All About Security

  • Uploaded by: SHAHID FAROOQ
  • 0
  • 0
  • May 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View All About Security as PDF for free.

More details

  • Words: 8,115
  • Pages: 20
All About Security: User, Privilege, Role, SYSDBA, O/S Authentication, Audit, Encryption, OLS, Database Vault, Audit Vault Doc ID: 207959.1

In this Document Purpose All About Security: User, Privilege, Role, SYSDBA, O/S Authentication, Audit, Encryption, OLS, Database Vault, Audit Vault 1) Alerts 2) System Privileges 3) Object Privileges 4) Users and Roles 5) User and Tablespace Quotas 6) Profiles and Resource Limits 7) Password Management 8) Connect Internal and Password Files 9) O/S Authentication 10) Auditing 11) Event Triggers 12) Fine Grained Access Control 13) Oracle Label Security 14) Database Vault 15) Audit Vault 16) Data Encryption 17) Security Server

Applies to: Oracle Server - Enterprise Edition - Version: 8.1.7.0 to 11.1.0.7 Information in this document applies to any platform.

Purpose This index consists of a list of - Bulletins explaining the method used to perform specific tasks and related Documentation (Oracle uides) - Problem / Solutions - Parameters & Events , Bugs - Supplied Scripts

All About Security: User, Privilege, Role, SYSDBA, O/S Authentication, Audit, Encryption, OLS, Database Vault, Audit Vault

1) Alerts These articles provide a solution to correct or avoid an issue, and highlight a specific condition, situation or event that requires awareness by an Oracle customer or partner. Note 50508.1 ALERT: "CONNECT INTERNAL" Syntax to be DeSupported Note 76397.1 ALERT: Resource Limit CPU_PER_SESSION not working correctly in certain versions

Note 148384.1 ALERT: Oracle Server Patchset 8.1.7.1 and Oracle Label Security Note 163726.1 ALERT: Oracle Label Security Mandatory Security Patch Note 124742.1 ALERT: Vulnerability in the Oracle Listener Program Note 153289.1 ALERT: Oracle Redirect Denial of Service Vulnerability Note 163727.1 ALERT: Oracle File Overwrite Security Vulnerability Note 175429.1 ALERT: Oracle PL/SQL extproc in Oracle 9i, Oracle 8i and Oracle8 Database Note 185074.1 ALERT: User Privileges Vulnerability in Oracle9i Database Server Note 210317.1 ALERT: ALTER SESSION privilege can dump trace files with possibly sensitive data Note 281188.1 SECURITY ALERT #68 - Oracle Security Update Note 282108.1 FAQ for Oracle Security Alert 68

2) System Privileges

These articles and documentation explain what system privileges are useful for, how they should be used and handled, and how they are related to some init.ora parameters in various Oracle versions. 2.1 How to and Documentation ---------------------------Note 131752.1 Security Check List: Steps to Make Your Database Secure From Attacks Note 109891.1 A User connected AS SYSOPER can only Perform STARTUP and SHUTDOWN Note 180019.1 Which System Privileges are required for a User to Perform Backup Operator Tasks Note 153510.1 Use SELECT ANY DICTIONARY or SELECT_CATALOG_ROLE or O7_DICTIONARY_ACCESSIBILITY? Note 204699.1 How to revoke ALTER SESSION Privilege Note 247093.1 Be Cautious when Revoking Privileges Granted to PUBLIC Note 266536.1 What are the SELECT ANY TRANSACTION / FLASHBACK ANY TABLE Privileges ? Note 312066.1 Which Dictionary View Store The Privileges Of Object Directory Note 365418.1 Prevent Truncate of a Table in Your Own Schema Note 1025296.6 HOW TO CREATE A USER THROUGH A STORED PL/SQL PROCEDURE? Oracle 8, 8i, 9i,10g and 11g Security Guide- Chapter - Privileges, Roles, and Security Policies Oracle 8, 8i, 9i,10g and 11g Administrator's Guide - Chapters - The Oracle Database Administrator - Managing Tables - External Tables - Establishing Security Policies - Managing User Privileges and Roles - Using the Database Resource Manager - Managing a Distributed Database Oracle 8, 8i, 9i,10g and 11g Performance Tuning Guide and Reference Chapter - Understanding Indexes and Clusters Using Function-based Indexes Oracle 8, 8i, 9i,10g and 11g Reference Oracle 8, 8i, 9i,10g and 11g SQL Reference 2.2 Problems / solutions -----------------------Note 205297.1 ORA-1031 on TRUNCATE TABLE even if granted DELETE ANY TABLE Note 232513.1 ORA-01031 During CREATE DATABASE Statement Note 100714.1 ORA-01031 When Creating Unique Index Using a Function Note 265130.1 ORA-01031: ALTER TABLE AnotherSchema.Table MODIFY column Note 342489.1 ORA-01031 SELECT ANY DICTIONARY System Privilege Granted Through Role Does Not Allow View Creation

Note 1005208.6 Cannot Create or Replace a Stored Object in Another Schema Note 1049536.6 ORA-28009 upon sqlplus connect sys/<password> Note 1074762.6 Revoking "CREATE DATABASE LINK" Privilege from User Note 112211.1 Privileges Required to Run SQL_TRACE Note 222860.1 ORA-00942 When Commit DML Transaction on a Base Table Belonging to a MV Note 240769.1 Grant CREATE SECURITY PROFILE Fails with IMP-00017, ORA-00990 during FULL Import Note 259816.1 ORA-990 Trying To Revoke RULE, QUEUE Or EVALUATION System Privileges Note 304139.1 You Have Insufficient Privileges To Run The Advisor Note 309809.1 ORA-1031 : CREATE DATABASE LINK Fails after ALTER SESSION SET CURRENT_SCHEMA Note 333089.1 Which Privileges Needed To Populate A Global Temporary Table ? 2.3 Parameters, Events and Errors --------------------------------Note 206795.1 What is 07_DICTIONARY_ACCESSIBILITY and how Should it be set? Note 47316.1 PARAMETER: O7_DICTIONARY_ACCESSIBILITY Note 68625.1 PARAMETER: QUERY_REWRITE_INTEGRITY Note 68624.1 PARAMETER:QUERY_REWRITE_ENABLED Note 50010.1 OERR: ORA-28009 connection to sys should be as sysdba or sysoper 2.4 Bugs -------Bug 1875604 ABLE TO SELECT FROM SYS.OBJ$, BUT DESCRIBE THROWS ORA-4043 Bug 3123973 ORA-1031 WHEN CREATE VIEW IN SESSION SET AS ANOTHER CURRENT_SCHEMA 2.5 Scripts ----------Note 18074.1 Script To Capture System Privilege Grants Note 1020286.6 Script to Create View to Show All User Privs Note 241997.1 Script to Create a Procedure to Show All User Privs and Roles

3) Object Privileges

3.1 How to and Documentation ---------------------------Note 107843.1 Grant Object Privileges on Another Schema Object to Other Users as SYSTEM or SYS Note 162489.1 Invokers rights procedure executed by definers rights procedures Note 130425.1 How to Know if a Stored Procedure is Defined as AUTHID CURRENT_USER ? Note 104355.1 How to GRANT privileges on another user's objects as DBA without GRANT option Note 156303.1 How to exclude a user from PUBLIC scope Note 174753.1 Grant Any Object Privilege On Any Object using the Same Connection Note 197611.1 How to avoid a user from dropping his own objects Note 333089.1 Which Privileges Needed To Populate A Global Temporary Table ? Note 271288.1 Granting a SELECT privilege on a view not owned by you results in revoking the SELECT privilege. Note 414423.1 Which Privilege to Grant To DESCRIBE Table Schema Definition? Oracle 8, 8i, 9i,10g and 11g SQL Reference Manual Oracle 8, 8i, 9i,10g and 11g Application Developer's Guide Oracle 8, 8i, 9i,10g and 11g Database Administrator's Guide Oracle 8, 8i, 9i,10g and 11g Concepts 3.2 Problems / solutions -----------------------Note 168168.1 Getting ORA-942 or ORA-1031 and PLS-201 in PL/SQL, works in SQL*Plus Note 170973.1 Unable to Revoke Rights from Object Owner Note 121384.1 ORA-1927 While Revoking Object Privileges as the Object Owner

