Radius-authenticated external user: RADIUS SSL-authenticated enterprise or external user: SSL Kerberos-authenticated enterprise or external user: KERBEROS
ORACLE DATABASE VAULT PASSWORD
Password-authenticated enterprise user, local database user, or SYSDBA/ SYSOPER using Password File proxy with user name using password: PASSWORD In the list that follows, the type of user is followed by the method returned: Returns the method of authentication in VARCHAR2 data type. Table 14-8 Installed Oracle Database Vault Factor Functions DVF Factor Function Table 14-8 describes the functions that are created during installation based on the default factors provided by Oracle Database Vault. For example, the following statements return the same result SELECT DVF.F$session_user FROM DUAL The name of the factor itself is case-insensitive. For example: SELECT DVF.F$SESSION_USER FROM DUAL To find the value of a factor function, select from the DUAL system table. Rule_expr => 'dvf.f$session_user not in (''JSMTIH'', ''TBROWN'')') Typically, you can incorporate these functions into rule expressions. This allows factors to be used in Oracle Label Security, Oracle Virtual Private Database (VPD), and so on. The functions are then available to the general database account population through PL/SQL functions and standard SQL. These functions are created and maintained as the Oracle Database Vault configuration API ( DVSYS.DBMS_MACADM) is called for managing the various factors. In addition to the functions and procedures made available from the DVSYS schema, the DVF schema contains a single function for each factor defined in the system. Table 14-1 lists the procedures and functions that are used to enable Oracle Database Vault processing with the DVSYS schema.ġ4.2 Oracle Database Vault PL/SQL Factor Functions All of these functions and procedures are publicly available for applications that need them. The procedures and functions expose only the minimum methods that are required. These procedures and functions are provided so that a database administrator does not grant EXECUTE privileges on all DVSYS package procedures to the general database account population. Additional procedures and functions are provided to set the value of a factor (assuming their associated rule sets evaluate to true), for example, from a Web application, to retrieve the trust level for a session or specific factor identity, and to get the label for a factor identity. There are also procedures and functions that expose the logic to validate a DDL command for realm violations and command authorizations. Oracle Database Vault provides a set of procedural interfaces to administer various Database Vault security options and manage Database Vault security enforcements.
14.1 Oracle Database Vault Run-Time PL/SQL Procedures and Functions
0 kommentar(er)
