This index consists of a list of 

       -  Bulletins explaining the method used to perform specific tasks and
          related Documentation (Oracle Guides)
       -  Problem / Solutions
       -  Parameters & Events , Bugs
       -  Supplied Scripts

for each topic related to Security issues within the database: 
                --------------------------------------------------
       1.  Alerts 
       2.  System Privileges  
       3.  Object Privileges 
       4.  Users and Roles 
       5.  User and Tablespace Quotas 
       6.  Profiles and Resource Limits 
       7.  Password Management 
       8.  Connect Internal and Password Files 
       9.  O/S Authentication 
      10.  Auditing 
      11.  Event Triggers 
      12.  Fine Grained Access Control 
      13.  Oracle Label Security
      14.  Data Vault 
      15.  Security Server 
      16.  Data Encryption 
                --------------------------------------------------

*** 1) Alerts                                              
*** =========

    These articles provide a solution to correct or avoid an issue, and 
    highlight a specific condition, situation or event that requires awareness 
    by an Oracle customer or partner.

   Note 15527.1  ALERT: Creation Labels and Referential Integrity
    Note 50508.1  ALERT: "CONNECT INTERNAL" Syntax to be DeSupported 
    Note 76397.1  ALERT: Resource Limit CPU_PER_SESSION not working correctly in certain versions
    Note 148384.1 ALERT: Oracle Server Patchset 8.1.7.1 and Oracle Label Security 
    Note 163726.1 ALERT: Oracle Label Security Mandatory Security Patch 
    Note 124742.1 ALERT: Vulnerability in the Oracle Listener Program 
    Note 153289.1 ALERT: Oracle Redirect Denial of Service Vulnerability 
    Note 163727.1 ALERT: Oracle File Overwrite Security Vulnerability 
    Note 175429.1 ALERT: Oracle PL/SQL extproc in Oracle 9i, Oracle 8i and Oracle8 Database 
    Note 185074.1 ALERT: User Privileges Vulnerability in Oracle9i Database Server 
    Note 210317.1 ALERT: ALTER SESSION privilege can dump trace files with possibly sensitive data 
    Note 281188.1 SECURITY ALERT #68 - Oracle Security Update
    Note 282108.1 FAQ for Oracle Security Alert 68


*** 2) System Privileges 
*** ====================

    These articles and documentation explain what system privileges are useful
    for, how they should be used and handled, and how they are related to some
    init.ora parameters in various Oracle versions.

    2.1 How to and Documentation
    ----------------------------
    Note 131752.1  Security Check List: Steps to Make Your Database Secure 
                     from Attacks
    Note 109891.1  A User connected AS SYSOPER can only Perform STARTUP and 
                     SHUTDOWN
    Note 180019.1  Which System Privileges are required for a User to Perform 
                     Backup Operator Tasks 
    Note 153510.1  Use SELECT ANY DICTIONARY or SELECT_CATALOG_ROLE or 
                     O7_DICTIONARY_ACCESSIBILITY? 
    Note 204699.1  How to revoke ALTER SESSION Privilege                                            
    Note 234878.1  Usage and Risks Encountered with BECOME USER System 
                     Privilege                 
    Note 247093.1  Be Cautious when Revoking Privileges Granted to PUBLIC
    Note 266536.1 What are the SELECT ANY TRANSACTION  / FLASHBACK ANY TABLE 
                    Privileges ?
                      

    Oracle9i Concepts - Chapter
        - Privileges, Roles, and Security Policies 

    Oracle9i Database Administrator's Guide - Chapters
        - The Oracle Database Administrator
        - Managing Tables - External Tables
        - Establishing Security Policies
        - Managing User Privileges and Roles
        - Using the Database Resource Manager
        - Managing a Distributed Database

    Oracle9i Performance Tuning Guide and Reference
       Chapter - Understanding Indexes and Clusters - 
          Using Function-based Indexes 

    Oracle9i Reference         
    Oracle9i SQL Reference 

    2.2 Problems / solutions
    ------------------------
    Note 205297.1  ORA-1031 on TRUNCATE TABLE even if granted DELETE ANY TABLE
    Note 232513.1  ORA-01031 During CREATE DATABASE Statement
    Note 100714.1  ORA-01031 When Creating Unique Index Using a Function
    Note 265130.1  ORA-01031: ALTER TABLE AnotherSchema.Table MODIFY column
    Note 1005208.6 Cannot Create or Replace a Stored Object in Another Schema 
    Note 1049536.6 ORA-28009 upon sqlplus connect sys/<password>                                        
    Note 1074762.6 Revoking "CREATE DATABASE LINK" Privilege from User
    Note 112211.1  Privileges Required to Run SQL_TRACE
    Note 222860.1  ORA-00942 When Commit DML Transaction on a Base Table 
                     Belonging to a MV
    Note 240769.1  Grant CREATE SECURITY PROFILE Fails with IMP-00017, 
                     ORA-00990 during FULL Import
    Note 259816.1  ORA-990 Trying To Revoke RULE, QUEUE Or EVALUATION System 
                     Privileges
    Note 304139.1  You Have Insufficient Privileges To Run The Advisor
    Note 309809.1  ORA-1031 : CREATE DATABASE LINK Fails after ALTER SESSION 
                     SET CURRENT_SCHEMA


    2.3 Parameters, Events and Errors
    ---------------------------------
    Note 206795.1  What is 07_DICTIONARY_ACCESSIBILITY and how Should it be set?           
    Note 47316.1   PARAMETER: O7_DICTIONARY_ACCESSIBILITY
    Note 68625.1   PARAMETER: QUERY_REWRITE_INTEGRITY
    Note 68624.1   PARAMETER:QUERY_REWRITE_ENABLED
    
    Note 50010.1   OERR:  ORA-28009  connection to sys should be as sysdba or 
                     sysoper

    2.4 Bugs
    --------
    Bug 1875604    ABLE TO SELECT FROM SYS.OBJ$, BUT DESCRIBE THROWS ORA-4043 
    Bug 3123973    ORA-1031 WHEN CREATE VIEW IN SESSION SET AS ANOTHER 
                     CURRENT_SCHEMA

    2.5 Scripts
    -----------
    Note 18074.1   Script To Capture System Privilege Grants 
    Note 1020286.6 Script to Create View to Show All User Privs                                      
    Note 241997.1  Script to Create a Procedure to Show All User Privs and Roles

*** 3) Object Privileges 
*** ====================

    3.1 How to and Documentation
    ----------------------------
    Note 107843.1  Grant Object Privileges on Another Schema Object to Other 
                     Users as SYSTEM or SYS
    Note 162489.1  Invokers rights procedure executed by definers rights 
                     procedures
    Note 104355.1  How to GRANT privileges on another user's objects as DBA 
                     without GRANT option
    Note 156303.1  How to exclude a user from PUBLIC scope
    Note 174753.1  Grant Any Object Privilege On Any Object using the Same 
                     Connection
    Note 197611.1  How to avoid a user from dropping his own objects

    Oracle 8, 8i and 9i SQL Reference Manual
    Oracle 8, 8i and 9i Application Developer's Guide
    Oracle 8, 8i and 9i Database Administrator's Guide
    Oracle 8, 8i and 9i Concepts

    3.2 Problems / solutions
    ------------------------
    Note 168168.1  Getting ORA-942 or ORA-1031 and PLS-201 in PL/SQL, works 
                     in SQL*Plus
    Note 170973.1  Unable to Revoke Rights from Object Owner
    Note 121384.1  ORA-1927 While Revoking Object Privileges as the Object Owner
    Note 1004923.6 ORA-01031, ORA-02063 on insert via database link
    Note 1005146.6 ORA-942 Even Though User Has Been Granted Privileges on Object
    Note 1039161.6 Cannot grant execute privilege on dbms_pipe
    Note 1062335.6 ORA-942 when select from any v$view within stored PL/SQL 
                     procedure
    Note 94092.1   ORA-1031 Trying to Create PK/FK on Another User's Table
    Note 116540.1  Replacing an Existing View loses Granted Permissions on the
                     View
    Note 161011.1  Grant Execute on SYS.SYS_GROUP Fails with ORA-4042
    Note 120687.1  ORA-990 when trying to Grant Privileges to User
    Note 235325.1  ANALYZE 'SYS' Tables by Other Users is not Permitted in 
                     Oracle 9i
    Note 100076.1  ORA-942 or ORA-1031 Creating Views Based on Data Dictionary
                     Objects
    Note 159051.1  Describe of Remote Table over Public Database Link and  
                     Private Synonym Fails with ORA-4043
    Note 159674.1  Unable to select/update v$session in a Trigger
    Note 208234.1  ORA-1031 While Executing DBMS_SESSION Through Procedure
    Note 215331.1  How to Know if an User Has Grants to Execute a Function or      
                     a Procedure
    Note 228831.1  ORA-01720 When Granting Object Privileges on Own Table 
                     Using Object Types
    Note 159968.1  DBMS_SYSTEM.SET_SQL_TRACE_IN_SESSION Results in ORA-06550
                     and PLS-00201
    Note 160870.1  Intermedia Text Index not Being Rebuilt using Dbms_job (and
                     Drjobdml.sql)
    Note 238567.1  ORA-006564 When Creating View On External Table