Note 1004923.6 ORA-01031, ORA-02063 on insert via database link Note 1005146.6 ORA-942 Even Though User Has Been Granted Privileges on Object Note 1039161.6 Cannot grant execute privilege on dbms_pipe Note 1062335.6 ORA-942 when select from any v$view within stored PL/SQL procedure Note 94092.1 ORA-1031 Trying to Create PK/FK on Another User's Table Note 116540.1 Replacing an Existing View loses Granted Permissions on the View Note 161011.1 Grant Execute on SYS.SYS_GROUP Fails with ORA-4042 Note 120687.1 ORA-990 when trying to Grant Privileges to User Note 235325.1 ANALYZE 'SYS' Tables by Other Users is not Permitted in Oracle 9i Note 100076.1 ORA-942 or ORA-1031 Creating Views Based on Data Dictionary Objects Note 159051.1 Describe of Remote Table over Public Database Link and Private Synonym Fails with ORA-4043 Note 159674.1 Unable to select/update v$session in a Trigger Note 208234.1 ORA-1031 While Executing DBMS_SESSION Through Procedure Note 215331.1 How to Know if an User Has Grants to Execute a Function or a Procedure Note 228831.1 ORA-01720 When Granting Object Privileges on Own Table Using Object Types Note 159968.1 DBMS_SYSTEM.SET_SQL_TRACE_IN_SESSION Results in ORA-06550 and PLS-00201 Note 160870.1 Intermedia Text Index not Being Rebuilt using Dbms_job (and Drjobdml.sql) Note 238567.1 ORA-006564 When Creating View On External Table Note 390225.1 Execute Privileges Are Reset For Public After Applying Patchset Note 271587.1 ORA-1031 CANNOT CREATE A VIEW ON A TABLE GRANTED VIA A ROLE 3.3 Parameters, Events and Errors --------------------------------3.4 Bugs -------Bug 155762 GRANTS ASSIGNED TO ROLES ARE NOT BEING UTILIZED BY STORED PROCEDURES. Bug 668998 RECEIVE INCORRECT ERROR WHEN CREATING A VIEW WHEN GRANT SELECT BY A ROLE Bug 179841 REMOTE INSERT REQUIRES INSERT AND SELECT PRIVILEGES Bug 371507 GRANT ALL ON TABLE ALLOWS OTHER USER TO DROP PK, BUT NOT TO CREATE A NEW ONE Bug 522453 NEEDS OBJECT PRIVILEGE TO ADD PRIMARY KEY TO ANOTHER USERS TABLE Bug 371124 DROP PRIMARY KEY DOES NOT REQUIRE DROP ANY INDEX PRIVILEGE, BUT CREATE DOES Bug 372734 MUST HAVE CREATE ANY INDEX PRIVILEGE TO ALTER TABLE ADD CONSTRAINT TO TABLE Bug 702389 PRIVS GRANTED ON COLS THROUGH A VIEW DOES NOT STAY WITH THOSE COLS WHEN VIEW CHANGES Bug 1364403 ORA-942 WITH THE COMBINATION OF AUTHID AND EXECUTE IMMEDIATE Bug 1190886 ORA-4042 CAN'T GRANT EXECUTE ON SYS.SYS_GROUP TO OTHER USER BY SYS Bug 2948123 CREATE VIEW ON EXTERNAL TABLE ORA-6564 3.5 Scripts ----------Note 1020176.6 SCRIPT: Script to Generate object privilege GRANTS Note 1050267.6 SCRIPT: Script to show table privileges for users and roles Note 138232.1 SCRIPT: How to grant select on dictionary tables only

4) Users and Roles

4.1 How to and Documentation ---------------------------Note 13615.1 Roles and Privileges Administration and Restrictions Note 11740.1 Role Restrictions Note 317258.1 Predefined Roles Evolution from 8i to 10g R2: CONNECT role Change in 10gR2 Note 234551.1 PUBLIC : Is it a User, a Role, a User Group, a Privilege ? Note 39333.1 Identifying PC Clients in V$SESSION Note 174138.1 How to Tranfer all Roles and Grants to Another Database Note 77666.1 WIN: Granting Database Roles

Note 1011899.6 Roles and Creating Stored Objects / Views Note 1022776.6 How to Make Trace Files Created by Oracle Readable by All Users ? Note 1068753.6 How To Isolate aTable To Run Update Without Losing Granted Roles Note 1071358.6 What is the OUTLN User? Note 235690.1 How To Create A User With '.' (dot) In Name Note 1079975.6 Enabling, Disabling, and Granting Default Roles Note 112523.1 How to see which Roles are Active within a Session Note 106698.1 WINNT: Assigning External Operating System Roles to NT Global Groups Note 114673.1 RESOURCE Role in DBA_SYS_PRIVS does not Include UNLIMITED TABLESPACE Privilege Note 69483.1 Changing Role within Stored Procedures using dbms_session.set_role Note 160861.1 Oracle Created Database Users: Password, Usage and Files References Note 180028.1 Set up a Secure Access to Application Data within a Database: DBAs, Schemas and Users Note 203318.1 How to create a user and grant privileges in a single GRANT statement Note 207560.1 Can the 9i Sample Schemas Be Safely Removed? Note 124121.1 How to Disable a SQL*Plus Connection for a User Note 159757.1 How to Verify the Enabled Roles for a Session Within a Trigger or PL/SQL Routine Note 1060417.6 ORACLE_8 ROLES, SELECT_CATALOG ROLE, EXECUTE_CATALOG_ROLE, DELETE_CATALOG_ROLE Note 260111.1 How to Interpret the ACCOUNT_STATUS Column in DBA_USERS Oracle 8, 8i, 9i,10g and 11g Database Administrator's Guide Oracle 8, 8i, 9i,10g and 11g SQL Reference Manual Oracle 8, 8i, 9i,10g and 11g Database Concepts Oracle8i Migration Release 3 (8.1.7) (7-4 ) Oracle9i Sample Schemas, Release 1 (9.0.1) or Release 2 (9.2) 4.2 Problems / solutions -----------------------Note 151788.1 A Security Problem Exists with Password Protected Roles Note 1005485.6 ORA-1950 When Creating an Object and Resource Role is Granted to the User Note 1066067.6 Roles could not be executed even after they were recreated Note 1075927.6 View ROLE_TAB_PRIVS returns zero rows Note 1084014.6 Revoking DBA or RESOURCE Privilege Revokes UNLIMITED TABLESPACE from the User Note 97583.1 JServerPermission Memory.GC Java exception when calling enableNewspace() Note 101078.1 VMS: Using DBLINKS When OPS$ Accounts and Password Files Accounts are Set Up Note 106140.1 AFTER LOGON Triggers Don't Allow DBMS_SESSION.SET_ROLE to Keep Roles Enabled Note 111288.1 Create a New User, no Grants but the User can Connect Note 117872.1 Why ORA-01925 Occurs and How to Resolve It Note 121633.1 ORA-24347 with Select * from dba_role_privs OR Select * from user_role_privs Note 150418.1 ORA-28201 Not Enough Privileges to Enable Application Role Note 119752.1 ORA-942 V$Session V$Parameter C Starting SQL*Plus From Windows NT Client Note 169289.1 ORA-01031: insufficient privileges when altering user to identify externally Note 167421.1 ORA-18008 Creating Procedure, Trigger, Package or Function Note 197931.1 External role details not in ROLE_SYS_PRIVS Note 370013.1 Ora-1013 When Creating User, Granting Connect, Resource From A Procedure The following notes particularly lists all articles that have as their topic the kind of errors you may encounter as a result of the fact that privileges granted trough a role are not in effect in stored procedures. PLS-00201 Note 1018687.6 PLS-341 - WHEN RUNNING PLSQL PROCEDURE IN SQLPLUS Note 168168.1 Getting ORA-942 or ORA-1031 and PLS-201 in PL/SQL, works in SQL*Plus Note 210377.1 Executing a Stored Procedure Fails with PLS-00201 Note 113186.1 PLS-201 GRANTING PRIVIEGIES THRU A ROLE Note 1062535.6 Possible Reasons for Generating a PLS-201 Error Note 200415.1 PLS-00201: Identifier '%s' Must be Declared When Compiling a Procedure Note 27287.1 OERR: PLS-201 identifier '%s' must be declared ORA-01031

