Oracle Database Real Application Security
Oracle Database Real Application Security is a database authorization model that: supports declarative security policies, enables end-to-end security for multitier applications, provides an integrated solution to secure database and application resources, and advances the security architecture of Oracle Database to meet existing and emerging demands of applications developed for the Internet.
See Introducing Oracle Database Real Application Security more information.
Real Application Security works the same on Autonomous Database as on an on-premises Oracle Database except you need to perform the following ADMIN tasks before using Real Application Security on Autonomous Database:
-
To create Real Application Security users/roles, you need the
PROVISIONsystem privilege. As the ADMIN user run the following command to grant this privilege to a database user:SQL> EXEC XS_ADMIN_CLOUD_UTIL.GRANT_SYSTEM_PRIVILEGE('PROVISION','DB_USER');In this example,
DB_USERis a database user.Running this command on Autonomous Database replaces the following on-premise database command (note the
_CLOUD_is not in the following package name):SQL> EXEC SYS.XS_ADMIN_UTIL.GRANT_SYSTEM_PRIVILEGE('PROVISION', 'DB_USER', XS_ADMIN_UTIL.PTYPE_XS);See General Procedures for Creating Application User Accounts for more information.
-
To create Real Application Security data controls, you need the
ADMIN_ANY_SEC_POLICYprivilege. As the ADMIN user run the following command to grant this privilege:EXEC XS_ADMIN_CLOUD_UTIL.GRANT_SYSTEM_PRIVILEGE('ADMIN_ANY_SEC_POLICY','DB_USER');In this example,
DB_USERis a database user.Running this command on Autonomous Database replaces the following on-premise database command (note the
_CLOUD_is not in the following package name):SQL> EXEC SYS.XS_ADMIN_UTIL.GRANT_SYSTEM_PRIVILEGE('ADMIN_ANY_SEC_POLICY','DB_USER');See Creating Roles and Application Users for more information.
Parent topic: Notes for Users Migrating from Other Oracle Databases