    3.3 Parameters, Events and Errors
    ---------------------------------
   
    3.4 Bugs
    --------
    Bug 155762     GRANTS ASSIGNED TO ROLES ARE NOT BEING UTILIZED BY STORED 
                     PROCEDURES.
    Bug 668998     RECEIVE INCORRECT ERROR WHEN CREATING A VIEW WHEN GRANT 
                     SELECT BY A ROLE
    Bug 179841     REMOTE INSERT REQUIRES INSERT AND SELECT PRIVILEGES
    Bug 371507     GRANT ALL ON TABLE ALLOWS OTHER USER TO DROP PK, BUT NOT 
                     TO CREATE A NEW ONE
    Bug 522453     NEEDS OBJECT PRIVILEGE TO ADD PRIMARY KEY TO ANOTHER USERS 
                     TABLE
    Bug 371124     DROP PRIMARY KEY DOES NOT REQUIRE DROP ANY INDEX PRIVILEGE,
                     BUT CREATE DOES
    Bug 372734     MUST HAVE CREATE ANY INDEX PRIVILEGE TO ALTER TABLE ADD 
                     CONSTRAINT TO TABLE
    Bug 702389     PRIVS GRANTED ON COLS THROUGH A VIEW DOES NOT STAY WITH 
                     THOSE COLS WHEN VIEW CHANGES
    Bug 1364403    ORA-942 WITH THE COMBINATION OF AUTHID AND EXECUTE IMMEDIATE
    Bug 1190886    ORA-4042 CAN'T GRANT EXECUTE ON SYS.SYS_GROUP TO OTHER USER
                     BY SYS
    Bug 2948123    CREATE VIEW ON EXTERNAL TABLE ORA-6564
   Bug 609790     GRANT SELECT ANY TABLE TO SCOTT DOES NOT ALLOW SCOTT TO 
                    SELECT FROM SYS.DBA_*
   Bug 1022817    CREATE OR REPLACE VIEW IS NOT KEEPING GRANT INFORMATION
   Bug 950623     RECREATING A VIEW CAUSES GRANTS ON THAT VIEW TO BE LOST
   Bug 861232     ORA-942 IF VIEW IS CREATED ON TABLE WHERE PRIVS ARE GRANTED 
                    VIA ROLE
   Bug 2576564    DBMS_SYS_SQL.PARSE_AS_USER SECURITY HOLE


    3.5 Scripts
    -----------
    Note 1020176.6  SCRIPT: Script to Generate object privilege GRANTS
    Note 1050267.6  SCRIPT: Script to show table privileges for users and roles
    Note 138232.1   SCRIPT: How to grant select on dictionary tables only


*** 4) Users and Roles 
*** ==================

    4.1 How to and Documentation
    ----------------------------
    Note 13615.1   Roles and Privileges Administration and Restrictions
    Note 11740.1   Role Restrictions
    Note 317258.1  Predefined Roles Evolution from 8i to 10g R2: CONNECT role 
                     Change in 10gR2
    Note 234551.1  PUBLIC : Is it a User, a Role, a User Group, a Privilege ?
    Note 39333.1   Identifying PC Clients in V$SESSION
    Note 174138.1  How to Tranfer all Roles and Grants to Another Database
    Note 77666.1   WIN: Granting Database Roles
    Note 1011899.6 Roles and Creating Stored Objects / Views
    Note 1022776.6 How to Make Trace Files Created by Oracle Readable by All 
                     Users ?
    Note 1068753.6 How To Isolate aTable To Run Update Without Losing Granted 
                     Roles
    Note 1071358.6 What is the OUTLN User?
    Note 235690.1  How To Create A User With '.' (dot) In Name
    Note 1079975.6 Enabling, Disabling, and Granting Default Roles
    Note 112523.1  How to see which Roles are Active within a Session
    Note 106698.1  WINNT: Assigning External Operating System Roles to NT 
                     Global Groups
    Note 114673.1  RESOURCE Role in DBA_SYS_PRIVS does not Include UNLIMITED 
                     TABLESPACE Privilege
    Note 69483.1   Changing Role within Stored Procedures using 
                     dbms_session.set_role
    Note 160861.1  Oracle Created Database Users: Password, Usage and Files 
                     References
    Note 180028.1  Set up a Secure Access to Application Data within a 
                     Database: DBAs, Schemas and Users
    Note 203318.1  How to create a user and grant privileges in a single GRANT 
                     statement
    Note 207560.1  Can the 9i Sample Schemas Be Safely Removed?
    Note 124121.1  How to Disable a SQL*Plus Connection for a User
   Note 37760.1   Operating System Authentication of Roles on DEC UNIX
    Note 159757.1  How to Verify the Enabled Roles for a Session Within a
                     Trigger or PL/SQL Routine
    Note 1060417.6 ORACLE_8 ROLES, SELECT_CATALOG ROLE, EXECUTE_CATALOG_ROLE, 
                     DELETE_CATALOG_ROLE
    Note 260111.1  How to Interpret the ACCOUNT_STATUS Column in DBA_USERS 

    Oracle 8, 8i and 9i Database Administrator's Guide
    Oracle 8, 8i and 9i SQL Reference Manual
    Oracle 8, 8i nad 9i Database Concepts
    Oracle8i Migration Release 3 (8.1.7) (7-4 )
    Oracle9i Sample Schemas, Release 1 (9.0.1) or Release 2 (9.2)

    4.2 Problems / solutions
    ------------------------
    Note 151788.1  A Security Problem Exists with Password Protected Roles
    Note 1005485.6 ORA-1950 When Creating an Object and Resource Role is Granted
                     to the User
    Note 1066067.6 Roles could not be executed even after they were recreated
    Note 1075927.6 View ROLE_TAB_PRIVS returns zero rows
    Note 1084014.6 Revoking DBA or RESOURCE Privilege Revokes UNLIMITED 
                     TABLESPACE from the User
    Note 97583.1   JServerPermission Memory.GC Java exception when calling 
                     enableNewspace()
    Note 101078.1  VMS: Using DBLINKS When OPS$ Accounts and Password Files 
                     Accounts are Set Up
    Note 106140.1  AFTER LOGON Triggers Don't Allow DBMS_SESSION.SET_ROLE to
                     Keep Roles Enabled
    Note 111288.1  Create a New User, no Grants but the User can Connect
    Note 117872.1  Why ORA-01925 Occurs and How to Resolve It
    Note 121633.1  ORA-24347 with Select * from dba_role_privs OR Select * 
                     from user_role_privs
    Note 150418.1  ORA-28201 Not Enough Privileges to Enable Application Role
    Note 119752.1  ORA-942 V$Session V$Parameter C Starting SQL*Plus From 
                     Windows NT Client
    Note 169289.1  ORA-01031: insufficient privileges when altering user to 
                     identify externally
    Note 167421.1  ORA-18008 Creating Procedure, Trigger, Package or Function
    Note 197931.1  External role details not in ROLE_SYS_PRIVS

    The following notes particularly lists all articles that have as their topic
    the kind of errors you may encounter as a result of the fact that privileges
    granted trough a role are not in effect in stored procedures.
    
    PLS-00201

    Note 1018687.6 PLS-341 - WHEN RUNNING PLSQL PROCEDURE IN SQLPLUS
    Note 168168.1  Getting ORA-942 or ORA-1031 and PLS-201 in PL/SQL, works in
                     SQL*Plus
    Note 210377.1  Executing a Stored Procedure Fails with PLS-00201
    Note 113186.1  PLS-201 GRANTING PRIVILEGIES THRU A ROLE
    Note 1062535.6 Possible Reasons for Generating a PLS-201 Error
    Note 200415.1  PLS-00201: Identifier '%s' Must be Declared When Compiling
                     a Procedure
    Note 27287.1   OERR:  PLS-201  identifier '%s' must be declared

    ORA-01031

    Note 1048327.6 ORA-1031 WHILE EXECUTING A STORED PROCEDURE
    Note 1011393.6 0RA-01031 IN STORED PROCEDURE WHEN USING DBMS_SQL TO CREATE
                     A VIEW
    Note 11740.1   Role Restrictions
    Note 13615.1   Roles and Privileges Administration and Restrictions
    Note 1079983.6 ORA-01031 DDL on Materialized View With Enable Query 
                     Rewrite Option
    Note 1011211.6 ORA-01031 WHEN EXECUTING 'GRANT CREATE SESSION' STATEMENT
    Note 18622.1   OERR:  ORA 1031  "insufficient privileges"
    Note 1083534.6 ORA-01031 When Connecting to Target via Rman