Note 1048327.6 ORA-1031 WHILE EXECUTING A STORED PROCEDURE Note 1011393.6 0RA-01031 IN STORED PROCEDURE WHEN USING DBMS_SQL TO CREATE A VIEW Note 11740.1 Role Restrictions Note 13615.1 Roles and Privileges Administration and Restrictions Note 1079983.6 ORA-01031 DDL on Materialized View With Enable Query Rewrite Option Note 1011211.6 ORA-01031 WHEN EXECUTING 'GRANT CREATE SESSION' STATEMENT Note 18622.1 OERR: ORA 1031 "insufficient privileges" Note 1083534.6 ORA-01031 When Connecting to Target via Rman PLS-00904 Note 1014765.6 PLS-00904 WHEN COMPILING PL/SQL STORED PROCEDURE, FUNCTION, OR DATABASE TRIGGER Note 27442.1 OERR: PLS-904 insufficient privilege to access object %s ORA-00942 Note 1062335.6 ORA-942 when select from any v$view within stored PL/SQL procedure Note 100076.1 ORA-942 or ORA-1031 Creating Views Based on Data Dictionary Objects Note 1011899.6 Roles and Creating Stored Objects / Views 4.3 Parameters, Events and Errors --------------------------------Note 30797.1 PARAMETER: INIT.ORA: REMOTE_OS_AUTHENT Note 30785.1 PARAMETER: INIT.ORA: OS_AUTHENT_PREFIX Note 30796.1 PARAMETER: INIT.ORA: REMOTE_LOGIN_PASSWORDFILE 4.4 Bugs -------Bug 145295 NEED TO CHANGE OS ROLE SUFFIX CHARACTER Bug 168358 ENHANCEMENT: ALLOW CREATE VIEW (DDL STATEMENTS) WITH PRIVILEGES THRU A ROLE Bug 172360 GRANTING RESOURCE ROLE TO ANOTHER ROLE PREVENTS USER FROM CREATING TABLES Bug 176997 ENH: ABILITY TO GRANT QUOTA ON TABLESPACES TO A ROLE Bug 186769 SELECTING FROM SESSION_ROLES WITHIN A STORED PROCEDURE DOESN'T GIVE ANYTHING Bug 222316 GRANTED ROLE DOESNT SHOW UP AS DEFAULT ROLE Bug 943648 ORA-3113 EXECUTING COMPLEX SQL STATEMENT Bug 178587 USER CAN CREATE MORE ROLES THAN MAX_ENABLED_ROLES FROM WITH IN ONE SESSION Bug 641775 ENHANCEMENT REQUEST TO INCREASE THE MAX_ENABLED_ROLES FROM 148 TO 200 OR MORE Bug 1384922 WHEN USING SQLPLUS SELECT * FROM USER_ROLE_PRIVS GIVES ORA-2434 Bug 1149002 ORA-24347 AND " NO ROWS SELECTED " IN SELECT JOIN AGGREGATE GROUP BY PARALLEL Bug 1618315 DOCUMENTATION SHOULD STATE THATOUTLN USER SHOULD NOT BE DROPPED 4.5 Scripts ----------Note 18079.1 Script to Capture Role Grants Note 18080.1 Script to Create Roles Note 1019486.6 Script: Report Roles Granted to Users Note 1019508.6 Script to Show System and Object Privs for a User Note 1020086.6 SCRIPT: To Report Privileges Granted To a User Note 107182.1 SCRIPT: Generate ROLE Creation Script for 8.X.X Note 241997.1 SCRIPT: Create procedure to Show All User Privs and roles Note 98572.1 Script to create user OUTLN in 8i Note 240478.1 Script to create user OUTLN in 9i

5) User and Tablespace Quotas

5.1 How to and Documentation ---------------------------Note 180028.1 Set up a Secure Access to Application Data within a Database: DBAs, Schemas and Users Note 1012307.6 Moving Tables Between Tablespaces Using EXPORT/IMPORT Note 158162.1 How To Move All Tables From One User To Another Tablespace Note 1037317.6 Moving the Replication Queue Tables (DEF$) Out of the System Tablespace Oracle9i Database Concepts Release 2 Chapter - Controlling Database Access User Tablespace Settings and Quotas Oracle9i Database Administrator's Guide Chapter - Managing Tablespaces Assign Tablespace Quotas to Users Oracle9i SQL Reference - ALTER USER 5.2 Problems / solutions -----------------------Note 1012569.6 ORA-1536 On DML Or Running Tools, Applications Note 1026320.6 ORA-1536: When Inserting Into a Table Note 1039291.6 ORA-02187 Trying to Grant Quota Over 2Gig Note 1054952.6 ORA-01652: Trying to Set Quotas for Users on Temp Tablespace Note 95554.1 ORA-01950 Even After Assigning 'Unlimited Quota' On Tablespace To User Note 98056.1 ORA-1950 when trying to Move an Index to Another Tablespace Note 108871.1 ORA-02187 when Granting a User Quota on a Tablespace Note 1005485.6 ORA-1950 When Creating an Object and Resource Role is Granted to the User Note 91969.1 IMPORT FROMUSER/TOUSER Fails to Generate Tables With LOBs into TOUSER Tablespace Note 91799.1 EXP: IMP-3, ORA-1950, IMP-17: During Import of Recreated Tablespace Note 205722.1 Create New Ultra Search Instance Fails WKG-5000 ORA-1950 RECEVING WWV-08301/ORA-1950 WHEN CREATING TABLE IN WEBDB Note 1062153.6 GL PROGRAM OPTIMIZER FAILED: APP-6077, APP-6083, ORA-1950 NO PRIVILEGES ON TABLESPACE RGX Note 1058205.6 ORA-01950 AND ORA-06512 TRYING TO OPEN PERIOD

5.3 Parameters, Events and Errors -------------------------------- OERR: ORA 1536 space quota exceeded for tablespace " " Note 19238.1 OERR: ORA 1950 no privileges on tablespace "" OERR: ORA 2187 invalid quota specification 5.4 Bugs -------Bug 1270191 ORA-1950 ON ALLOCATE EXTENT - POSSIBLE DICTIONARY CORRUPTION 5.5 Scripts ----------Note 1019712.6 SCRIPT: Show Tablespace Quota Used by User

