Oracle Database Vault
Command Controls

Technical controls can prevent changes that could lead to an insecure database configuration, prevent configuration drift, reduce the possibility of audit findings, and improve compliance. Changes to database structures such as application tables and roles, privileged role grants, and ad hoc creation of new database accounts are just a few examples of configuration drift that can have serious consequences. To prevent these audit findings and to comply with regulations, customers need to put in place strong operational controls inside the database. Oracle Database Vault allows customers to prevent configuration drift by controlling the use of commands such as ALTER SYSTEM, ALTER USER, CREATE USER, DROP USER, etc.


Oracle Database Vault can be used to control SQL commands that can impact the security and availability of the application and the database. Oracle Database Vault Command Controls introduce an additional layer of rules and checks before any SQL command is executed including CONNECT to the database, DROP TABLE, TRUNCATE TABLE, and DROP TABLESPACE, to name a few. The Command Controls can be used to restrict access to databases to a specific subnet, application server, and program, creating a trusted path from the application to the database. Built-in factors such as IP address, host name, and session user name can be used to enforce SQL Command Controls inside the database. Oracle Label Security factors can also be used to control activity based on the security clearance of the database session. In addition, Oracle APEX applications’ native functions and factors can be used with Oracle Database Vault Command Controls to determine whether to allow access to specific DML or DDL statements.

Oracle Database Vault Customers

Rabobank International
(Podcast | Success Story)
Absa Group Ltd.
(Success Story | Press Release)
National Marrow Donor Program (OpenWorld 2011 Daily Newspaper)
ROSS Stores (Podcast)
More Database Security Customers

Security Features

Strong Authentication
Network Encryption
Real Application Security
Unified Auditing
Secure External Password Store
Virtual Private Database
Traditional Database Auditing
Proxy Authentication
Enterprise User Security
Secure Application Roles
Fine Grained Auditing

Technical Information

Overview Whitepaper
Oracle Database Vault Best Practices
DBA Administrative Best Practices with Oracle Database Vault
Flash Demo
Oracle Database Vault FAQ

Security Solutions

Oracle Database Vault
Oracle Advanced Security
Oracle Label Security
Oracle Audit Vault and Database Firewall
Data Masking

Discussion Forums

Oracle Audit Vault and Database Firewall