    PLS-00904 

    Note 1014765.6 PLS-00904 WHEN COMPILING PL/SQL STORED PROCEDURE, FUNCTION,
                     OR DATABASE TRIGGER
    Note 27442.1   OERR:  PLS-904  insufficient privilege to access object %s

    ORA-00942

    Note 1062335.6 ORA-942 when select from any v$view within stored PL/SQL 
                     procedure
    Note 100076.1  ORA-942 or ORA-1031 Creating Views Based on Data Dictionary
                     Objects
    Note 1011899.6 Roles and Creating Stored Objects / Views

   
    4.3 Parameters, Events and Errors
    ---------------------------------
    Note 30797.1   PARAMETER: INIT.ORA: REMOTE_OS_AUTHENT 
    Note 30785.1   PARAMETER: INIT.ORA: OS_AUTHENT_PREFIX 
    Note 30796.1   PARAMETER: INIT.ORA: REMOTE_LOGIN_PASSWORDFILE  
 

    4.4 Bugs
    --------
    Bug 145295     NEED TO CHANGE OS ROLE SUFFIX CHARACTER
    Bug 168358     ENHANCEMENT:  ALLOW CREATE VIEW (DDL STATEMENTS) WITH 
                     PRIVILEGES THRU A ROLE
    Bug 172360     GRANTING RESOURCE ROLE TO ANOTHER ROLE PREVENTS USER FROM   
                     CREATING TABLES
    Bug 176997     ENH: ABILITY TO GRANT QUOTA ON TABLESPACES TO A ROLE
    Bug 186769     SELECTING FROM SESSION_ROLES WITHIN A STORED PROCEDURE 
                     DOESN'T GIVE ANYTHING
    Bug 222316     GRANTED ROLE DOESNT SHOW UP AS DEFAULT ROLE
    Bug 943648     ORA-3113 EXECUTING COMPLEX SQL STATEMENT
    Bug 178587     USER CAN CREATE MORE ROLES THAN MAX_ENABLED_ROLES FROM WITH
                     IN ONE SESSION
    Bug 641775     ENHANCEMENT REQUEST TO INCREASE THE MAX_ENABLED_ROLES FROM
                     148 TO 200 OR MORE
    Bug 1384922    WHEN USING SQLPLUS SELECT * FROM USER_ROLE_PRIVS GIVES 
                     ORA-2434
    Bug 1149002    ORA-24347 AND " NO ROWS SELECTED " IN SELECT JOIN  
                     AGGREGATE GROUP BY PARALLEL
    Bug 1618315    DOCUMENTATION SHOULD STATE THAT OUTLN USER SHOULD NOT BE 
                     DROPPED
   Bug 135786     INSERTING D.D. VIEWS INTO  TABLE USING CREATE PROCEDURE             
                    RETURNS NO ROWS
   Bug 555033     ROLE_TAB_PRIVS DOESN'T RETURN ANY ROW DESPITE EXISTING ROWS
   Bug 1107649    CONNECTING TO DATABASE USING SVRMGR AS SYS GIVES ORA-1925 
                    ERROR
   Bug 2775846    STARTING ORACLE POLICY MANAGER (OPM) THROUGH OMS FAILS

    4.5 Scripts
    -----------
    Note 18079.1   Script to Capture Role Grants
    Note 18080.1   Script to Create Roles
    Note 1019486.6 Script: Report Roles Granted to Users
    Note 1019508.6 Script to Show System and Object Privs for a User
    Note 1020086.6 SCRIPT: To Report Privileges Granted To a User
    Note 107182.1  SCRIPT: Generate ROLE Creation Script for 8.X.X
    Note 241997.1  SCRIPT: Create procedure to Show All User Privs and roles
    Note 98572.1   Script to create user OUTLN in 8i
    Note 240478.1  Script to create user OUTLN in 9i


*** 5) User and Tablespace Quotas 
*** ==============================

    5.1 How to and Documentation
    ----------------------------
    Note 180028.1  Set up a Secure Access to Application Data within a 
                     Database: DBAs, Schemas and Users    
    Note 1012307.6 Moving Tables Between Tablespaces Using EXPORT/IMPORT
    Note 158162.1  How To Move All Tables From One User To Another Tablespace
    Note 1037317.6 Moving the Replication Queue Tables (DEF$) Out of the System Tablespace  

    Oracle9i Database Concepts Release 2 
      Chapter - Controlling Database Access -
         User Tablespace Settings and Quotas

    Oracle9i Database Administrator's Guide
      Chapter - Managing Tablespaces -
         Assign Tablespace Quotas to Users

    Oracle9i SQL Reference - ALTER USER 


    5.2 Problems / solutions
    ------------------------
    Note 1012569.6 ORA-1536 On DML Or Running Tools, Applications                     
    Note 1026320.6 ORA-1536: When Inserting Into a Table                               
    Note 1039291.6 ORA-02187 Trying to Grant Quota Over 2Gig                      
    Note 1054952.6 ORA-01652: Trying to Set Quotas for Users on Temp Tablespace 
    Note 95554.1   ORA-01950 Even After Assigning 'Unlimited Quota' On 
                     Tablespace To User  
    Note 98056.1   ORA-1950 when trying to Move an Index to Another Tablespace           
    Note 108871.1  ORA-02187 when Granting a User Quota on a Tablespace

    Note 1005485.6 ORA-1950 When Creating an Object and Resource Role is 
                     Granted to the User 
    Note 91969.1   IMPORT FROMUSER/TOUSER Fails to Generate Tables With LOBs 
                     into TOUSER Tablespace 
    Note 91799.1   EXP: IMP-3, ORA-1950, IMP-17: During Import of Recreated 
                     Tablespace 

    Note 205722.1  Create New Ultra Search Instance Fails WKG-5000 ORA-1950 
    Note 137037.1 > RECEIVING WWV-08301/ORA-1950 WHEN CREATING TABLE IN WEBDB 
    Note 1062153.6 GL PROGRAM OPTIMIZER FAILED: APP-6077, APP-6083, ORA-1950 
                     NO PRIVILEGES ON TABLESPACE RGX 
    Note 210811.1  App-Fnd-01564 Ora-20000 Cannot Open Next Gl Period 
    Note 1058205.6 ORA-01950 AND ORA-06512 TRYING TO OPEN PERIOD 

               
   Note 138228.1  After a 'DROP TABLESPACE' statement, users still have quota      

    5.3 Parameters, Events and Errors
    ---------------------------------
    Note 18936.1 >  OERR: ORA 1536 space quota exceeded for tablespace "<name> " 
    Note 19238.1   OERR: ORA 1950 no privileges on tablespace "<name>" 
    Note 19425.1 >  OERR: ORA 2187 invalid quota specification 

    5.4 Bugs
    --------
    Bug 1270191    ORA-1950 ON ALLOCATE EXTENT - POSSIBLE DICTIONARY CORRUPTION 
   Bug 1828213    START_IAS_INST ERRORS WHEN TEMPLATE CONTAINS OWNER 

    5.5 Scripts
    -----------
    Note 1019712.6 SCRIPT: Show Tablespace Quota Used by User     


*** 6) Profiles and Resource Limits 
*** ================================

    6.1 How to and Documentation
    ----------------------------
    Note 1016552.102 How to use PROFILES to limit user resources                                            
    Note 157702.1    How to get the Values Assigned by Default to a Profile ?
    Note 160528.1    Profile Limits (Resource Parameter(s)) Are Not Enforced /
                       Do Not Work
    Note 157702.1    How to get the Values Assigned by Default to a Profile ?
    Note 95582.1     Tracing Oracle Applications Intermittent crashing or  
                       hanging forms sessions.           
    Note 197694.1    How To Avoid Forms To Open A New Session When It Reached
                       The Session Limit?            
    Note 209702.1    How To Limit The Access To The Database So That Only One 
                       User Per Schema Are Connected (One Concurrent User Per 
                       Schema)
                               
   Note 1060929.6   OEM/SECURITY MANAGER NOT ALLOW NON-DBA USER TO CREATE NEW
                      ACCOUNTS   

    Oracle9i Database Administrator's Guide
       Chapter - Managing Users and Resources -
           Managing Resources with Profiles 
           Viewing Information About Database Users and Profiles 

    Oracle9i Database Concepts Release 2 
       Chapter - Controlling Database Access -
           User Resource Limits and Profiles 

