracle GoldenGate Redo Log Access Role
  • DV_PATCH_ADMIN Database Vault Database Patch Role
  • DV_ACCTMGR Database Vault Account Manager Role
  • DV_REALM_OWNER Database Vault Realm DBA Role
  • DV_REALM_RESOURCE Database Vault Application Resource Owner Role
  • DV_PUBLIC Database Vault PUBLIC Role
• Oracle Database Vault Accounts

12 Using the DBMS_MACADM Package

• About the DBMS_MACADM Package
• Realm Procedures Within DBMS_MACADM
  • ADD_AUTH_TO_REALM Procedure
  • ADD_OBJECT_TO_REALM Procedure
  • CREATE_REALM Procedure
  • DELETE_AUTH_FROM_REALM Procedure
  • DELETE_OBJECT_FROM_REALM Procedure
  • DELETE_REALM Procedure
  • DELETE_REALM_CASCADE Procedure
  • RENAME_REALM Procedure
  • UPDATE_REALM Procedure
  • UPDATE_REALM_AUTH Procedure
• Rule Set Procedures Within DBMS_MACADM
  • ADD_RULE_TO_RULE_SET Procedure
  • CREATE_RULE Procedure
  • CREATE_RULE_SET Procedure
  • DELETE_RULE Procedure
  • DELETE_RULE_FROM_RULE_SET Procedure
  • DELETE_RULE_SET Procedure
  • RENAME_RULE Procedure
  • RENAME_RULE_SET Procedure
  • SYNC_RULES Procedure
  • UPDATE_RULE Procedure
  • UPDATE_RULE_SET Procedure
• Command Rule Procedures Within DBMS_MACADM
  • CREATE_COMMAND_RULE Procedure
  • DELETE_COMMAND_RULE Procedure
  • UPDATE_COMMAND_RULE Procedure
• Factor Procedures and Functions Within DBMS_MACADM
  • ADD_FACTOR_LINK Procedure
  • ADD_POLICY_FACTOR Procedure
  • CHANGE_IDENTITY_FACTOR Procedure
  • CHANGE_IDENTITY_VALUE Procedure
  • CREATE_DOMAIN_IDENTITY Procedure
  • CREATE_FACTOR Procedure
  • CREATE_FACTOR_TYPE Procedure
  • CREATE_IDENTITY Procedure
  • CREATE_IDENTITY_MAP Procedure
  • DELETE_FACTOR Procedure
  • DELETE_FACTOR_LINK Procedure
  • DELETE_FACTOR_TYPE Procedure
  • DELETE_IDENTITY Procedure
  • DELETE_IDENTITY_MAP Procedure
  • DROP_DOMAIN_IDENTITY Procedure
  • GET_INSTANCE_INFO Function
  • GET_SESSION_INFO Function
  • RENAME_FACTOR Procedure
  • RENAME_FACTOR_TYPE Procedure
  • UPDATE_FACTOR Procedure
  • UPDATE_FACTOR_TYPE Procedure
  • UPDATE_IDENTITY Procedure
• Secure Application Role Procedures Within DBMS_MACADM
  • CREATE_ROLE Procedure
  • DELETE_ROLE Procedure
  • RENAME_ROLE Procedure
  • UPDATE_ROLE Procedure
• Oracle Label Security Policy Procedures Within DBMS_MACADM
  • CREATE_MAC_POLICY Procedure
  • CREATE_POLICY_LABEL Procedure
  • DELETE_MAC_POLICY_CASCADE Procedure
  • DELETE_POLICY_FACTOR Procedure
  • DELETE_POLICY_LABEL Procedure
  • UPDATE_MAC_POLICY Procedure
• General System Maintenance Procedures Within DBMS_MACADM
  • ADD_NLS_DATA Procedure
  • AUTHORIZE_DATAPUMP_USER Procedure
  • AUTHORIZE_SCHEDULER_USER Procedure
  • UNAUTHORIZE_DATAPUMP_USER Procedure
  • UNAUTHORIZE_SCHEDULER_USER Procedure

13 Using the DBMS_MACSEC_ROLES Package

• About the DBMS_MACSEC_ROLES Package
• CAN_SET_ROLE Function
• SET_ROLE Procedure

14 Using the DBMS_MACUTL Package

• About the DBMS_MACUTL Package
• DBMS_MACUTL Constants
  • DBMS_MACUTL Listing of Constants
  • Examples of Using the DBMS_MACUTL Constants
• Procedures and Functions Within the DBMS_MACUTL Package
  • CHECK_DVSYS_DML_ALLOWED Procedure
  • GET_CODE_VALUE Function
  • GET_SECOND Function
  • GET_MINUTE Function
  • GET_HOUR Function
  • GET_DAY Function
  • GET_MONTH Function
  • GET_YEAR Function
  • IS_ALPHA Function
  • IS_DIGIT Function
  • IS_DVSYS_OWNER Function
  • IS_OLS_INSTALLED Function
  • IS_OLS_INSTALLED_VARCHAR Function
  • USER_HAS_ROLE Function
  • USER_HAS_ROLE_VARCHAR Function
  • USER_HAS_SYSTEM_PRIVILEGE Function