6) Profiles and Resource Limits

6.1 How to and Documentation ---------------------------Note 1016552.102 How to use PROFILES to limit user resources Note 157702.1 How to get the Values Assigned by Default to a Profile ? Note 160528.1 Profile Limits (Resource Parameter(s)) Are Not Enforced / Do Not Work Note 157702.1 How to get the Values Assigned by Default to a Profile ? Note 95582.1 Tracing Oracle Applications Intermittent crashing or hanging forms sessions. Note 197694.1 How To Avoid Forms To Open A New Session When It Reached The Session Limit? Note 209702.1 How To Limit The Access To The Database So That Only One User Per Schema Are Connected (One Concurrent User Per Schema) Oracle9i Database Administrator's Guide Chapter - Managing Users and Resources Managing Resources with Profiles Viewing Information About Database Users and Profiles Oracle9i Database Concepts Release 2 Chapter - Controlling Database Access User Resource Limits and Profiles 6.2 Problems / solutions -----------------------Note 119295.1 What Happens to a Transaction When CONNECT_TIME is Exceeded? Note 1005119.6 Any of the user profile limits are being ignored by Oracle7 Server Note 1061189.6 Profile on user IDLE_TIME set to 15 minutes Note 1070071.6 Profile limits are not being recognized Note 215417.1 More Time Than Specified Is Needed Before A User Becomes Disconnected Note 120135.1 Connections to database being killed unexpectedly Note 156116.1 User Can Open More Sessions than Limited Note 1070501.6 Parallel Query processes die intermittently Note 1020176.102 ORA-02392 when using CPU_PER_SESSION limit in profile Note 1042778.6 ORA-02394 USING REPLICATION IN ORACLE8 Note 265095.1 Resource Limits for Passwords Work Even with RESOURCE_LIMIT = false Note 241621.1 ORA-02376 When ALTER PROFILE to Set the PASSWORD_VERIFY_FUNCTION 6.3 Parameters, Events and Errors --------------------------------Note 30800.1 Init.ora Parameter "RESOURCE_LIMIT" Reference Note Note 19563.1 OERR: ORA 2390 exceeded COMPOSITE_LIMIT, logoff in progress Note 19564.1 OERR: ORA 2391 exceeded simultaneous SESSIONS_PER_USER limit Note 19565.1 OERR: ORA 2392 exceeded session limit on CPU usage, logging off Note 19566.1 OERR: ORA 2393 exceeded call limit on CPU usage Note 19567.1 OERR: ORA 2394 exceeded session limit on I/O usage, logging off Note 19568.1 OERR: ORA 2395 exceeded call limit on I/O usage Note 19569.1 OERR: ORA 2396 exceeded max Idle Time, please connect again Note 19570.1 OERR: ORA 2397 exceeded PRIVATE_SGA Limit, logging off Note 19571.1 OERR: ORA 2398 exceeded procedure space usage Note 19572.1 OERR: ORA 2399 exceeded maximum connect time, logging off 6.4 Bugs -------Bug 2653232 SPATIAL QUERIES DON'T PROGRESSIVELY RECORD RESOURCE (CPU) USAGE Bug 2085332 SET OVER 5 HOURS TO CPU_PER_CALL, YOU GET ORA-2394, DON'T GET ORA-2393 Bug 2231683 UGA MEMORY LEAK WHEN USING OBJECT INHERITANCE IN PL/SQL Bug 1182131 ORA-2399 RUNNING JOB OR PROCEDURE WITH CURSOR & CONNECT_TIME
Bug 2134498 ORA-2391 ON BOTH NODES OF A OPS-CLUSTER ALTHOUGH RESOURCE_LIMIT=FALSE Bug 2319471 ORA-2391 AND ORA-7445S IN PQ SLAVES, THEN ORA-7445 PMON CRASH Bug 2117349 LOTS OF ORA-2391 ERRORS FILLING UP ALERT.LOG Bug 777970 TEST VALIDITY OF AM4CICS THREAD CONNECTIONS BEFORE ASSIGNING THEM TO CICS TASKS Bug 1898254 JDBC THIN APPLICATION KEEPS CONNECTION WHEN IDLE_TIME PROFILE IS SET.

6.5 Scripts ----------Note 1019933.6 Script to list profile resources and limits

7) Password Management

7.1 How to and Documentation ---------------------------Note 114930.1 Oracle Password Management Policy Note 228991.1 Behavior of PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME in 9i / 8i Note 1051982.6 How to Change SYS and SYSTEM Passwords Note 271825.1 Is the password encrypted when I logon and related questions. Note 225529.1 How to LOCK the SYS PASSWORD using Password Management with Profiles Note 1016364.102 VMS: How to Change Oracle SYS and SYSTEM Passwords Note 199582.1 How To Transfer Passwords Between Databases Note 101458.1 How to change Oracle user password with PL/SQL procedure Note 242668.1 Use ALTER USER Command to Change Your Own Password Without the Privilege and Go Through the Password Verify Function Note 160443.1 How to Enable Password Expire Time ? Note 1047958.6 Password uniformity over multiple instances Note 1051962.101 Restoring a user's original password Note 98481.1 How to Keep the Same Password when Expiry Time is Reached and Change is Required Note 124113.1 Implementing Punctuation in Passwords. Note 118382.1 Can I Avoid Passwords from Appearing in the Process Table on a UNIX Platform? Note 291195.1 Why Account Status Is Open When Expiry Date is Old Date in DBA_USERS Note 275232.1 DBA_USERS Shows ACCOUNT_STATUS is LOCKED Even After the PASSWORD_LOCK_TIME has Expired Note 279355.1 ORA-01017: Connect as a User Created with IDENTIFIED BY VALUES Password Note 335864.1 Can Oracle Passwords Be Case Sensitive ? Oracle9i Database Administrator's Guide Chapter - Establishing Security Policies Password Management Policy Oracle9i Database Concepts Release 2 Chapter - Controlling Database Access Authentication by the Oracle Database 7.2 Customer Updates -------------------Note 340009.1 Customer Update Regarding Published Sketch For So-Called Oracle Voyager Worm Note 340240.1 Customer Update Regarding "An Assessment of the Oracle Password Hashing Algorithm" by Joshua Wright and Carlos Cid 7.3 Problems / solutions -----------------------Note 139676.1 ORA-28007 the password cannot be reused Note 104235.1 EXP-00058 Error When Profiles Have PASSWORD_VERIFY_FUNCTION

Note 1062905.6 EXP-00014, EXP-00008, ORA-02396, EXP-00008, ORA-01012, EXP-00000 EXPORTING TO TAPE Note 124648.1 ORA-28003, ORA-20001, ORA-20002, ORA-20003, ORA-20004 after running utlpwdmg.sql Note 301057.1 Changing SYS Password HANGS with ALTER USER Command Note 289898.1 User SYS Does Not Get ORA-28002 Nor ORA-28001 Even When PASSWORD_LIFE_TIME or PASSWORD_GRACE_TIME are Set Note 164834.1 Changing Password Using PASSWORD_VERIFY_FUNCTION Fails With ORA-28003 Note 1038601.6 ORA-988 when Creating a User with a Password that Starts with a Number Note 1012425.7 ORA-28001: Password expired, but not prompted for new password Note 152647.1 After Changing Password: ORA-00988 Note 124648.1 ORA-28003, ORA-20001, ORA-20002, ORA-20003, ORA-20004 after running utlpwdmg.sql Note 162818.1 ORA-28002 On User Connection Immediately After PASSWORD_LIFE_TIME Changed Note 132096.1 ORA-28003 Error When Use 'Password Complexity Verification' Note 1079860.6 ORA-28011 Password Expiry Date is Reached But Reset to NULL Note 1084150.6 ORA-7443: Function not Found When Using PASSWORD_VERIFY_FUNCTION in Profile Note 139676.1 ORA-28007: the password cannot be reused Note 113446.1 ORA-988 Error Using 'ALTER USER <username> PASSWORD EXPIRE' in SQL*Plus 8.1.6 Note 119260.1 ORA-3113 or ORA-1041 when trying to change user password in database Note 130639.1 ORA-1841 Error Connecting to Upgraded Database After Set PASSWORD_LIFE_TIME Note 1050807.6 ORA-01017: MANUGISTICS CREATED USERS OTHER THAN SYS CANNOT LOG INTO DATABASE Note 1063068.6 Getting ORA-1005 when logging in to SQL*Plus Note 242416.1 8.0.6 SQLPLUS CLIENT Echo's PASSWORD in LINUX Note 1038601.6 ORA-988 when Creating a User with a Password that Starts with a Number Note 265095.1 Resource limits for passwords work even with resource_limit = false 7.4 Parameters, Events and Errors --------------------------------Note 30800.1 Init.ora Parameter "RESOURCE_LIMIT" Reference Note Note 18579.1 OERR: ORA-988 missing or invalid password(s) Note 50001.1 OERR: ORA-28000 the account is locked Note 50002.1 OERR: ORA-28001 the password has expired Note 50003.1 OERR: ORA-28002 the password will expire within %s days Note 50004.1 OERR: ORA-28003 password verification for the specified password failed Note 50005.1 OERR: ORA-28004 invalid argument for function specified in PASSWORD_VERIFY_FUNCTION Note 50007.1 OERR: ORA-28006 conflicting values for parameters %s and % s Note 50008.1 OERR: ORA-28007 the password cannot be reused Note 50009.1 OERR: ORA-28008 invalid old password Note 50011.1 OERR: ORA-28010 cannot expire external or global accounts Note 173502.1 OERR: ORA-28011 the account will expire soon; change your password now Note 267401.1 Oracle Performance Monitor 10.1 causing NMUPM.EXE to Lock System Account 7.5 Bugs -------Bug 1231172 ORA-28003 WHEN CHANGING PASSWORD FOR A USER Bug 1620381 ORA-24315 RESULTS ON CONNECT REQUEST AFTER PASSWORD VERIFICATION FAILURE Bug 2161716 PASSWORD GRACE PERIOD MESSAGE NOT WORKING IN 8.1.7.2 Bug 1654141 USER ACCOUNTS IN GRACE PERIOD CANNOT PERFORM EXPORT, GET EXP-56 ORA-28002 ERRORS Bug 1494651 OCILOGON DOES NOT CREATE A SESSION WHEN A PASSWORD IS IN GRACE TIME Bug 1668134 PROTOCOL VIOLATION WHEN THIN DRIVER CONNECTING TO USER WITH EXPIRED PASSWORD. Bug 2269177 IAS: MOD_PLSQL AUTHENTICATION DENIED WHEN USER ACCOUNT IS IN GRACE PERIOD Bug 2664495 OLEDB DOESNT PROPAGATE ORA-28002 PASSWORD WARNING Bug 2158625 FORMS 4.5 DOES NOT TRAP ORA-28002 WARNING WHEN A PASSWORD IS DUE TO EXPIRE