    6.2 Problems / solutions
    ------------------------
    Note 119295.1    What Happens to a Transaction When CONNECT_TIME is 
                       Exceeded? 
    Note 1005119.6   Any of the user profile limits are being ignored by  
                       Oracle7 Server
    Note 1061189.6   Profile on user IDLE_TIME set to 15 minutes 
    Note 1070071.6   Profile limits are not being recognized 
    Note 215417.1    More Time Than Specified Is Needed Before A User Becomes 
                       Disconnected 
    Note 120135.1    Connections to database being killed unexpectedly 
    Note 156116.1    User Can Open More Sessions than Limited 
    Note 1070501.6   Parallel Query processes die intermittently 
    Note 1020176.102 ORA-02392 when using CPU_PER_SESSION limit in profile 
    Note 1042778.6   ORA-02394 USING REPLICATION IN ORACLE8   
    Note 265095.1    Resource Limits for Passwords Work Even with 
                       RESOURCE_LIMIT = false
    Note 241621.1    ORA-02376 When ALTER PROFILE to Set the PASSWORD_VERIFY_FUNCTION


    6.3 Parameters, Events and Errors
    ---------------------------------
    Note 30800.1     Init.ora Parameter "RESOURCE_LIMIT" Reference Note

    Note 21158.1     EVENT: 10050 "sniper trace"

    Note 19563.1     OERR:  ORA 2390  exceeded COMPOSITE_LIMIT, logoff in 
                       progress
    Note 19564.1     OERR:  ORA 2391  exceeded simultaneous SESSIONS_PER_USER 
                       limit
    Note 19565.1     OERR:  ORA 2392  exceeded session limit on CPU usage, 
                       logging off
    Note 19566.1     OERR:  ORA 2393  exceeded call limit on CPU usage
    Note 19567.1     OERR:  ORA 2394  exceeded session limit on I/O usage, 
                       logging off
    Note 19568.1     OERR:  ORA 2395  exceeded call limit on I/O usage

    Note 19569.1     OERR:  ORA 2396  exceeded max Idle Time, please connect 
                       again
    Note 19570.1     OERR:  ORA 2397  exceeded PRIVATE_SGA Limit, logging off
    Note 19571.1     OERR:  ORA 2398  exceeded procedure space usage
    Note 19572.1     OERR:  ORA 2399  exceeded maximum connect time, logging off

    6.4 Bugs
    --------
    Bug 2653232      SPATIAL QUERIES DON'T PROGRESSIVELY RECORD RESOURCE (CPU)
                       USAGE
    Bug 2085332      SET OVER 5 HOURS TO CPU_PER_CALL, YOU GET ORA-2394, 
                       DON'T GET ORA-2393 
    Bug 2231683      UGA MEMORY LEAK WHEN USING OBJECT INHERITANCE IN PL/SQL
    Bug 1182131      ORA-2399 RUNNING JOB OR PROCEDURE WITH CURSOR & 
                       CONNECT_TIME<UNLIMITED
    Bug 2695242      ORA-22 AND ORA-600 [18260] WORKING WITH MTS (MICROSFT TX  
                       SERVER) AND XA
    Bug 2134498      ORA-2391 ON BOTH NODES OF A OPS-CLUSTER ALTHOUGH  
                       RESOURCE_LIMIT=FALSE
    Bug 2319471      ORA-2391 AND ORA-7445S IN PQ SLAVES, THEN ORA-7445 PMON                 
                       CRASH
    Bug 2117349      LOTS OF ORA-2391 ERRORS FILLING UP ALERT.LOG
   Bug 2249055      PCS IS GENERATING AN ERROR AND IS IN ACCESSIBLE
    Bug 777970       TEST VALIDITY OF AM4CICS THREAD CONNECTIONS BEFORE  
                       ASSIGNING THEM TO CICS TASKS
    Bug 1898254      JDBC THIN APPLICATION KEEPS CONNECTION WHEN IDLE_TIME 
                       PROFILE IS SET.

   Bug 1415889      QA- ORA-2399: EXCEEDED MAXIMUM CONNECT TIME, YOU ARE  
                      BEING LOGGED OFF
   Bug 2144827      ORA-2394 FROM JOB WHEN LOGICAL_READS_PER_SESSION=UNLIMITED
   Bug 903412       SESSIONS_PER_USER IGNORED WHEN EXECUTING ANOTHER USER'S 
                       PROCEDURES
   Bug 1939720      SESSION_PER_USER LIMITS PQ_SLAVES
   Bug 1690593      SET RESOURCE PROFILE LOGICAL_READS_PER_CALL TO UNLIMITED      
                       ON DOM1151
   Bug 754695       PROFILE'S LOGICAL_READS_PER_SESSION INCORRECTLY DISPLAYED
                       BY SECURITY MGR
   Bug 1431102      RECEIVED ORA-2395 WHEN RUNNING QUERIES
   Bug 2345709      PQ SLAVES GET EXCEPTION SIGNAL 11 SIGSEGV WHEN SHUTTING
                       DOWN AFTER ORA-2396
   Bug 3475924      FAILED_LOGIN_ATTEMPTS , PASSWORD_LOCK TIME IN EFFECT WHILE RESOURCE_LIMIT = FALSE
   Bug 3488430      DOCS ON PROFILE PASSWORD RESOURCES AND SYSTEM SETTING RESOURCE_LIMIT INCORRECT


    6.5 Scripts
    -----------
    Note 1019933.6   Script to list profile resources and limits                                            


*** 7) Password Management 
*** ======================

    7.1 How to and Documentation
    ----------------------------
    Note 114930.1    Oracle Password Management Policy  
    Note 228991.1    Behavior of PASSWORD_REUSE_MAX and PASSWORD_REUSE_TIME in 
                       9i / 8i
    Note 1051982.6   How to Change SYS and SYSTEM Passwords
    Note 271825.1    Is the password encrypted when I logon and related 
                       questions.
    Note 225529.1    How to LOCK the SYS PASSWORD using Password Management 
                       with Profiles
    Note 1016364.102 VMS: How to Change Oracle SYS and SYSTEM Passwords 
    Note 199582.1    How To Transfer Passwords Between Databases 
    Note 101458.1    How to change Oracle user password with PL/SQL procedure
    Note 242668.1    Use ALTER USER Command to Change Your Own Password Without 
                       the Privilege and Go Through the Password Verify Function
    Note 160443.1    How to Enable Password Expire Time ? 
    Note 1047958.6   Password uniformity over multiple instances 
    Note 1051962.101 Restoring a user's original password 
    Note 98481.1     How to Keep the Same Password when Expiry Time is Reached
                       and Change is Required 
    Note 124113.1    Implementing Punctuation in Passwords. 
    Note 118382.1    Can I Avoid Passwords from Appearing in the Process Table
                       on a UNIX Platform?
    Note 291195.1    Why Account Status Is Open When Expiry Date is Old Date 
                       in DBA_USERS
    Note 275232.1    DBA_USERS Shows ACCOUNT_STATUS is LOCKED Even After the 
                       PASSWORD_LOCK_TIME has Expired
    Note 279355.1    ORA-01017: Connect  as a User  Created  with IDENTIFIED 
                       BY VALUES Password

   Note 111145.1    Set password using hashed value 

    Oracle9i Database Administrator's Guide
       Chapter - Establishing Security Policies -
           Password Management Policy 

    Oracle9i Database Concepts Release 2 
       Chapter - Controlling Database Access -
           Authentication by the Oracle Database  

    7.2 Customer Updates
    --------------------
    Note 340009.1    Customer Update Regarding Published Sketch For So-Called  
                       Oracle Voyager Worm
    Note 340240.1    Customer Update Regarding "An Assessment of the Oracle 
                       Password Hashing Algorithm" by Joshua Wright and Carlos 
                       Cid

    7.3 Problems / solutions
    ------------------------
    Note 139676.1    ORA-28007  the password cannot be reused                                               
    Note 104235.1    EXP-00058 Error When Profiles Have 
                       PASSWORD_VERIFY_FUNCTION                            
    Note 1062905.6   EXP-00014, EXP-00008, ORA-02396, EXP-00008, ORA-01012, 
                       EXP-00000  EXPORTING TO TAPE   
    Note 124648.1    ORA-28003, ORA-20001, ORA-20002, ORA-20003, ORA-20004 
                       after running utlpwdmg.sql
    Note 301057.1    Changing SYS Password HANGS with ALTER USER Command
    Note 289898.1    User SYS Does Not Get ORA-28002 Nor ORA-28001 Even When 
                       PASSWORD_LIFE_TIME or PASSWORD_GRACE_TIME are Set
    Note 164834.1    Changing Password Using PASSWORD_VERIFY_FUNCTION Fails 
                       With ORA-28003
    Note 1038601.6   ORA-988 when Creating a User with a Password that Starts
                       with a Number
    Note 1012425.7   ORA-28001: Password expired, but not prompted for new 
                       password 
    Note 152647.1    After Changing Password: ORA-00988 
    Note 124648.1    ORA-28003, ORA-20001, ORA-20002, ORA-20003, ORA-20004  
                       after running utlpwdmg.sql 
    Note 162818.1    ORA-28002 On User Connection Immediately After 
                       PASSWORD_LIFE_TIME Changed 
    Note 132096.1    ORA-28003 Error When Use 'Password Complexity Verification' 
    Note 1079860.6   ORA-28011 Password Expiry Date is Reached But Reset to 
                       NULL 
    Note 1084150.6   ORA-7443: Function not Found When Using  
                       PASSWORD_VERIFY_FUNCTION in Profile 
    Note 139676.1    ORA-28007: the password cannot be reused 
    Note 113446.1    ORA-988 Error Using 'ALTER USER <username> PASSWORD 
                       EXPIRE' in SQL*Plus 8.1.6 
   Note 202987.1    SYS.LINK$ Shows all Database Link Password in Clear Text
                       (Unencrypted) 
    Note 119260.1    ORA-3113 or ORA-1041 when trying to change user password 
                       in database 
    Note 130639.1    ORA-1841 Error Connecting to Upgraded Database After Set 
                       PASSWORD_LIFE_TIME 
    Note 1018837.102 ORA-01801 On Select From USER$ Table 
    Note 1050807.6   ORA-01017: MANUGISTICS CREATED USERS OTHER THAN SYS 
                       CANNOT LOG INTO DATABASE 
    Note 1063068.6   Getting ORA-1005 when logging in to SQL*Plus 
    Note 242416.1    8.0.6 SQLPLUS CLIENT Echo's PASSWORD in LINUX
    Note 1038601.6   ORA-988 when Creating a User with a Password that Starts 
                       with a Number
    Note 265095.1    Resource limits for passwords work even with resource_limit = false


