Professional Documents
Culture Documents
• Securing data
– Audit
— Auditing all users to whom roles are granted directly using the BY USERS WITH
GRANTED ROLES clause in the AUDIT POLICY command
— Capturing VPD-generated predicates in Unified Audit Trail in the RLS_INFO column
– Privileges
— SYSRAC administrative system privilege
— INHERIT (ANY) REMOTE PRIVILEGES privileges
— Locking inactive database accounts with INACTIVE_ACCOUNT_TIME user resource
profile limit
– Enforcing profile password limits on administrative users:
— FAILED_LOGIN_ATTEMPTS
— PASSWORD_LOCK_TIME
— PASSWORD_VERIFY_FUNCTION
— PASSWORD_GRACE_TIME
— PASSWORD_LIFE_TIME
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. B-2
12.2.0.1 New Features
– Password file
— New format of the password file: 12.2 format including new information
— Determining the format of the password file with the new DESCRIBE clause in the orapwd
utility
— New authentication methods used, such as Oracle Internet Directory
— No ENTRIES parameter anymore because the 12.2 password file is auto-extensible
– Privilege Analysis
— Capturing privileges used by the Code Based Access Control (CBAC) and Secure
Application Roles (SAR) roles, and at PL/SQL compilation time
— Enabling a run of a capture over a period of time from a capture to its subsequent
disabling
— Comparing privilege usage through Privilege Analysis runs
— Detecting unused grants with Privilege Analysis by using the new DBA_UNUSED_GRANTS
view
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. B-3
12.2.0.1 New Features
– Redaction
— Creating and reusing data redaction formats from the format library
— Creating policy expressions with DBMS_REDACT.CREATE_POLICY_EXPRESSION
— Applying policy expressions on different columns to define different situations of redaction
with DBMS_REDACT.APPLY_POLICY_EXPR_TO_COL
— Redacting CLOB and NCLOB data type supported
– Encryption
— Encrypting, decrypting, and re-keying existing user-defined datafiles ONLINE
— Encrypting, decrypting, and re-keying existing user-defined tablespaces ONLINE
— Converting SYSTEM and SYSAUX tablespaces as encrypted only offline
— Configuring automatic user-defined tablespace encryption by using the
ENCRYPT_NEW_TABLESPACES initialization parameter
– Transparent Sensitive Data Encryption (TSDP)
— Protecting sensitive data in table columns by using Unified Auditing, Fine-Grained
Auditing (FGA), or Transparent Data Encryption (TDE) settings in TSDP policies
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. B-4
12.2.0.1 New Features
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. B-5
12.2.0.1 New Features
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. B-6
12.2.0.1 New Features
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. B-7
12.2.0.1 New Features
— Allowing impdp to use wildcard syntax for the leaf, file name portion of a data file
specification so that only each unique directory on the import platform needs to be
specified by using the REMAP_DIRECTORY parameter
— Allowing network import to load LONG columns by using the ACCESS_METHOD
parameter set to DIRECT_PATH or INSERT_AS_SELECT or AUTOMATIC that is now
compatible with the NETWORK_LINK parameter
— Allowing impdp to send compressed data over the network link by using DATA_OPTIONS
= ENABLE_NETWORK_COMPRESSION
– SQL*Loader enhancements
— Allowing SQL*Loader Express data file to contain multicharacter delimiters for:
— TERMINATED_BY
— ENCLOSED_BY
— OPTIONALLY_ENCLOSED_BY
— Allowing SQL*Loader to use the LLS clause in the control file to indicate that a field in the
data file is an LLS field
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. B-8
12.2.0.1 New Features
— Allowing SQL*Loader to use the SDF_PREFIX parameter value appended to the front of
the name for all LOBFILEs and secondary data files (SDFs) to be loaded from different
directories on different systems without hard-coding the complete file specification in the
data file
– External table enhancements
— Overriding the DEFAULT DIRECTORY, ACCESS PARAMETERS (DISCARDFILE,
BADFILE, and LOGFILE), LOCATION, and REJECT LIMIT clauses when querying an
external table
— Partitioning external tables using single level RANGE, LIST, INTERVAL, multi-column
LIST partitioning, and all combinations of RANGE, LIST, and INTERVAL as composite
partitioning
— Defining subpartitioning on external tables
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. B-9
12.2.0.1 New Features
• Partitioning data
– Auto-list partitioning
– Multicolumn list partitioning
– Disallowing DML operations on read-only partitions
– Enabling deferred segment creation for subpartitions of composite interval and
auto-list partitioned tables
– Filtering data during partition maintenance operations using the INCLUDING ROWS
WHERE clause of ALTER TABLE MOVE PARTITION or ALTER TABLE MERGE
PARTITIONS or ALTER TABLE SPLIT PARTITION
• Managing information lifecycle
– Heat map and ADO policies can be configured in CDB.