7.6 Scripts -----------

Note 227010.1 Script to Check for Default Passwords Being Used for Common Usernames Note 135878.1 Script to prevent a user from changing his password Note 161671.1 Script to Identify Accounts with a Password Equal to their Username

8) Connect Internal and Password Files

These articles and documentation explain how to administer the administrative privileges, still loosely referred to as 'connect internal' and how to manage access with a password file. 8.1 How to and Documentation ---------------------------Note 233223.1 Checklist for Resolving CONNECT AS SYSDBA (INTERNAL) Issues Note 242258.1 Why Can I Login AS SYSDBA With any Username and Password? Note 18089.1 UNIX: Connect INTERNAL / AS SYSBDA Privilege on Oracle 7/8 Note 50507.1 SYSDBA and SYSOPER Privileges in Oracle Note 1029539.6 UNIX: How to Set up the Oracle Password File Note 1058658.6 UNIX: Multiple databases sharing a password file Note 1016540.6 How to enable remote password with ORAPWD and Parallel Server Note 103964.1 How to Audit Connect Internal Using Oracle Server Note 212049.1 How To Add a New User to the Password File ? Note 43793.1 VIEW "V$PWFILE_USERS" Reference Note Note 225097.1 ORACLE_SID, TNS Alias,Password File and others Case Sensitiveness Note 98651.1 UNIX: How to make Connect Internal Protected by Password even for DBA Group Oracle9i Database Administrator's Guide Chapters - The Oracle Database Administrator - Database Administrator Authentication - Password File Administration 8.2 Problems / solutions -----------------------Note 69642.1 UNIX: Checklist for Resolving Connect AS SYSDBA Issues Note 185703.1 How to Avoid Common Flaws and Errors Using Passwordfile Note 114384.1 WIN: Checklist for Resolving CONNECT AS SYSDBA (INTERNAL) Issues Note 68238.1 SCO: ORAPWD Utility Generates An Unusable Password File In Oracle v7.3.4 Note 118367.1 UNIX: ORA-1990 at Startup DB After Creating Password File with Wrong Case Note 147724.1 Granting SYSDBA Privileges Fails with ORA-01990; Quick Edit of Database from EM Console Fails with Database Currently in Unknown State Note 223002.1 UNIX:CONNECT INTERNAL Asks for Password in a Multiple Oracle Versions Environment Note 301072.1 Dbstart Fails With Ora-01031 When Called From User Root Note 308151.1 Connect / AS SYSDBA Results In Ora-01031 Note 77740.1 USERNAME Is Listed From V$PWFILE_USERS But Not From DBA_USERS Note 312093.1 Timestamp on ORAPWD File Updated When Users' Password Changed 8.3 Parameters, Events and Errors --------------------------------Note 30796.1 Init.ora Parameter "REMOTE_LOGIN_PASSWORDFILE" Reference Note Note 30797.1 INIT.ORA: REMOTE_OS_AUTHENT Note 30785.1 INIT.ORA: OS_AUTHENT_PREFIX Note 19276.1 OERR: ORA 1990 error opening password file Note 19277.1 OERR: ORA 1991 invalid password file Note 19278.1 OERR: ORA 1992 error closing password file Note 19279.1 OERR: ORA 1993 error writing password file Note 19280.1 OERR: ORA 1994 GRANT failed: cannot add users to public password file Note 19281.1 OERR: ORA 1995 error reading password file Note 19282.1 OERR: ORA 1996 GRANT failed: password file is full

8.4 Bugs -------Bug 2688911 SQLPLUS DOES NOT CORRECTLY SUPPORT THE 'AS SYSDBA' FUNCTIONALITY IN 8.1.7 Bug 425862 ORA-600 [1113] SELECTING FROM V$PWFILE_USERS IF MORE THAN 14 SYSDBA USERS 8.5 Scripts ----------Note 67984.1 UNIX: Diagnostic C program for ORA-1031 from CONNECT INTERNAL / AS SYSDBA

9) O/S Authentication

This section has references to documentation and notes about O/S authentication, a.k.a. external authentication, the authentication is delegated to the operating system which hence needs to be trustworthy. Please note the distinction between authenticating via the O/S with administrative privileges (see 8.) and as a normal (application) user. 9.1 How to and Documentation ---------------------------Note 233223.1 Checklist for Resolving CONNECT AS SYSDBA (INTERNAL) Issues Note 242258.1 Why Can I Login AS SYSDBA With any Username and Password ? Note 18088.1 UNIX OS Authentication on Oracle Server Note 60634.1 WIN: Setup O/S Authentication Note 77665.1 WIN: OS Authentication - Connecting to Oracle Without a Password Note 122515.1 WIN: Setup O/S Authentication Using Oracle Administration Assistant Note 272395.1 OS Authentication in 9i is Not Working as in 8i Note 91944.1 Native Authentication through Windows 2000 Note 111252.1 How to use OPS$ user as FROMUSER/TOUSER Import or OWNER Export parameter Note 101078.1 VMS Using DBLINKS When OPS$ Accounts and Password Files Accounts are Set Up Note 371110.1 How to Configure the SQL*Net Layer for OS Authentication and Native Authentication on a Windows Platform in a Two-Tier Environment Note 363448.1 Error Message Running Application From MS Terminal Server Ora-01019 Oracle9i Database Administrator's Guide - Chapters - The Oracle Database Administrator; - Establishing Security Policies; System Security Policy ; User Autentication, - Managing Users and Resources; User Authentication Methods; External Authentication 9.2 Problems / solutions -----------------------Note 120329.1 ORA-3113 CONNECTING USING OS AUTHENTICATION Note 99550.1 OCILogon Using OS Authentication Fails With ORA-01017 Note 243083.1 ORA-01005: Connect Username AS SYSDBA Behaves Differently in 7.3.4, 8.1 and 9.2 Note 309059.1 Oradim Command Fails to Shutdown Database(s) with ORA-01031 under 9.2.0.6 Note 373999.1 ORA-27140 Unable To Connect To Database With OS Authentication Note 302775.1 Ora-27140 When Connecting As A Non Dba Group User 9.3 Parameters, Events and Errors --------------------------------Note 30785.1 Init.ora Parameter "OS_AUTHENT_PREFIX" Reference Note Note 30797.1 Init.ora Parameter "REMOTE_OS_AUTHENT" Reference Note Note 19283.1 OERR: ORA 1997 GRANT failed: user is identified externally 9.4 Bugs --------

Bug 4312390 ORADIM COMMAND CAN'T SHUTDOWN DATABASE : ORA-1031 Bug 530697 CONNECT INTERNAL DOES NOT WORK FOR DOMAIN USERS IN LOCAL ORA_DBA GROUP Bug 370253 OS AUTHENTICATION FAILS WITH ORA-1017 FOR ROOT USER Bug 1632293 ORA-28150 SELECTING ACROSS DATABASE LINK WITH OS AUTHENTICATED USER