    7.4 Parameters, Events and Errors
    ---------------------------------
    Note 30800.1     Init.ora Parameter "RESOURCE_LIMIT" Reference Note

    Note 18579.1     OERR: ORA-988   missing or invalid password(s)
    Note 50001.1     OERR: ORA-28000 the account is locked 
    Note 50002.1     OERR: ORA-28001 the password has expired 
    Note 50003.1     OERR: ORA-28002 the password will expire within %s days 
    Note 50004.1     OERR: ORA-28003 password verification for the specified 
                       password failed 
    Note 50005.1     OERR: ORA-28004 invalid argument for function specified    
                       in PASSWORD_VERIFY_FUN 
    Note 50007.1     OERR: ORA-28006 conflicting values for parameters %s and % s 
    Note 50008.1     OERR: ORA-28007 the password cannot be reused 
    Note 50009.1     OERR: ORA-28008 invalid old password 
    Note 50011.1     OERR: ORA-28010 cannot expire external or global accounts 
    Note 173502.1    OERR: ORA-28011 the account will expire soon; change your
                       password now 
    Note 267401.1    Oracle Performance Monitor 10.1 causing NMUPM.EXE to Lock
                       System Account

    7.5 Bugs
    --------
    Bug 1231172      ORA-28003 WHEN CHANGING PASSWORD FOR A USER
    Bug 1620381      ORA-24315 RESULTS ON CONNECT REQUEST AFTER PASSWORD 
                       VERIFICATION FAILURE 
    Bug 2161716      PASSWORD GRACE PERIOD MESSAGE NOT WORKING IN 8.1.7.2
    Bug 1654141      USER ACCOUNTS IN GRACE PERIOD CANNOT PERFORM EXPORT, GET
                       EXP-56 ORA-28002 ERRORS
    Bug 1494651      OCILOGON DOES NOT CREATE A SESSION WHEN A PASSWORD IS IN  
                       GRACE TIME 
    Bug 1668134      PROTOCOL VIOLATION WHEN THIN DRIVER CONNECTING TO USER 
                       WITH EXPIRED PASSWORD.
    Bug 2269177      IAS: MOD_PLSQL AUTHENTICATION DENIED WHEN USER ACCOUNT IS
                       IN GRACE PERIOD

    Bug 2664495      OLEDB DOESNT PROPAGATE ORA-28002 PASSWORD WARNING
    Bug 2158625      FORMS 4.5 DOES NOT TRAP  ORA-28002 WARNING WHEN A PASSWORD IS DUE TO EXPIRE

   Bug 1313373      USER ACCOUNTS IN THE GRACE PERIOD CANNOT RUN SQL*LOADER
   Bug 759987       APPLICATIONS DO NOT GIVE THE USER THE OPPORTUNITY TO  
                      CHANGE EXPIRED PASSWORD
   Bug 2621271      BOTH NUMBER OF PASSWORDS AND NUMBER OF DAYS CANNOT BE SET
                      FOR A PROFILE
   Bug 2455068      COMBINED PASSWORD_REUSE_TIME  AND PASSWORD_REUSE_MAX 
                      DOESN'T WORK CORRECTLY
   Bug 947485       PASSWORD_REUSE_MAX AND PASSWORD_REUSE_TIME SHOULD NOT BE 
                      MUTUALLY EXCLUSIVE
   Bug 2255649      QA-SQLPLUS PASSWORD COMMAND IS NOT WORKING 
   Bug 2117306      INSUFFICIENT ERROR MESSAGE IF WRONG OLD PASSWORD IN 
                      "CHANGE PASSWORD" SCREEN
   Bug 3478119      NT10G-SH7 : SYSTEM USER ACCOUNT GET S LOCKED AFTER A FEW
                      PL/SQL TEST RUNS


    7.6 Scripts
    -----------
    Note 227010.1    Script to Check for Default Passwords Being Used for 
                       Common Usernames 
    Note 135878.1    Script to prevent a user from changing his password 
    Note 161671.1    Script to Identify Accounts with a Password Equal to 
                       their Username
    Note 1039295.6   Script to change a user's password temporarily 


*** 8) Connect Internal and Password Files 
*** =======================================

    These articles and documentation explain how to administer the administrative privileges,
    still loosely referred to as 'connect internal' and how to manage access with a password file.

    8.1 How to and Documentation
    ----------------------------
    Note 233223.1  Checklist for Resolving CONNECT AS SYSDBA (INTERNAL) Issues
    Note 242258.1  Why Can I Login AS SYSDBA With any Username and Password?
    Note 18089.1   UNIX: Connect INTERNAL / AS SYSBDA Privilege on Oracle 7/8    
    Note 50507.1   SYSDBA and SYSOPER Privileges in Oracle
    Note 1029539.6 UNIX: How to Set up the Oracle Password File
    Note 1058658.6 UNIX: Multiple databases sharing a password file
    Note 1016540.6 How to enable remote password with ORAPWD and Parallel Server
    Note 103964.1  How to Audit Connect Internal Using Oracle Server
    Note 212049.1  How To Add a New User to the Password File ?
    Note 43793.1   VIEW "V$PWFILE_USERS" Reference Note
    Note 225097.1  ORACLE_SID, TNS Alias,Password File and others Case 
                     Sensitiveness

    Oracle9i Database Administrator's Guide 
    Chapters - The Oracle Database Administrator -
             - Database Administrator Authentication -
             - Password File Administration -

    8.2 Problems / solutions
    ------------------------
    Note 69642.1   UNIX: Checklist for Resolving Connect AS SYSDBA Issues
    Note 185703.1  How to Avoid Common Flaws and Errors Using Passwordfile
                     (this note contains a lot of references that may not all be duplicated here)
    Note 114384.1  WIN: Checklist for Resolving CONNECT AS SYSDBA (INTERNAL)
                     Issues
    Note 68238.1   SCO: ORAPWD Utility Generates An Unusable Password File In
                     Oracle v7.3.4
    Note 118367.1  UNIX: ORA-1990 at Startup DB After Creating Password File 
                     with Wrong Case
    Note 147724.1  Granting SYSDBA Privileges Fails with ORA-01990; Quick Edit 
                     of Database from EM Console Fails with Database Currently 
                     in Unknown State
    Note 223002.1  UNIX:CONNECT INTERNAL Asks for Password in a Multiple 
                     Oracle Versions Environment
    Note 301072.1  Dbstart Fails With Ora-01031 When Called From User Root

    8.3 Parameters, Events and Errors
    ---------------------------------
    Note 30796.1   Init.ora Parameter "REMOTE_LOGIN_PASSWORDFILE" Reference Note
    Note 30797.1   INIT.ORA: REMOTE_OS_AUTHENT 
    Note 30785.1   INIT.ORA: OS_AUTHENT_PREFIX 
   
    Note 19276.1   OERR:  ORA 1990  error opening password file <name>
    Note 19277.1   OERR:  ORA 1991  invalid password file <name>
    Note 19278.1   OERR:  ORA 1992  error closing password file <name>
    Note 19279.1   OERR:  ORA 1993  error writing password file <name>
    Note 19280.1   OERR:  ORA 1994  GRANT failed: cannot add users to public 
                     password file
    Note 19281.1   OERR:  ORA 1995  error reading password file <name>
    Note 19282.1   OERR:  ORA 1996  GRANT failed: password file <name> is full

    8.4 Bugs
    --------
   Bug 1731731 UNEXPECTED ORA-1031 IN SQLPLUS CONNECTED AS SYSDBA AFTER AUTOTRACE SESSION
   Bug 2224184 SHUTDOWN AS 'SYS AS SYSDBA' FAILS WITH ORA-1031
    Bug 2688911 SQLPLUS DOES NOT CORRECTLY SUPPORT THE 'AS SYSDBA' FUNCTIONALITY IN 8.1.7

    Bug 425862  ORA-600 [1113] SELECTING FROM V$PWFILE_USERS IF MORE THAN 14 SYSDBA USERS

    8.5 Scripts
    -----------
    Note 67984.1 UNIX: Diagnostic C program for ORA-1031 from CONNECT 
                         INTERNAL / AS SYSDBA

*** 9) O/S Authentication 
*** =====================

    This section has references to documentation and notes about O/S authentication, a.k.a.
    external authentication, the authentication is delegated to the operating system which
    hence needs to be trustworthy. Please note the distinction between authenticating via
    the O/S with administrative privileges (see 8.) and as a normal (application) user.


