Use Oracle Database Vault to Manage Database User Privileges

Autonomous Database on Dedicated Exadata Infrastructure supports Oracle Database Vault, which you can use to implement powerful security controls within your database. These unique security controls restrict access to application data by privileged database users, reducing the risk of insider and outside threats and addressing common compliance requirements.

You can deploy controls to block privileged account access to application data and control sensitive operations inside the database. Trusted paths can be used to add additional security controls to authorized data access and database changes. Through the runtime analysis of privileges and roles, you can increase the security of existing applications by implementing least privileges and reducing the attack profile of your database accounts. Oracle Database Vault secures existing database environments transparently, eliminating costly and time consuming application changes.

Before using Oracle Database Vault, be sure to review What to Expect After You Enable Oracle Database Vault to gain an understanding of the impact of configuring and enabling Database Vault.

For detailed information on implementing Oracle Database Vault features, be sure to refer to Oracle Database Vault Administrator’s Guide.

Tip:

To try out the process of setting up Database Vault, you can go through the Lab 1: Protect Data with Database Vault in Oracle Autonomous Database Dedicated for Security Administrators Workshop.

Configure and Enable Oracle Database Vault

To configure and enable Enable Oracle Database Vault in your Autonomous Database, you create database users to act as the Database Vault owner and account manager, and then use these users when configuring and enabling Database Vault.

  1. Connect as the ADMIN user to your database.
  2. Create the Database Vault owner and account manager users; for example:
    create user dbv_owner identified by <password>;
    grant create session to dbv_owner;
    create user dbv_acctmgr identified by <password>;
    grant create session to dbv_acctmgr;
  3. Configure Database Vault, providing the owner and account manager user names in the command; for example:
    exec dvsys.configure_dv('dbv_owner','dbv_acctmgr');
  4. Connect as the Database Vault owner (dbv_owner in this example) to your database.
  5. Enable Database Vault:
    exec dbms_macadm.enable_dv;
  6. Restart (that is, stop and then start) your Autonomous Database on Dedicated Exadata Infrastructure deployment.