15 Using the Oracle Database Vault PL/SQL Interfaces

• Oracle Database Vault Run-Time PL/SQL Procedures and Functions
  • SET_FACTOR Procedure
  • GET_FACTOR Function
  • GET_TRUST_LEVEL Function
  • GET_TRUST_LEVEL_FOR_IDENTITY Function
  • ROLE_IS_ENABLED Function
  • GET_FACTOR_LABEL Function
• Oracle Database Vault PL/SQL Factor Functions
  • F$AUTHENTICATION_METHOD Function
  • F$CLIENT_IP Function
  • F$DATABASE_DOMAIN Function
  • F$DATABASE_HOSTNAME Function
  • F$DATABASE_INSTANCE Function
  • F$DATABASE_IP Function
  • F$DATABASE_NAME Function
  • F$DOMAIN Function
  • F$ENTERPRISE_IDENTITY Function
  • F$IDENTIFICATION_TYPE Function
  • F$LANG Function
  • F$LANGUAGE Function
  • F$MACHINE Function
  • F$NETWORK_PROTOCOL Function
  • F$PROXY_ENTERPRISE_IDENTITY Function
  • F$SESSION_USER Function
• Oracle Database Vault PL/SQL Rule Functions
  • DV_SYSEVENT Function
  • DV_LOGIN_USER Function
  • DV_INSTANCE_NUM Function
  • DV_DATABASE_NAME Function
  • DV_DICT_OBJ_TYPE Function
  • DV_DICT_OBJ_OWNER Function
  • DV_DICT_OBJ_NAME Function
  • DV_SQL_TEXT Function
• Oracle Database Vault PL/SQL Packages

16 Oracle Database Vault Data Dictionary Views

• About the Oracle Database Vault Data Dictionary Views
• DVSYS.DBA_DV_CODE View
• DVSYS.DBA_DV_COMMAND_RULE View
• DVSYS.DBA_DV_DATAPUMP_AUTH View
• DVSYS.DBA_DV_FACTOR View
• DVSYS.DBA_DV_FACTOR_LINK View
• DVSYS.DBA_DV_FACTOR_TYPE View
• DVSYS.DBA_DV_IDENTITY View
• DVSYS.DBA_DV_IDENTITY_MAP View
• DVSYS.DBA_DV_MAC_POLICY View
• DVSYS.DBA_DV_MAC_POLICY_FACTOR View
• DVSYS.DBA_DV_POLICY_LABEL View
• DVSYS.DBA_DV_PUB_PRIVS View
• DVSYS.DBA_DV_REALM View
• DVSYS.DBA_DV_REALM_AUTH View
• DVSYS.DBA_DV_REALM_OBJECT View
• DVSYS.DBA_DV_ROLE View
• DVSYS.DBA_DV_RULE View
• DVSYS.DBA_DV_RULE_SET View
• DVSYS.DBA_DV_RULE_SET_RULE View
• DVSYS.DBA_DV_USER_PRIVS View
• DVSYS.DBA_DV_USER_PRIVS_ALL View

17 Monitoring Oracle Database Vault

• Security Violation Attempts
• Database Configuration and Structural Changes
• Security Policy Changes by Category
  • About Monitoring Security Policy Changes by Category
  • Procedure for Monitoring Security Policy Changes by Category
• Security Policy Changes Detail

18 Oracle Database Vault Reports

• Categories of Oracle Database Vault Reports
• Who Can Run the Oracle Database Vault Reports?
• How to Run Oracle Database Vault Reports
• Generating Oracle Database Vault Reports
  • Oracle Database Vault Configuration Issues Reports
    • Command Rule Configuration Issues Report
    • Factor Configuration Issues Report
    • Factor Without Identities Report
    • Identity Configuration Issues Report
    • Realm Authorization Configuration Issues Report
    • Rule Set Configuration Issues Report
    • Secure Application Configuration Issues Report
  • Oracle Database Vault Auditing Reports
    • Realm Audit Report
    • Command Rule Audit Report
    • Factor Audit Report
    • Label Security Integration Audit Report
    • Core Database Vault Audit Trail Report
    • Secure Application Role Audit Report
• Generating General Security Reports
  • Object Privilege Reports
    • Object Access By PUBLIC Report
    • Object Access Not By PUBLIC Report
    • Direct Object Privileges Report
    • Object Dependencies Report
  • Database Account System Privileges Reports
    • Direct System Privileges By Database Account Report
    • Direct and Indirect System Privileges By Database Account Report
    • Hierarchical System Privileges by Database Account Report
    • ANY System Privileges for Database Accounts Report
    • System Privileges By Privilege Report
  • Sensitive Objects Reports
    • Execute Privileges to Strong SYS Packages Report
    • Access to Sensitive Objects Report
    • Public Execute Privilege To SYS PL/SQL Procedures Report
    • Accounts with SYSDBA/SYSOPER Privilege Report
  • Privilege Management - Summary Reports
    • Privileges Distribution By Grantee Report
    • Privileges Distribution By Grantee, Owner Report
    • Privileges Distribution By Grantee, Owner, Privilege Report
  • Powerful Database Accounts and Roles Reports
    • WITH ADMIN Privilege Grants Report
    • Accounts With DBA Roles Report
    • Security Policy Exemption Report
    • BECOME USER Report
    • ALTER SYSTEM or ALTER SESSION Report
    • Password History Access Report
    • WITH GRANT Privileges Report
    • Roles/Accounts That Have a Given Role Report
    • Database Accounts With Catalog Roles Report
    • AUDIT Privileges Report
    • OS Security Vulnerability Privileges Report
  • Initialization Parameters and Profiles Reports
    • Security Related Database Parameters Report
    • Resource Profiles Report
    • System Resource Limits Report
  • Database Account Password Reports
    • Database Account Default Password Report
    • Database Account Status Report
  • Security Audit Report: Core Database Audit Report
  • Other Security Vulnerability Reports
    • Java Policy Grants Report
    • OS Directory Objects Report
    • Objects Dependent on Dynamic SQL Report
    • Unwrapped PL/SQL Package Bodies Report
    • Username/Password Tables Report
    • Tablespace Quotas Report
    • Non-Owner Object Trigger Report