    9.1 How to and Documentation
    ----------------------------
    Note 233223.1   Checklist for Resolving CONNECT AS SYSDBA (INTERNAL) Issues
    Note 242258.1   Why Can I Login AS SYSDBA With any Username and Password ?
    Note 18088.1    UNIX OS Authentication on Oracle Server
    Note 60634.1    WIN: Setup O/S Authentication
    Note 77665.1    WIN: OS Authentication - Connecting to Oracle Without a 
                           Password
    Note 122515.1   WIN: Setup O/S Authentication Using Oracle Administration
                           Assistant
    Note 272395.1   OS Authentication in 9i is Not Working as in 8i
    Note 91944.1    Native Authentication through Windows 2000
    Note 111252.1   How to use OPS$ user as FROMUSER/TOUSER Import or OWNER
                      Export parameter
    Note 101078.1   VMS Using DBLINKS When OPS$ Accounts and Password Files 
                      Accounts are Set Up

    Oracle9i Database Administrator's Guide - Chapters

    - The Oracle Database Administrator;
      - Establishing Security Policies; System Security Policy ; User Autentication,
      - Managing Users and Resources; User Authentication Methods; External Authentication

    9.2 Problems / solutions
    ------------------------
    Note 120329.1   ORA-3113 CONNECTING USING OS AUTHENTICATION
    Note 163243.1   ORA-28150/ORA-1005 from OPS$ user identified by password 
                      over dblink
    Note 99550.1    OCILogon Using OS Authentication Fails With ORA-01017
    Note 243083.1   ORA-01005: Connect Username AS SYSDBA Behaves Differently 
                      in 7.3.4, 8.1 and 9.2
   
    9.3 Parameters, Events and Errors
    ---------------------------------
    Note 30785.1  Init.ora Parameter "OS_AUTHENT_PREFIX" Reference Note
    Note 30797.1  Init.ora Parameter "REMOTE_OS_AUTHENT" Reference Note

    Note 19283.1  OERR:  ORA 1997  GRANT failed: user <name> is identified 
                    externally

    9.4 Bugs
    --------
    Bug 530697  CONNECT INTERNAL DOES NOT WORK FOR DOMAIN USERS IN LOCAL 
                  ORA_DBA GROUP
    Bug 370253  OS AUTHENTICATION FAILS WITH ORA-1017 FOR ROOT USER
    Bug 1632293 ORA-28150 SELECTING ACROSS DATABASE LINK WITH OS AUTHENTICATED USER
   Bug 2107837 LOGON FAIL WITH NTS AUTHENTICATION INCREASES ORACLE.EXE THREAD COUNT


*** 10) Auditing
*** ============

    10.1 How to and Documentation 
    ----------------------------- 
    Note 1020945.6  How to Setup Auditing
    Note 175292.1   Overview Auditing: Possibilities of Auditing, using 
                      Triggers and FGA 
    Note 174556.1   9i/9.2: Fine Grained Auditing
    Note 266896.1   10g: Fine Grained Auditing
    Note 278184.1   9i and 10g: Installing Oracle Label Security Automatically 
                      Moves AUD$ Table out from SYS into SYSTEM schema
    Note 175259.1   Using autonomous triggers to audit detailed information.     
    Note 209801.1   How to Disable Audit Action 103 to Avoid Unnecessary Rows 
                      in Table SYS.AUD$
    Note 158348.1   How to Find Results Back in Data Dictionary When Using  
                      AUDIT SYSTEM GRANT 
    Note 166301.1   How to Reorganize SYS.AUD$ Table
    Note 230845.1   How to Import SYS.AUD$ Table from 8i to 9i Database When 
                      SYS User is not Exported
    Note 222807.1   How To Audit GRANT ANY PRIVILEGE Or GRANT ANY ROLE 
    Note 239621.1   How to audit 'analyze index'
    Note 199419.1   How to Avoid Common Flaws and Errors Using Fine Grained 
                      Auditing
    Note 99786.1    How to Audit User Connection, Disconnection Date and Time 
    Note 73408.1    How to Truncate, Delete, or Purge Rows from the Audit Trail
                      Table SYS.AUD$  
    Note 1025832.6  How to audit data changes in tables using triggers 
    Note 103964.1   How to Audit Connect Internal Using Oracle Server
    Note 208855.1   What is Audit Action 103 ? 
    Note 282091.1   How to find Whether an OBJECT-level Audited by ACCESS 
                      Statement Succeeded or Failed
    Note 174340.1   Audit SYS user Operations
    Note 1025314.6  Descriptions of action code and privileges used in fields    
                      in SYS.AUD$ table
    Note 167293.1   Some examples about auditing and output of auditing 
    Note 45114.1    Auditing/Debugging DML with Database Trigger  
    Note 41800.1    Quick Reference to Auditing Information
    Note 293973.1   Find List Of All Possible Keywords In Audit Log Files
    Note 99137.1    Setting up, Interpreting Auditing Using Windows NT Event Viewer
    Note 1049048.6  Auditing with Oracle Parallel Server
    Note 72291.1    VMS  The AUDIT_TRAIL=OS Initialization Parameter on OpenVMS
    Note 221944.1   How to Audit a User Who is Trying to Break DB Username/Password
    Note 123128.1   How To Identify an RDBMS session using AUDSID
    Note 274697.1   LOGOFF and LOGOFF BY CLEANUP Do Not Have Any LOGON Records 
                      in DBA_AUDIT_TRAIL and Vice-Versa
    Note 277219.1   How to Retrieve the Whole Audited SQL Statement From 
                      DBA_FGA_AUDIT_TRAIL View ?


    10.2 Problems / solutions 
    ------------------------- 
    Note 334486.1   SYS.AUD$ Table Not Found Though Exists in SYS.OBJ$
    Note 1063941.6  LRM-00101: Unknown parameter name 'AUDIT_FILE_DEST' when  
                      config auditing on NT
    Note 74725.1    How often tables are accessed (AUDIT)  
    Note 166674.1   Auditing Does Not Supply A Full Name Of Triggers
    Note 72460.1    Moving AUD$ to another tablespace and adding triggers to     
                      AUD$  
    Note 1068714.6  How does the NOAUDIT option work
    Note 1019326.102 SES_ACTIONS in DBA_AUDIT_OBJECT
    Note 130146.1   Auditing DML (Insert, Update and Delete)
    Note 107842.1   Application Log is Full with Event ID 34 : Audit Trail: 
                      Connect Internal
    Note 106823.1   Unknown Users Comparing sys.aud$ and user_audit_session  
    Note 125378.1   ORA-2096 setting TRANSACTION_AUDITING dynamically
    Note 197598.1   Audit users with "DROP ANY TABLE" privilege: example 
                      client event trigger 
    Note 267389.1   AUDIT CREATE PROCEDURE Does not Audit "Create OR Replace 
                      Procedure" Statements
    Note 198468.1   SYS.AUD$ Filling up Fast When Auditing Failed Logon 
                      Attempts Because of DBSNMP. 
    Note 240766.1   ORA-00904 When Using RAWTOLAB Function on SYS.AUD$ Columns 
                      OBJ$LABEL and SES$LABEL
    Note 246665.1   ORA-22921 When Fine Grained Auditing with Multibyte 
                      Character Set in 9.2.0.3

    10.3 Parameters, Events and Errors 
    ----------------------------------
    Note 30690.1    Init.ora Parameter "AUDIT_TRAIL" Reference Note
    Note 39796.1    Init.ora Parameter "AUDIT_FILE_DEST" Reference Note 

    Note 72203.1    OERR ORA-16006 audit_trail destination incompatible with
                      database open mode    
    Note 19287.1    OERR ORA 2002  error while writing to audit trail                                
    Note 21073.1    OERR ORA-9925  "Unable to create audit trail
    Note 20985.1    OERR ORA-9822  Translation of audit file name failed.                
    Note 249438.1   10G: New Value DB_EXTENDED for the AUDIT_TRAIL init.ora 
                      Parameter