10) Auditing

10.1 How to and Documentation ----------------------------Note 1020945.6 How to Setup Auditing Note 175292.1 Overview Auditing: Possibilities of Auditing, using Triggers and FGA Note 174556.1 9i/9.2: Fine Grained Auditing Note 266896.1 10g: Fine Grained Auditing Note 278184.1 9i and 10g: Installing Oracle Label Security Automatically Moves AUD$ Table out from SYS into SYSTEM schema Note 175259.1 Using autonomous triggers to audit detailed information. Note 209801.1 How to Disable Audit Action 103 to Avoid Unnecessary Rows in Table SYS.AUD$ Note 158348.1 How to Find Results Back in Data Dictionary When Using AUDIT SYSTEM GRANT Note 166301.1 How to Reorganize SYS.AUD$ Table Note 230845.1 How to Import SYS.AUD$ Table from 8i to 9i Database When SYS User is not Exported Note 222807.1 How To Audit GRANT ANY PRIVILEGE Or GRANT ANY ROLE Note 239621.1 How to audit 'analyze index' Note 199419.1 How to Avoid Common Flaws and Errors Using Fine Grained Auditing Note 99786.1 How to Audit User Connection, Disconnection Date and Time Note 73408.1 How to Truncate, Delete, or Purge Rows from the Audit Trail Table SYS.AUD$ Note 1025832.6 How to audit data changes in tables using triggers Note 103964.1 How to Audit Connect Internal Using Oracle Server Note 208855.1 What is Audit Action 103 ? Note 282091.1 How to find Whether an OBJECT-level Audited by ACCESS Statement Succeeded or Failed Note 174340.1 Audit SYS user Operations Note 308066.1 AUDIT_SYS_OPERATIONS Set To FALSE Yet Audit Files Are Generated Note 1025314.6 Descriptions of action code and privileges used in fields in SYS.AUD$ table Note 167293.1 Some examples about auditing and output of auditing Note 45114.1 Auditing/Debugging DML with Database Trigger Note 41800.1 Quick Reference to Auditing Information Note 293973.1 Find List Of All Possible Keywords In Audit Log Files Note 99137.1 Setting up, Interpreting Auditing Using Windows NT Event Viewer Note 1049048.6 Auditing with Oracle Parallel Server Note 72291.1 VMS The AUDIT_TRAIL=OS Initialization Parameter on OpenVMS Note 221944.1 How to Audit a User Who is Trying to Break DB Username/Password Note 123128.1 How To Identify an RDBMS session using AUDSID Note 274697.1 LOGOFF and LOGOFF BY CLEANUP Do Not Have Any LOGON Records in DBA_AUDIT_TRAIL and Vice-Versa Note 277219.1 How to Retrieve the Whole Audited SQL Statement From DBA_FGA_AUDIT_TRAIL View ? Note 310873.1 Audit Record written When We Select From View even if The Audited Column Is Not Selected Note 309798.1 How to Trace Specific Database Users to Collect Full DML Statements Executed Note 282091.1 How to find Whether an OBJECT-level Audited by ACCESS Statement Succeeded or Failed Note 271615.1 Timestamp And Logoff_time Columns In Audit views Are In Different Time Zones Note 402528.1 How to cleanup the log table FGA_LOG$ ? Note 414666.1 Audit Action #283 Note 427296.1 Why is column TIMESTAMP# having NULL values in AUD$ and FGA_LOG$ tables?: Note 469007.1 SCRIPT: How To Apply the Same Fine Grained Audit Policy To All Tables In A Schema 10.2 Problems / solutions ------------------------Note 334486.1 SYS.AUD$ Table Not Found Though Exists in SYS.OBJ$

Note 1063941.6 LRM-00101: Unknown parameter name 'AUDIT_FILE_DEST' when config auditing on NT Note 74725.1 How often tables are accessed (AUDIT) Note 166674.1 Auditing Does Not Supply A Full Name Of Triggers Note 72460.1 Moving AUD$ to another tablespace and adding triggers to AUD$ Note 1068714.6 How does the NOAUDIT option work Note 1019326.102SES_ACTIONS in DBA_AUDIT_OBJECT Note 130146.1 Auditing DML (Insert, Update and Delete) Note 363590.1 How to Retrieve DML Statements Text and Values from Bind Variables Note 107842.1 Application Log is Full with Event ID 34 : Audit Trail:Connect Internal Note 106823.1 Unknown Users Comparing sys.aud$ and user_audit_session Note 125378.1 ORA-2096 setting TRANSACTION_AUDITING dynamically Note 197598.1 Audit users with "DROP ANY TABLE" privilege: example client event trigger Note 267389.1 AUDIT CREATE PROCEDURE Does not Audit "Create OR Replace Procedure" Statements Note 198468.1 SYS.AUD$ Filling up Fast When Auditing Failed Logon Attempts Because of DBSNMP. Note 240766.1 ORA-00904 When Using RAWTOLAB Function on SYS.AUD$ Columns OBJ$LABEL and SES$LABEL Note 246665.1 ORA-22921 When Fine Grained Auditing with Multibyte Character Set in 9.2.0.3 Note 316915.1 Unexpected Audit Records Are Generated Within APPS When CREATE SESSION is Audited Action Note 310876.1 CREATE USER System Privilege Not Being Audited Note 343413.1 Default Actions Audited in OS Audit Files Contain Messages for Completed Archive Operations 10.3 Parameters, Events and Errors ---------------------------------Note 30690.1 Init.ora Parameter "AUDIT_TRAIL" Reference Note Note 39796.1 Init.ora Parameter "AUDIT_FILE_DEST" Reference Note Note 72203.1 OERR ORA-16006 audit_trail destination incompatible with database open mode Note 19287.1 OERR ORA 2002 error while writing to audit trail Note 21073.1 OERR ORA-9925 "Unable to create audit trail Note 20985.1 OERR ORA-9822 Translation of audit file name failed. Note 249438.1 10G: New Value DB_EXTENDED for the AUDIT_TRAIL init.ora Parameter 10.4 Bugs --------Bug 2916125 AUDITED_CURSORID ONLY AVAILABLE FOR REGULAR AUDITING Bug 2998476 SQL_TEXT COLUMN IN DBA_FGA_AUDIT_TRAIL VIEW IS GARBLED AFTER APPLYNG BUG#2973008 Bug 2973008 FINE-GRAINED AUDITING FAILS WITH ORA-22921 USING MULTI-BYTE CHARACTER SET Bug 3684796 ORA-904 WHEN EXPLAINING GROUPING SETS QUERY WITH FINE GRAINED AUDITING Bug 3836829 Columns That Are Not Selected In View Still Audited Using Fga 10.5 Scripts -----------Note 287436.1 SCRIPT: Generate AUDIT and NOAUDIT Statements for Current Audit Settings Note 1019377.6 Script to move SYS.AUD$ table out of SYSTEM tablespace Note 1019552.6 Script to Show Audit Options/Audit Trail Note 279169.1 Script: How To Store the Checksum of PL/SQL Code

11) Event Triggers

11.1 How to and Documentation ----------------------------Note 175292.1 Overview Auditing: Possibilities of Auditing, using Triggers and FGA Note 45114.1 Auditing/Debugging DML with Database Trigger Note 74173.1 Oracle8i - Database Trigger Enhancements Note 281229.1 How to Restrict Access to the Database With Specific Tools(e.g. TOAD) or Applications Note 197598.1 Audit Users with "DROP ANY TABLE" Privilege: Example Client Event Trigger Note 301062.1 Audit User By Session From Unauthorized IP Address Note 175259.1 Using autonomous triggers to audit detailed information.

