Oracle Database Vault Public Views
Oracle Database Vault provides a set of DBA style views that can be accessed through the DV_SECANALYST role or the DV_ADMIN role. These views provide access to the various underlying Oracle Database Vault tables in the DVSYS and LBACSYS schemas without exposing the primary and foreign key columns that may be present. These views are intended for the database user to report on the state of the Oracle Database Vault configuration without having to perform the joins required to get the labels for codes that are stored in the core tables or from the related tables.
Table C–3 describes these views.
Oracle Database Vault Public Views
Table C–3 Oracle Database Vault Database Views
View Description
DBA_DV_CODE This view lists generic lookup codes for the user interface, error messages, constraint checking, and the like. These codes are used for the user interface, views, and for validating input in a translatable fashion.
Each record contains a code group column that categorizes the code, a natural key, and an optional label and
description. The following code groups are provided:
■ AUDIT_EVENTS: Contains the action numbers and action names that are used for the custom event audit trail records
■ BOOLEAN: A simple Yes/No or True/False lookup
■ DB_OBJECT_TYPE: The database object types that can be used for realm objects and command authorizations
■ DDL_CMDS: The DDL commands that can be protected through command rules
■ FACTOR_AUDIT: The auditing options for factor retrieval processing
■ FACTOR_EVALUATE: The evaluation options (by session or by access) for factor retrieval
■ FACTOR_FAIL: The options for propagating errors when a factor retrieval method fails
■ FACTOR_IDENTIFY: The options for determining how a factor identifier is resolved, for example, by method or by factors
■ FACTOR_LABEL: The options for determining how a factor identifier is labeled in the session establishment phase
■ LABEL_ALG: The algorithms that can be used to determine the maximum session label for a database session for each policy
■ OPERATORS: The Boolean operators that can be used for identity maps
■ REALM_AUDIT: The options for auditing realm access or realm violations
■ RULESET_AUDIT: The options for auditing rule set execution or rule set errors
■ RULESET_EVALUATE: The options for determining the success or failure of a rule set based on all associated rules being true or any associated rule being true
■ RULESET_EVENT: The options to invoke a custom event handler when a rule set evaluates to Succeeds or Fails
■ RULESET_FAIL: The options to determine the run-time visibility of a rule set failing
DBA_DV_COMMAND_RULE This view lists the command rules used in the current database instance.
DBA_DV_FACTOR This view lists the factors used for the current database instance.
Oracle Database Vault Public Views
DBA_DV_FACTOR_LINK This view shows the relationships of each factor whose identity is determined by the association of child factors.
The view contains one entry for each parent factor and child factor. You can use this view to resolve the relationships from the factor links to identity maps.
DBA_DV_FACTOR_TYPE This view lists the factor types, which are the categorization of the indicators (factors) that support the notion of
architecture and system components being the fundamental drivers for an access control security policy.
DBA_DV_IDENTITY This view lists the identities for each factor in the current database instance.
DBA_DV_IDENTITY_MAP This view lists the mappings for each factor identity in the current database instance. The view includes mapping factors that are identified by other factors to combinations of parent-child factor links. For each factor, the maps will be joined by the OR operation, and for different factors, the maps will be joined by the AND operation.
You can use this view to resolve the identity for factors that are identified by other factors (for example, a domain) or for factors that have continuous domains (for example, Age or Temperature).
DBA_DV_MAC_POLICY This view lists the Oracle Label Security policies defined in the current database instance.
See "How Oracle Database Vault Is Integrated with Oracle Label Security" on page 8-2 for more information.
DBA_DV_MAC_POLICY_FACTOR This view lists the factors that are associated with Oracle Label Security policies for the current database instance.
You can use this view to determine what factors contribute to the maximum session label for each policy using the algorithm from the DBA_DV_MAC_POLICY view.
DBA_DV_POLICY_LABEL This view lists the Oracle Label Security label for each factor identifier in the DBA_DV_IDENTITY view for each policy.
DBA_DV_PUB_PRIVS This view lists the Oracle Database Vault privilege management reports used in the Oracle Database Vault Administrator (DV_ADMIN).
DBA_DV_REALM This view lists the realms created for the current database instance.
DBA_DV_REALM_AUTH This view lists the authorization of a named database user account or database role (GRANTEE) to access realm objects in a particular realm..
DBA_DV_REALM_OBJECT This view lists the database schemas, or subsets of schemas with specific database objects contained therein, that are secured by the realms in the current database instance.
DBA_DV_ROLE This view lists the Oracle Database secure application roles used in privilege management in the current database instance.
DBA_DV_RULE This view lists the rules that have been defined in the current database instance.
To find the rule sets that use specific rules, use the DBA_DV_
RULE_SET_RULE view.
Table C–3 (Cont.) Oracle Database Vault Database Views
View Description
Oracle Database Vault Public Views
DBA_DV_RULE_SET This view lists the rules sets that have been created for the current database instance.
DBA_DV_RULE_SET_RULE This view lists rules that are associated with the rule sets used for the current database instance.
DBA_DV_USER_PRIVS This view lists the privileges for a database account excluding privileges granted through PUBLIC. DBA_DV_USER_PRIVS_ALL This view lists the privileges for a database account
including privileges granted through PUBLIC. Table C–3 (Cont.) Oracle Database Vault Database Views
View Description