    10.4 Bugs 
    --------- 
    Bug 2916125     AUDITED_CURSORID ONLY AVAILABLE FOR REGULAR AUDITING
    Bug 2998476     SQL_TEXT COLUMN IN DBA_FGA_AUDIT_TRAIL VIEW IS GARBLED 
                      AFTER APPLYNG BUG#2973008
    Bug 2973008     FINE-GRAINED AUDITING FAILS WITH ORA-22921 USING 
                      MULTI-BYTE CHARACTER SET
    Bug 3684796     ORA-904 WHEN EXPLAINING GROUPING SETS QUERY WITH FINE 
                      GRAINED AUDITING

    10.5 Scripts 
    ------------ 
    Note 287436.1   SCRIPT: Generate AUDIT and NOAUDIT Statements for Current 
                      Audit Settings
    Note 1019377.6  Script to move SYS.AUD$ table out of SYSTEM tablespace    
    Note 1019552.6  Script to Show Audit Options/Audit Trail 
    Note 279169.1   Script: How To Store the Checksum of PL/SQL Code

*** 11) Event Triggers 
*** ==================

    11.1 How to and Documentation
    -----------------------------
    Note 175292.1   Overview Auditing: Possibilities of Auditing, using 
                      Triggers and FGA 
    Note 45114.1    Auditing/Debugging DML with Database Trigger 
    Note 281229.1   How to Restrict Access to the Database With Specific Tools 
                      (e.g. TOAD) or Applications
    Note 197598.1   Audit Users with "DROP ANY TABLE" Privilege: Example Client   
                      Event Trigger
    Note 301062.1   Audit User By Session From Unauthorized IP Address
    Note 175259.1   Using autonomous triggers to audit detailed information.
    Note 150212.1   Database Triggers do not Seem to Execute                                                         
    Note 163593.1   System Triggers Are Not Executed 
    Note 149948.1   IMPORTANT  Set "_SYSTEM_TRIG_ENABLED=FALSE" When Upgrading
                      / Downgrading / Applying Patch Sets
    Note 220491.1   How to Prevent Users From Log Into a Database Within 
                      Defined Periods
    Note 265012.1   ADMINISTER DATABASE TRIGGER Privilege Causes Logon Trigger 
                      to Skip Errors

    Note 70679.1    How to Audit Logon/Logoff Events with Triggers
    Note 105758.1   How to Automate Controlfile Backup at Database Startup                               
    Note 101627.1   How to Automate Pinning Objects in Shared Pool at Database
                      Startup  
    Note 234098.1   How to Forbid the Usage of ALTER TABLE Command on Tables 
                      Owned or Created by Users
    Note 159183.1   Database Startup Trigger fails with ORA-06564 when trying 
                      to Pin Package SYS.DIANA
    Note 271077.1   How to Prevent a User Granted the ALTER USER Privilege From
                      Changing SYS/SYSTEM password 

    Oracle9i Database Concepts
       Chapter - Triggers -
          Triggers on System Events and User Events 

    Oracle9i Application Developer's Guide - Fundamentals
       Chapter - Working With System Events -

    11.2 Problems / solutions
    -------------------------
    Note 106140.1   AFTER LOGON Triggers Don't Allow DBMS_SESSION.SET_ROLE to 
                      Keep Roles Enabled  
    Note 120712.1   Database or Logon Event Trigger becomes Invalid  Who can 
                      Connect? 

    11.3 Parameters, Events and Errors
    ----------------------------------
    Note 68636.1    Init.ora Parameter "_SYSTEM_TRIG_ENABLED"

    11.4 Bugs
    ---------
    Bug 2469532     ORA-29539, CANNOT INSTALL THE JVM AFTER REMOVING IT

    11.5 Scripts
    ------------


*** 12) Fine Grained Access Control 
*** ===============================

    These articles and documentations relate to FGAC, new 8i feature that allows
    a more granular level of security : row level.

    12.1 How to and Documentation
    -----------------------------
    Note 67977.1   Oracle8i Fine Grained Access Control - Worked Examples
    Note 281829.1  Evolution of Fine Grain Access Control FGAC Feature From 8i 
                     To 10g
    Note 250795.1  10g: Policy Enforced Only When the Relevant Column is 
                          Queried in Any Way
    Note 281970.1  10g: Enhancement on STATIC_POLICY with POLICY_TYPE Behaviors  
                          in DBMS_RLS.ADD_POLICY Procedure
    Note 315687.1  10g: What Is INDEX statement_type Used For In By DBMS_RLS 
                          Policies ?
    Note 119335.1  How To Solve the Problem of Circular Row Level Policies 
    Note 174799.1  How to Bypass Fine-Grained Security Enforcement 
    Note 69573.1   How to Determine Active Context (DBMS_SESSION.LIST_CONTEXT)
    Note 162914.1  How to Skip Tables when Exporting a User or an Entire Database 
    Note 99250.1   Understanding Fine-Grained Access Control (DBMS_RLS) 
                     on INSERT
    Note 174368.1  Policies on Synonyms
 
    Note 170177.1  Use of Fine grained access control from forms

    Note 155477.1  Parameter DIRECT: Conventional Path Export Versus Direct 
                     Path Export

    Note 187239.1  Execution plan may change when you use Fine Grained Access 
                     Control (FGAC)
    Note 250795.1  10G: Policy Enforced Only When the Relevant Column is 
                     Queried in Any Way
   Note 69408.1   Evaluate SELECT/DML statement on table with fine-grained 
                     access control policy 
   Note 125511.1  How to Generate Tracing when using Fine Grained Access 
                    Control (still UNDER_EDIT)

    Oracle9i Database Administrator's Guide - Chapter 
        - Establishing Security Policies

    Oracle9i Application Developer's Guide - Fundamentals - Chapter 
        - Implementing Application Security Policies 
                - Introduction to Application Context 
                - Introduction to Fine-Grained Access Control 

    Oracle9i Supplied PL/SQL Packages and Types Reference - Chapter 
        - DBMS_RLS

    12.2 Problems / solutions
    -------------------------
    Note 69401.1   How to resolve ORA-28110 or ORA-28112 on SELECT or DML 
    Note 100130.1  ORA-1031 when setting Attribute via DBMS_SESSION.SET_CONTEXT 
    Note 331862.1  ORA-28113 when a Policy
Predicate is Fetched from a Context    Note 113970.1  SELECT Statement Hangs when using Fine Grained Access Control 
    Note 168056.1  Select on Table With Policy Defined on it Fails With 
                     ORA-28110 
    Note 175658.1  RLS Policy Function Appears to Run in a New Session 
    Note 277606.1  How to Prevent EXP-00079 or EXP-00080 Warning (Data in 
                     Table xxx is Protected) During Export 
    Note 277606.1  How to Prevent EXP-00079 or EXP-00080 Warning (Data in 
                     Table xxx is Protected) During Export
    Note 130652.1  A policy does not work as defined, though UPDATE_CHECK is 
                     set to TRUE
    Note 117058.1  ORA-439 When Trying to Use DBMS_RLS
    Note 179379.1  Querying Against a Partitioned Table With FGAC Fails With 
                     ORA-01762 
    Note 158187.1  Create Materialized View Fails With ORA-30372   
    Note 172423.1  ORA-12015 when Creating Materialized View with Defined 
                     Fine Grain Access Control
    Note 153978.1  Oracle9i Export of Table with Row Level Security Aborts 
                     with ORA-1406 and EXP-0
    Note 219911.1  Fine Grained Access Control Feature Is Not Available In the
                     Oracle Server Standard Edition
    Note 250094.1  How to Know the Exact Cause of an ORA-28113 Error After 
                     Setting a FGAC Policy
    Note 278577.1  FGAC Policy Causes Ora-00903 When Using A Function With 
                     UNION Operator And PK On Function Tables
    Note 293301.1  ORA-14136 When Exchanging Partition With a Table That Has a
                     RLS Policy Enabled
    Note 291953.1  DBMS_OUTPUT.PUT_LINE displayed multiple times from Policy 
                     function In FGAC

    12.3 Parameters, Events and Errors
    ----------------------------------
   Note 94073.1  PARAMETER:SUBQUERY_PRUNING_ENABLED
   Note 21168.1  EVENT: 10060 "dump predicates in optimizer (kko)"
   Note 21161.1  EVENT: 10053 "dump optimizer stats (kke and kko)"
    Note 71836.1  OERR:ORA-30372  fine grain access policy conflicts with 
                    materialized view
    Note 71410.1  OERR:ORA-28116  insufficient privileges to do direct path 
                    access

    12.4 Bugs
    ---------
   Bug 1467270  EXP-79 WHEN EXPORTING PROTECTED TABLES?
    Bug 1517613  ORA-1762 USING PARTITIONS AND FINE GRAINED ACCESS CONTROL
    Bug 2539145  EXEMPT ACCESS POLICY PRIVILEGE NOT PROPERLY RECOGNIZED BY THE EXPORT UTILITY
    Bug 1802004  EXP-0: EXPORT TERMINATED UNSUCCESSFULLY 
    Bug 3771415  ORA-903 WHEN SELECT A TABLE WITH RLS POLICY AND FUNCTION WITH
                   UNION OPERATOR
   Bug 2156319  Vpd Performance Degradation After Upgrade From 8i To 9i
    Bug 3988219  Dbms_Output.Put_Line Fires Multiple Times From Policy 
                   Function In Fgac


*** 13) Oracle Label Security  
*** =========================

    Oracle Label Security enables application developers to add label-based 
    access control to Oracle9i applications. It mediates access to rows in 
    database tables based on a label contained in the row, and the label and 
    privileges associated with each user session. Oracle Label Security is 
    built on the virtual private database technology of Oracle9i Enterprise 
    Edition. 