Note 150212.1 Database Triggers do not Seem to Execute Note 163593.1 System Triggers Are Not Executed Note 149948.1 IMPORTANT Set "_SYSTEM_TRIG_ENABLED=FALSE" When Upgrading / Downgrading / Applying Patch Sets Note 220491.1 How to Prevent Users From Log Into a Database Within Defined Periods Note 265012.1 ADMINISTER DATABASE TRIGGER Privilege Causes Logon Trigger to Skip Errors Note 70679.1 How to Audit Logon/Logoff Events with Triggers Note 105758.1 How to Automate Controlfile Backup at Database Startup Note 101627.1 How to Automate Pinning Objects in Shared Pool at Database Startup Note 210693.1 How to Automate Grant Operations When New Objects Are Created in a SCHEMA/DATABASE Note 234098.1 How to Forbid the Usage of ALTER TABLE Command on Tables Owned or Created by Users Trigger Note 339558.1 How to Track CREATE USER / DROP USER Statements Using Trigger Note 159183.1Note 271077.1 How to Prevent a User Granted the ALTER USER Privilege From Changing SYS/SYSTEM password Note 361728.1 How to Restrict User from Connecting to Database Through Specific Ip Address Oracle9i Database Concepts Chapter - Triggers Triggers on System Events and User Events Oracle9i Application Developer's Guide - Fundamentals Chapter - Working With System Events 11.2 Problems / solutions ------------------------Note 106140.1 AFTER LOGON Triggers Don't Allow DBMS_SESSION.SET_ROLE to Keep Roles Enabled Note 120712.1 Database or Logon Event Trigger becomes Invalid Who can Connect? 11.3 Parameters, Events and Errors ---------------------------------Note 68636.1 Init.ora Parameter "_SYSTEM_TRIG_ENABLED" 11.4 Bugs --------Bug 2469532 ORA-29539, CANNOT INSTALL THE JVM AFTER REMOVING IT 11.5 Scripts ------------

12) Fine Grained Access Control

These articles and documentations relate to FGAC, new 8i feature that allows a more granular level of security : row level. 12.1 How to and Documentation ----------------------------Note 67977.1 Oracle8i Fine Grained Access Control - Worked Examples Note 281829.1 Evolution of Fine Grain Access Control FGAC Feature From 8i To 10g Note 250795.1 10g: Policy Enforced Only When the Relevant Column is Queried in Any Way Note 281970.1 10g: Enhancement on STATIC_POLICY with POLICY_TYPE Behaviors in DBMS_RLS.ADD_POLICY Procedure Note 315687.1 10g: What Is INDEX statement_type Used For In By DBMS_RLS Policies ? Note 119335.1 How To Solve the Problem of Circular Row Level Policies Note 174799.1 How to Bypass Fine-Grained Security Enforcement Note 69573.1 How to Determine Active Context (DBMS_SESSION.LIST_CONTEXT) Note 162914.1 How to Skip Tables when Exporting a User or an Entire Database

Note 99250.1 Understanding Fine-Grained Access Control (DBMS_RLS) on INSERT Note 174368.1 Policies on Synonyms Note 170177.1 Use of Fine grained access control from forms Note 155477.1 Parameter DIRECT: Conventional Path Export Versus Direct Path Export Note 187239.1 Execution plan may change when you use Fine Grained Access Control (FGAC) Note 250795.1 10G: Policy Enforced Only When the Relevant Column is Queried in Any Way Oracle9i Database Administrator's Guide - Chapter - Establishing Security Policies Oracle9i Application Developer's Guide - Fundamentals - Chapter - Implementing Application Security Policies - Introduction to Application Context - Introduction to Fine-Grained Access Control Oracle9i Supplied PL/SQL Packages and Types Reference - Chapter - DBMS_RLS 12.2 Problems / solutions ------------------------Note 69401.1 How to resolve ORA-28110 or ORA-28112 on SELECT or DML Note 100130.1 ORA-1031 when setting Attribute via DBMS_SESSION.SET_CONTEXT Note 331862.1 ORA-28113 when a Policy Predicate is Fetched from a Context Note 113970.1 SELECT Statement Hangs when using Fine Grained Access Control Note 168056.1 Select on Table With Policy Defined on it Fails With ORA-28110 Note 175658.1 RLS Policy Function Appears to Run in a New Session Note 277606.1 How to Prevent EXP-00079 or EXP-00080 Warning (Data in Table xxx is Protected) During Export Note 130652.1 A policy does not work as defined, though UPDATE_CHECK is set to TRUE Note 117058.1 ORA-439 When Trying to Use DBMS_RLS Note 179379.1 Querying Against a Partitioned Table With FGAC Fails With ORA-01762 Note 158187.1 Create Materialized View Fails With ORA-30372 Note 172423.1 ORA-12015 when Creating Materialized View with Defined Fine Grain Access Control Note 153978.1 Oracle9i Export of Table with Row Level Security Aborts with ORA-1406 and EXP-0 Note 219911.1 Fine Grained Access Control Feature Is Not Available In the Oracle Server Standard Edition Note 250094.1 How to Know the Exact Cause of an ORA-28113 Error After Setting a FGAC Policy Note 278577.1 FGAC Policy Causes Ora-00903 When Using A Function With UNION Operator And PK On Function Tables Note 293301.1 ORA-14136 When Exchanging Partition With a Table That Has a RLS Policy Enabled Note 312030.1 DBMS_OUTPUT.PUT_LINE Fires Multiple Times From FGAC Policy Function Note 361345.1 Ora-3001: "Unimplemented Feature" On Query Using "WITH" and FGAC Note 422480.1 ORA-39181:Only Partial Table Data Exported Due To Fine Grain Access Control 12.3 Parameters, Events and Errors ---------------------------------Note 71836.1 OERR:ORA-30372 fine grain access policy conflicts with materialized view Note 71410.1 OERR:ORA-28116 insufficient privileges to do direct path access 12.4 Bugs --------Bug 1517613 ORA-1762 USING PARTITIONS AND FINE GRAINED ACCESS CONTROL Bug 2539145 EXEMPT ACCESS POLICY PRIVILEGE NOT PROPERLY RECOGNIZED BY THE EXPORT UTILITY Bug 1802004 EXP-0: EXPORT TERMINATED UNSUCCESSFULLY Bug 3771415 ORA-903 WHEN SELECT A TABLE WITH RLS POLICY AND FUNCTION WITH UNION OPERATOR Bug 3988219 Dbms_Output.Put_Line Fires Multiple Times From Policy Function In Fgac

13) Oracle Label Security

Oracle Label Security enables application developers to add label-based access control for the applications. It mediates access to rows in database tables based on a label contained in the row, and the label and privileges associated with each user session. For queries Oracle Label Security is using the Oracle Virtual Private Database technology. For DMLs it is using a set of triggers. 13.1 How to and Documentation ----------------------------Note 230980.1 Oracle Label Security - Concepts (Policies and Labels) and Examples Note 171155.1 Install/Deinstall Oracle Label Security Data Dictionary in Oracle9i Note 213684.1 Oracle Label Security Frequently Asked Questions Note 213716.1 Oracle Label Security in a Replication Environment Note 314077.1 Oracle Label Security : How to Separate Duties of Policies Administration Note 317319.1 10g R2 New Feature TDE (Transparent Data Encryption) Usage with OLS Oracle Label Security Administrator's Guide 13.2 Problems / solutions ------------------------Note 215886.1 Oracle Trusted Stored Procedure Label Not Used Note 144160.1 Unable to Find Oracle Policy Manager (Oracle Label Security Related Application) Note 303751.1 Unable to Install OLS on 10.1.0.3 Note 233110.1 ORA-07445 [zllcini] or ORA-04045 in a Database with OLS Set to FALSE Note 250411.1 ORA-439 Oracle Label Security Option Not Enabled though Already Installed Note 303511.1 After Installing OLS, Create Policy Issues ORA-12447 and ORA-600 [KGHALO2] Note 231777.1 ORA-12445 When Applying a Label Function on a Table Protected by an OLS Policy Note 238599.1 ORA-12447 When Creating an Already Existing OLS Policy Note 278301.1 ORA-12414: Internal Lbac Error: Zllcfpo:Ocitypebyname and ORA-22303 at Database STARTUP Note 285429.1 sa_session.set_label generates ORA-12470 Note 303791.1 Oracle Label Security And Foreign Key DEFERRABLE INITIALLY DEFERRED Issues Ora-28117 Note 304137.1 ORA-12406 When Updating a Table With an OLS Policy Though Granted EXEMPT ACCESS POLICY Privilege Note 735375.1 "LbacException User does not exist" Encountered While Adding An User To a Profile Using OLSADMINTOOL Note 735801.1 ORA-0109 ORA-12432 LBAC ERROR ZLLEGNP While Starting Up The Database Note 577569.1 Queries Against Tables Protected by OLS Are Erroring Out 13.3 Bugs --------Bug 3870317 UNABLE TO INSTALL ADDITIONAL OPTIONS AFTER 10.1.0.3.0 PATCHSET IS APPLIED Bug 2499257 ORA-28115 TO_DATA_LABEL WILL WORK ON ADMINISTRATOR CREATED DATA LABELS Bug 2367197 ORACLE SPATIAL INDEX CREATION AND QUERIES FAIL WHEN OLS IS APPLIED

