Oracle Database Real Application Security

Oracle Database Real Application Security is a database authorization model that: supports declarative security policies, enables end-to-end security for multitier applications, provides an integrated solution to secure database and application resources, and advances the security architecture of Oracle Database to meet existing and emerging demands of applications developed for the Internet.

See Introducing Oracle Database Real Application Security more information.

Real Application Security works the same on Autonomous Database as on an on-premises Oracle Database except you need to perform the following ADMIN tasks before using Real Application Security on Autonomous Database:

  • To create Real Application Security users/roles, you need the PROVISION system privilege. As the ADMIN user run the following command to grant this privilege to a database user:

    SQL> EXEC XS_ADMIN_CLOUD_UTIL.GRANT_SYSTEM_PRIVILEGE('PROVISION','DB_USER');

    In this example, DB_USER is a database user.

    Running this command on Autonomous Database replaces the following on-premise database command (note the _CLOUD_ is not in the following package name):

    SQL> EXEC SYS.XS_ADMIN_UTIL.GRANT_SYSTEM_PRIVILEGE('PROVISION', 'DB_USER', XS_ADMIN_UTIL.PTYPE_XS);

    See General Procedures for Creating Application User Accounts for more information.

  • To create Real Application Security data controls, you need the ADMIN_ANY_SEC_POLICY privilege. As the ADMIN user run the following command to grant this privilege:

    EXEC XS_ADMIN_CLOUD_UTIL.GRANT_SYSTEM_PRIVILEGE('ADMIN_ANY_SEC_POLICY','DB_USER');

    In this example, DB_USER is a database user.

    Running this command on Autonomous Database replaces the following on-premise database command (note the _CLOUD_ is not in the following package name):

    SQL> EXEC SYS.XS_ADMIN_UTIL.GRANT_SYSTEM_PRIVILEGE('ADMIN_ANY_SEC_POLICY','DB_USER');

    See Creating Roles and Application Users for more information.