A Auditing Oracle Database Vault

• Oracle Database Vault Specific Audit Events
  • Oracle Database Vault Audit Events
  • Format of the Oracle Database Vault Audit Trail
• Archiving and Purging the Oracle Database Vault Audit Trail
• Oracle Database Audit Settings Created for Oracle Database Vault

B Disabling and Enabling Oracle Database Vault

• When You Must Disable Oracle Database Vault
• Checking if Oracle Database Vault Is Enabled or Disabled
• Step 1: Disable Oracle Database Vault
• Step 2: Perform the Required Tasks
• Step 3: Enable Oracle Database Vault

C Postinstallation Oracle Database Vault Procedures

• Checking the Locale and NLS Settings
• Manually Deploying Oracle Database Vault Administrator
  • Deploying Database Vault Administrator to a Standalone OC4J Container
  • Deploying Database Vault Administrator to the Database Console OC4J Container
• Setting the Time-Out Value for Oracle Database Vault Administrator
• Enabling Oracle Database Vault Administrator Accessibility
  • Enabling Oracle Database Vault Administrator Accessibility Mode
  • Providing Textual Descriptions of Database Vault Administrator Charts
• Configuring Oracle Database Vault on Oracle RAC Nodes
• Adding Languages to Oracle Database Vault
• Deinstalling Oracle Database Vault
• Reinstalling Oracle Database Vault

D Oracle Database Vault Security Guidelines

• Separation of Duty Guidelines
  • How Oracle Database Vault Handles Separation of Duty
  • Defining Separate Tasks in an Oracle Database Vault Environment
  • Creating a Separation of Duty Matrix
  • Identifying and Documenting the Tasks of Users Who Access the Database System
• Managing Oracle Database Administrative Accounts
  • Using the SYSTEM User Account for General Administrative Uses
  • Using the SYSTEM Schema for Application Tables
  • Limiting the SYSDBA Administrative Privilege
  • Managing Root and Operating System Access
• Accounts and Roles Trusted by Oracle Database Vault
• Accounts and Roles That Should be Limited to Trusted Individuals
  • Managing Users with Root Access to the Operating System
  • Managing the Oracle Software Owner
  • Managing SYSDBA Access
  • Managing SYSOPER Access
• Guidelines for Using Oracle Database Vault in a Production Environment
• Secure Configuration Guidelines
  • Security Considerations for the UTL_FILE and DBMS_FILE_TRANSFER Packages
  • Security Considerations for the Recycle Bin
  • Security Considerations for the CREATE ANY JOB Privilege
  • Security Considerations for the CREATE EXTERNAL JOB Privilege
  • Security Considerations for the LogMiner Packages
  • Security Considerations for the ALTER SYSTEM and ALTER SESSION Privileges

E Troubleshooting Oracle Database Vault

• Using Trace Files to Diagnose Events in the Database
  • About Using Trace Files to Diagnose Oracle Database Vault Events
  • Types of Oracle Database Vault Trace Events That You Can and Cannot Track
  • Levels of Oracle Database Vault Trace Events
  • Performance Effect of Enabling Oracle Database Vault Trace Files
  • Enabling Oracle Database Vault Trace Events
    • Enabling Trace Events for the Current Database Session
    • Enabling Trace Events for All Database Sessions
  • Finding Oracle Database Vault Trace File Data
    • Finding the Database Vault Trace File Directory Location
    • Using the Linux grep Command to Search Trace Files for Strings
    • Using the ADR Command Interpreter (ADRCI) Utility to QueryTrace Files
  • Examples Oracle Database Vault Trace Files
  • Disabling Oracle Database Vault Trace Events
    • Disabling Trace Events for the Current Database Session
    • Disabling Trace Events for All Database Sessions
• General Diagnostic Tips
• Configuration Problems with Oracle Database Vault Components

Index