14) Database Vault Oracle Database Vault Administrator's Guide 10g Release 2 (10.2) Oracle Database Vault Administrator's Guide 11g Release 1 (11.1) 14.1 How to and Documentation ----------------------------Note 397085.1 Database Vault Errors Due to Internet Explorer Language Option Note 403376.1 Installation Of Database Vault Fails Note 405042.1 Clarity On Database Patchset 10.2.0.3.0 Apply, Where The README Has References To Oracle Database

Vault Option Note 604773.1 Cannot Install Database Vault in a Single Instance Database in a RAC home Note 550265.1 How To Restrict The Access To An Object For The Object's Owner Note 550863.1 What Privileges Are Revoked During Database Vault Installation? Note 754065.1 Installing Database Vault in a Data Guard Environment 14.2 Problems / solutions ------------------------Note 400667.1 Ora-01918: User 'Dvsys' Does Not Exist when installing Database Vault Note 417869.1 Unable To Access Dva Until Dbconsole is Restarted Note 433887.1 Datapump Export Fails When Database Vault is Enabled ORA-47401 Note 465685.1 ORA-7445 Error Encountered When Running An ALTER USER Statement On a Database Vault Protected DB Note 467476.1 Import Into A Non SecuredTable After Installing Database Vault Fails With ORA-1031 Note 436617.1 Database Vault Default Realms Can't Be Seen Within The Browser Note 465685.1 ORA-7445 Error Encountered When Running An ALTER USER Statement On a Database Vault Protected DB Note 470838.1 SYSDBA OS Authentication Works In A Database Vault Environment After Applying a Patch or Patchset Note 557381.1 DBMS_MACVPD Might Be Invalid After Upgrade To 10.2.0.4

14.3 Parameters, Events and Errors --------------------------------14.4 Bugs ---------

15) Audit Vault

15.1 How to and Documentation --------------------------------Oracle Audit Vault 10.2.2, 10.2.3, 10.2.3.1 Documentation

Note 564306.1 How To Check Connectivity And Wallet Credentials In A 10.2.2 Audit Vault Environment Note 437062.1 Mandatory Patches to be aplied on Oracle Audit Vault 10.2.2.0.0 Note 729280.1 Can OSAUD Collect SQL Text or Bind Variables? Note 753577.1 How To Change The Port of The Listener Configured for the AV Database ? @Note 437049.1 AUDIT VAULT How to Add an Oracle Database Source running Database Vault 15.2 Problems / solutions ------------------------Note 740657.1 ORA-1017 While Adding an Agent Using AVCA Note 566630.1 Error While Starting DBAUD Collector: Internal Collector MYDB.COM:DBAUD_Collector Error ( CSDK layer error ) Note 734309.1 DBAUD Collector For Oracle 9.2.0.8 Crashes As Soon As It Is Started Note 731081.1 Oracle Audit Vault 10.2.3.0.0 Installation fails intermittently in some environments Note 731593.1 Error ORA-01729 Encountered While Adding A REDO Collector Note 728888.1 The DBAUD Collector Cannot Be Started Note 734865.1 AVCA fails with "Unable to add Agent. Agent specified already exists" after dropping the same Agent, or previously adding the same Agent without success

Note 746503.1 While Provisioning The Audit Settings on The Source Database Huge Trace Files Get Created Note 747843.1 Audit Settings Provisioning fails with "Errors: settings has been failed in this provision." Note 748202.1 "Java.sql.SQLException: Exceeded maximum VARRAY limit" While Retrieving the Audit Settings From Source Note 751085.1 Errors While Installing Audit Vault Or While Applying An Audit Vault Patchset 15.3 Parameters, Events and Errors --------------------------------15.4 Bugs ---------

16) Data Encryption

These are the references to the database encryption features provided with the DBMS_OBFUSCATION_TOOLKIT and DBMS_CRYPTO supplied packages. For references relating to network encryption see the Networking Security and Authentication Knowledge Browser Page (Note 267607.1). 16.1 How to and Documentation ----------------------------Oracle9i Application Developer's Guide - Data Encryption Using DBMS_OBFUSCATION_TOOLKIT 10g PL/SQL Packages and Types Reference - DBMS_CRYPTO package

Note 445147.1 How To Generate A New Master Encryption Key for the TDE Note 317311.1 10g R2 New Feature TDE : Transparent Data Encryption Note 232000.1 Selective Data Encryption in Oracle RDBMS, Overview and References Note 225214.1 New IV Parameter to DES3Encrypt en DES3Decrypt Enhances Interoperability Note 338325.1 How DBMS_OBFUSCATION_TOOLKIT Interoperates With DBMS_CRYPTO Note 165465.1 Oracle Advanced Security Frequently Asked Questions Note 104410.1 How to Enable Encryption & Checksumming using JDBC Drivers Note 39612.1 Secure Network Services V1.0 Configuration Overview on OpenVMS Note 126079.1 Net8 overview and explanation (3) Note 228636.1 Meaning of "WHICH" Parameter in DES3Decrypt And DES3Encrypt Procedures Note 263616.1 Given two Different DES Encryption Keys, Encrypted Strings can Appear Identical Note 270919.1 Transferring Encrypted Data from one Database to Another Note 280801.1 How to Find the Oracle Java Cryptographic Extension (JCE) Provider Note 460293.1 How to Open the Encryption Wallet Automatically When the Database Starts. Note 416526.1 How to Avoid Performance Overhead Associated With Certificate Based TDE Encryption Note 389958.1 Using Transparent Data Encryption In An Oracle Dataguard Config Note 454980.1 Best Practices for having indexes on encrypted columns using TDE in 10gR2

16.2 Problems / Solutions ------------------------Note 415247.1 DBA_ENCRYPTED_COLUMNS Show Columns That Do Not Exist In The Table Note 391086.1 TDE - Trying To Open Wallet In Default Location Fails With Ora-28353 Note 459801.1 Getting Ora-28336 When Doing a DATAPUMP Export as User SYS with TDE Encrypted Tables Note 197040.1 dbms_obfuscation_toolkit.DESDecrypt Compatibility Problem Note 197892.1 ORA-28232 using DBMS_OBFUSCATION to Encrypt/Decrypt Note 133772.1 ORA-04068 Executing DBMS_OBFUSCATION_TOOLKIT Note 337980.1 ORA-00904 When Using DBMS_SQLHASH.GETHASH Note 394539.1 ORA-28353 - Cannot set the encryption key password for TDE

16.3 Parameters, Events and Errors ---------------------------------Note 173530.1 OERR: ORA-28232 invalid input length for obfuscation toolkit 16.4 Bugs --------16.5 Scripts -----------Note 102902.1 Encrypting Data using the DBMS_OBFUSCATION_TOOLKIT package Note 166884.1 How to use DBMS_OBFUSCATION_TOOLKIT.DES3Encrypt and DES3Decrypt procedures. Note 197400.1 Example code encrypting credit card numbers Note 118686.1 Example: Enable Encryption in a JDBC Program Note 123091.1 Wrapper for DBMS_OBFUSCATION_TOOLKIT, cope with 8-byte input limitation Note 244133.1 SCRIPT: Encrypting Binary Large Objects (BLOBS) with dbms_obfuscation_toolkit.

17) Security Server

17.1 How to and Documentation ----------------------------Note 1064547.6 Steps to make the Oracle Security Server Work on Windows NT Note 1031071.6 OVERVIEW OF ORACLE SECURITY SERVER Note 191137.1 Troubleshooting Enterprise User Security Note 166492.1 SSL Troubleshooting Guide Note 112490.1 Configuring NET8 TCP/IP via SSL Note 189260.1 How to Configure the Database with SSL Using a DN Certificate 17.2 Problems / solutions ------------------------Note 185157.1 OIDLDAPD Fails With Error 28759 When SSL is Defined Note 1070507.6 ORA-28759: GENERATING WALLET USING OSSLOGIN 17.3 Parameters, Events and Errors --------------------------------Note 50079.1 OERR ORA-28759 Failed to open file

Related Documents

All About Security
May 2020 1
All About Brands1
November 2019 32
All About Fractures
April 2020 21
All About Computers
June 2020 18

More Documents from "ENRICO SANORIA PALER, M.A."