Databases Reference
In-Depth Information
Mandatory realms were introduced with Oracle Database 12
c
. Prior to this release,
realms only operated on general system privileges used for specific tables. If you elim‐
inated the use of SELECT on your PAYROLL table, that keyword would not be allowed
for users who gained access to the table through a privilege like SYSDBA. With a
mandatory realm, you can also block access for users who have been given that access
through direct
GRANT
operations.
The installation and management of Database Vault has also been made significantly
easier with Oracle Database 12
c
, allowing installation with just two commands.
All of the rule enforcement is audited as part of the Oracle Database Vault Option, which
provides the type of documentation required for complete compliance.
Figure 6-1
il‐
lustrates the various components of the Oracle Database Vault Option solution.
Figure 6-1. Oracle Database Vault Option components
Oracle Audit Vault Server
The Oracle Audit Vault Server was introduced in 2007 and collects data from audit files
in Oracle and in the underlying operating system. It consolidates this data in a secure
repository and provides out-of-the-box compliance reporting. Among the reports pro‐
vided are privileged user accesses, account management, data access, and failed login
attempts. Stored in an Oracle data warehouse schema, the data is easily accessible by
business intelligence tools such as Oracle's BI Publisher.
Because the Oracle Audit Vault Server monitors all incoming audit data, it can generate
alerts based on IT policies. For example, policies can be defined to trigger alerts for