    13.1 How to and Documentation
    -----------------------------
    Note 230980.1 Oracle Label Security - Concepts (Policies and Labels) and 
                                            Examples
    Note 171155.1 Install/Deinstall Oracle Label Security Data Dictionary in Oracle9i    
    Note 213684.1 Oracle Label Security Frequently Asked Questions                                     
    Note 213716.1 Oracle Label Security in a Replication Environment       
    Note 314077.1 Oracle Label Security : How to Separate Duties of Policies 
                    Administration
    Note 317319.1 10g R2 New Feature TDE (Transparent Data Encryption) Usage 
                    with OLS

    Oracle Label Security Administrator's Guide 

    13.2 Problems / solutions
    -------------------------
    Note 215886.1 Oracle Trusted Stored Procedure Label Not Used                               
    Note 144160.1 Unable to Find Oracle Policy Manager (Oracle Label 
                    Security Related Application)   
    Note 303751.1 Unable to Install OLS on 10.1.0.3              
    Note 233110.1 ORA-07445 [zllcini] or ORA-04045 in a Database with OLS Set 
                    to FALSE
    Note 250411.1 ORA-439 Oracle Label Security Option Not Enabled though 
                    Already Installed
    Note 303511.1 After Installing OLS, Create Policy Issues ORA-12447 and 
                    ORA-600  [KGHALO2]   

    Note 231777.1 ORA-12445 When Applying a Label Function on a Table 
                    Protected by an OLS Policy 
    Note 238599.1 ORA-12447 When Creating an Already Existing OLS Policy
    Note 278301.1 ORA-12414: Internal Lbac Error: Zllcfpo:Ocitypebyname and 
                    ORA-22303 at Database STARTUP
    Note 285429.1 sa_session.set_label generates ORA-12470
    Note 303791.1 Oracle Label Security And Foreign Key DEFERRABLE INITIALLY 
                    DEFERRED Issues Ora-28117
    Note 304137.1 ORA-12406 When Updating a Table With an OLS Policy Though 
                    Granted EXEMPT ACCESS POLICY Privilege


    13.3 Bugs
    ---------
    Bug 3870317  UNABLE TO INSTALL ADDITIONAL OPTIONS AFTER 10.1.0.3.0 
                   PATCHSET IS APPLIED
    Bug 2499257  ORA-28115 TO_DATA_LABEL WILL WORK ON ADMINISTRATOR CREATED 
                   DATA LABELS
    Bug 2367197  ORACLE SPATIAL INDEX CREATION AND QUERIES FAIL WHEN OLS IS APPLIED
   Bug 2101173  DROPPING AN OLS POLICY WITH AN ACTIVE TRANSACTION STOPS NEW 
                   LOGINS
   Bug 2149374  OLS IS NOT LINKED(ENABLED) IN SOLARIS SHIPHOME REL5.
   Bug 2014357  ERRORS INSTALLING PORTAL ON A DATABASE WITH OLS INSTALLED
   Bug 3942815  NOT ABLE TO INSTALL LABEL SECURITY AFTER INSTALLING 10.1.0.3
                   PATCHSET


*** 14) Data Vault
*** ==============

    14.1 How to and Documentation
    -----------------------------
 
    14.2 Problems / solutions
    -------------------------

    14.3 Parameters, Events and Errors
    ---------------------------------
 
    14.4 Bugs
    ---------

*** 15) Security Server 
*** ===================

    15.1 How to and Documentation
    -----------------------------
    Note 1064547.6 Steps to make the Oracle Security Server Work on Windows NT              
    Note 1031071.6 OVERVIEW OF ORACLE SECURITY SERVER 
    Note 191137.1  Troubleshooting Enterprise User Security                        
    Note 166492.1  SSL  Troubleshooting Guide                                      
    Note 112490.1  Configuring NET8 TCP/IP via SSL                                                   
    Note 189260.1  How to Configure the Database with SSL Using a DN 
                     Certificate
    
   Note 1070506.6 Problems configuring Oracle Security Server 
 
    15.2 Problems / solutions
    -------------------------
    Note 185157.1  OIDLDAPD Fails With Error 28759 When SSL is Defined             
    Note 1070507.6 ORA-28759: GENERATING WALLET USING OSSLOGIN

    15.3 Parameters, Events and Errors
    ---------------------------------
    Note 50079.1   OERR   ORA-28759  Failed to open file    
     
    15.4 Bugs
    ---------
   Bug 1375913   LISTENER DOESN'T FIND WALLET IN DEFAULT LOCATION


*** 16) Data Encryption 
*** ===================

    These are the references to the database encryption features provided with the 
    DBMS_OBFUSCATION_TOOLKIT supplied package, for references relating to network encryption
    please see the Networking - Security and Authentication Library Index Note 132857.1,
    topic: Encryption and Integrity.

    16.1 How to and Documentation
    -----------------------------
    Note 317311.1  10g R2 New Feature TDE : Transparent Data Encryption

    Note 232000.1  Selective Data Encryption in Oracle RDBMS, Overview and 
                     References
    Note 225214.1  New IV Parameter to DES3Encrypt en DES3Decrypt Enhances 
                     Interoperability
    Note 165465.1  Oracle Advanced Security Frequently Asked Questions      
    Note 132852.1  Enabling SSL Authentication  
    Note 172198.1  Advanced Security Option with Client Tools
    Note 104410.1  How to Enable Encryption & Checksumming using JDBC Drivers
    Note 39612.1   Secure Network Services V1.0 Configuration Overview on 
                     OpenVMS
    Note 126079.1  Net8 overview and explanation (3)
    Note 228636.1  Meaning of "WHICH" Parameter in DES3Decrypt And DES3Encrypt 
                     Procedures
    Note 263616.1  Given two Different DES Encryption Keys, Encrypted Strings 
                     can Appear Identical
    Note 270919.1  Transferring Encrypted Data from one Database to Another
    Note 280801.1  How to Find the Oracle Java Cryptographic Extension (JCE) 
                     Provider

    Oracle9i Application Developer's Guide - Fundamentals -
       Chapter - Data Encryption Using DBMS_OBFUSCATION_TOOLKIT -

    PL/SQL Packages and Types Reference 10g - DBMS_CRYPTO package -

    16.2 Problems / Solutions
    -------------------------
    Note 197040.1  dbms_obfuscation_toolkit.DESDecrypt Compatibility Problem
    Note 197892.1  ORA-28232 using DBMS_OBFUSCATION to Encrypt/Decrypt 
    Note 133772.1  ORA-04068 Executing DBMS_OBFUSCATION_TOOLKIT
    Note 337980.1  ORA-00904 When Using DBMS_SQLHASH.GETHASH

    16.3 Parameters, Events and Errors
    ----------------------------------
    Note 173530.1  OERR:  ORA-28232  invalid input length for obfuscation 
                     toolkit

    16.4 Bugs
    ---------
   Bug 1383106    DBMS_OBFUSCATION_TOOLKIT NOT INTEROPERABLE ACROSS PLATFORM
   Bug 2127974    Cannot decrypt cipher encrypted using 3DES

    16.5 Scripts
    ------------
    Note 102902.1  Encrypting Data using the DBMS_OBFUSCATION_TOOLKIT package
    Note 166884.1  How to use DBMS_OBFUSCATION_TOOLKIT.DES3Encrypt and DES3Decrypt procedures.
    Note 197400.1  Example code encrypting credit card numbers
    Note 118686.1  Example: Enable Encryption in a JDBC Program
    Note 123091.1  Wrapper for DBMS_OBFUSCATION_TOOLKIT, cope with 8-byte 
                     input limitation
    Note 244133.1  SCRIPT: Encrypting Binary Large Objects (BLOBS) with 
                     dbms_obfuscation_toolkit.

Related Document
----------------
Note 133406.1 Database Administration - Security and Roles Library Index