In this chapter we will cover:
Oracle Database Vault can be described as a security framework developed primarily for the purpose of implementing fine-grained access control to objects. Oracle Database Vault functionality provides additional capabilities to restrict access to sensitive data and can apply controls that are not currently available with the traditional privilege model.
By using Oracle Database Vault, practically every database object can be isolated from unauthorized access by the users with any
type privileges, including super-privileged users such as DBAs or power users such as SYS
and SYSTEM
. Oracle Database Vault also has the ability to filter DML and DDL statements against the database, by using virtually unlimited combinations of parameters, such as the IP address, time, connection protocol, and authentication type with realms, factors, command sets, command rules, and secure application roles.
The next series of recipes will cover the main components that make up Oracle Database Vault, such as realms, rulesets, factors, and command rules. We will also discuss the existing reporting interface provided by Oracle Database Vault.
Some examples of potential threats include the following:
SELECT ANY
, DELETE ANY
, UPDATE ANY
, ALTER ANY
, or DROP ANY
privileges can also be considered a threat for sensitive data3.145.45.5