SECURITY ACCOUNTS AND LEVELS

The Oracle database provides security in the form of authentication, authorization, and auditing.
Authentication ensures that only legitimate users gain access to the system. Authorization
ensures that those users only have access to resources they are permitted to access.

To learn the fundamentals of securing an Oracle database, follow these steps:

1. Secure your Oracle Database installation and configuration.
2. Secure user accounts for your site.
3. Understand how privileges work.
4. Secure data as it travels across the network.
5. Control access to data.
Oracle Database 19c provides multi-layered security including controls to evaluate risks, prevent
unauthorized data disclosure, detect and report on database activities and enforce data access
controls in the database with data-driven security. Capabilities such as on-line and off-line
tablespace migration options provide flexibility while deploying encryption, while database
privilege analysis helps reduce an application's attack surface.
Using Oracle Linux with Oracle Ksplice zero-downtime updates, critical operating system bugs
and security vulnerabilities can be patched without incurring database outages, keeping your data
available and secure from any threats. Combined with Oracle Key Vault and Oracle Audit Vault
and Database Firewall, Oracle Database 19c provides unprecedented defense-in-depth
capabilities to help organizations address existing and emerging security and compliance
requirements.
Oracle Security Capabilities
 Advanced Security - including Transparent Data Encryption.
 Key Vault - Key Management for TDE.
 Database Auditing.
 Audit Vault and Database Firewall.
 Database Security Assessment Tool.
 Database Vault - Privileged User Controls.
 Label Security - Mandatory Access Control.

TYPES OF PERMISSIONS
Oracle database defines the following system privileges for object types:
 CREATE TYPE enables you to create object types in your own schema
 CREATE ANY TYPE enables you to create object types in any schema
 ALTER ANY TYPE enables you to alter object types in any schema
 DROP ANY TYPE enables you to drop named types in any schema
 EXECUTE ANY TYPE enables you to use and reference named types in any
schema
 UNDER ANY TYPE enables you to create subtypes under any non-final object
types
 UNDER ANY VIEW enables you to create sub-views under any object view

The following roles are helpful:

 The RESOURCE role includes the CREATE TYPE system privilege.

 The DBA role includes all of these privileges.

Schema Object Privileges

Two schema object privileges apply to object types:

 EXECUTE enables you to use the type to:

 Define a table.
 Define a column in a relational table.
 Declare a variable or parameter of the named type.
EXECUTE lets you invoke the methods of a type, including the constructor.
Method execution and the associated permissions are the same as for stored PL/SQL
procedures.
  UNDER enables you to create a subtype or subview under the type or view on which the
privilege is granted.
Only a grantor with the UNDER privilege WITH GRANT OPTION on the direct
supertype or superview can grant the UNDER privilege on a subtype or subview.

The phrase WITH HIERARCHY OPTION grants a specified object privilege on all subtypes of

the object. This option is meaningful only with the SELECT object privilege granted on an
object view in an object view hierarchy. In this case, the privilege applies to all subviews of the
view on which the privilege is granted.

Control user interface look and feel using the CPQ Configuration API

The Direct API Configuration feature lets you control user interface "look and feel" using
the Oracle CPQ Configuration API.

You can use the Direct API Configuration feature to control user interface "look and feel" using
the Oracle CPQ Configuration API. This ability lets you do things like the following:

 Apply a site-specific "Look and Feel" product customization to the user interface
experience.
 Apply site-specific user interface components for a custom user interface experience.
 Add a new UI component to the configuration flow.
 Remove tabs from the product customization user interface experience.
 Apply a product type specific set of user interface components to the configuration flow.

Before you can accomplish these tasks, you must first make sure that the API driven
configuration feature has been implemented (described in the previous topic). Also, it is assumed
that the Commerce and Oracle CPQ Integration has already been configured and enabled.

In the sections that follow, you are provided with details for using this feature to carry out these
customization tasks.

Apply a site-specific "Look and Feel" product customization to the user interface
experience

Consider this situation. Say a customer wants a new custom user interface look and feel for their
site. The customer's in-house design and brand management team have provided specifications
as to:

 Color Schemes
 Style Header and Footer
  Navigation
 Buttons, input fields, check boxes, Multi-select Lists, single select Lists, date pickers,
pick lists
 Component Sizes
 Component Styles
 Component Colors
 Component Fonts

SECURING A REPLICATED DATABASE

Defend against threats with machine learning
Automate database security, including critical patches. Save time and minimize human error.

Integrated solutions for better performance

Oracle Transparent Data Encryption and Oracle Database Vault operate directly from the
database kernel, meaning they’re faster and easier to maintain.

Mitigate risks from users, data, and configurations

Get security assessments, activity auditing, sensitive data discovery, and data masking with
Oracle Data Safe, a unified database security cloud service.

Automated, always-on, and architected-in security

Oracle Autonomous Database enhances security while reducing the risk of human error by
including features like always-on encryption, automated patching, and preconfigured separation
of duties.

Opportunity to Try Data Safe Cloud Security for Free

Oracle Data Safe is now available for securing databases running on-premises or in the cloud.
Data Safe is easy to deploy and simple to use and Oracle now offers a completely free tenancy
and 30-day trial for the innovative database security cloud service. Learn how to use Data Safe's
features, including security assessments, user risk assessments, sensitive data discovery, data
masking, and activity auditing through our LiveLabs program. Read the blog post to learn about
all the risk-free resources available for trying Data Safe.
 CREATING AND UPDATING PASSWORDS

Oracle - How do you change your Oracle database password?

Here are several methods for changing or resetting the password for an Oracle database. You will
need to know the existing password.

 Method 1: Using SQL*Plus (command line tool)

 Method 2: Using the TOAD GUI
 Method 3: Using the TOAD command line
 Method 4: Using SQL Developer