Oracle Accessibility Conformance Report

VPAT® Version 2.0 - October 2017

Name of Product:

Database Security Assessment Tool (DBSAT) 2.0.1

Product Description:

The Database Security Assessment Tool is used to collect security related metadata from customers' databases, analyze and provide summary and recommendations. The tool is divided into three pieces - Collector, Reporter and Discoverer. The first two pieces - Collector and Reporter - are used to generate a Security Assessment Report, while the third piece Discoverer is used to generate a Sensitive Data Assessment Report.

Date:

05-Jan-2018

Contact Information:

accessible_ww@oracle.com

Notes:

The Collector is the pl/sql script shipped with the tool to collect metadata and generates a text file in JSON format. The Reporter part is a Python script shipped with the tool to analyze the collected JSON format file, interpret and output them into Text, HTML and Excel formats. The Discoverer part is a JDBC program to look for sensitive columns based on column name patterns and column comment patterns, and outputs list of potential sensitive columns in HTML and CSV (Comma Separated Value) formats. All pieces of the tool can be run using command line.

The tool is shipped in a zip file. User needs to unzip the file on their computer. The Discoverer part could be customized using Configuration file and Sensitive Pattern file.

Evaluation Methods Used:

Oracle's policy is to design, develop and test both products and documentation to be accessible. The recommended styles of testing for accessibility include: (i) algorithmic automated tests, (ii) human judgement tests such as tool-assisted tests, visual inspection and manual operation, and (iii) testing with assistive technology by people with and without disabilities. Additional information about Oracle's accessibility program is available on http://www.oracle.com/us/corporate/accessibility/index.html

Accessibility Standards/Guidelines

This report covers the degree of conformance for the following accessibility standard/guideline:

Standard/GuidelineIncluded In Report
Web Content Accessibility Guidelines 2.0, at https://www.w3.org/TR/2008/REC-WCAG20-20081211/Level A - Yes
Level AA - Yes
Level AAA - No
Section 508 as published in 2017, at https://www.Section508.govYes

Terms

The terms used in the Conformance Level information are defined as follows:

Supports
The functionality of the product has at least one method that meets the criteria without known defects or meets with equivalent facilitation.
Supports with Exceptions
Some functionality of the product does not meet the criteria.
Does Not Support
Majority of functionality of the product does not meet the criteria.
Not Applicable
The criteria are not relevant to the product.

WCAG 2.0 Report

Table 1 also documents conformance with:

  • Section 508: Chapter 5 - 501.1 Scope, 504.2 Content Creation or Editing, and Chapter 6 - 602.3 Electronic Support Documentation

Note: When reporting on conformance with the WCAG 2.0 Success Criteria, they are scoped for full pages, complete processes, and accessibility-supported ways of using technology as documented in the WCAG 2.0 Conformance Requirements.

Table 1: WCAG Conformance Criteria

Criteria
Conformance Level
Remarks and Explanations
1.1.1 Non-text Content (Level A)Supports

The product (CLI) was tested for:

  • Images are not used
  • Inputs and controls (command line arguments, password prompt, etc) are text based

The product (HTML report) was tested for:

  • Non-text characters are not used.
  • No images are used in HTML format output files.
  • Titles for Tables are provided
  • The HTML output files are static and do not have dynamic content
  • CAPTCHAs are not used
1.2.1 Audio-only and Video-only (Prerecorded) (Level A)Not ApplicableThe product has no multimedia.
1.2.2 Captions (Prerecorded) (Level A)Not ApplicableThe product has no multimedia.
1.2.3 Audio Description or Media Alternative (Prerecorded) (Level A)Not ApplicableThe product has no multimedia.
1.2.4 Captions (Live) (Level AA)Not ApplicableThe product has no multimedia.
1.2.5 Audio Description (Prerecorded) (Level AA)Not ApplicableThe product has no multimedia.
1.3.1 Info and Relationships (Level A)Supports

The product (CLI) was tested for:

  • Headings follow standard text patterns for rendering headings
  • Lists follow standard text patterns for rendering lists
  • Paragraphs follow standard text patterns for rendering paragraphs

The product (HTML report) was tested for:

  • Headings are encoded with HTML heading tags
  • Table markup is used for marking up data tables, including row and column headers and table captions/summaries where appropriate
  • Data tables specify SUMMARY or CAPTION
  • Layout tables use appropriate markup
  • Style sheets are used only to change the layout and presentation on the screen
1.3.2 Meaningful Sequence(Level A)Supports

The product (CLI) was tested for:

  • The correct reading sequence is discernible when output is rendered to a file

The product (HTML report) was tested for:

  • The sequence of elements in the DOM matches a logical reading sequence
1.3.3 Sensory Characteristics(Level A)Not Applicable

The product was tested for:

  • Instructions provided do not refer to things solely based on their sensory characteristics such as shape, size, visual location, orientation, color, or sound.
1.4.1 Use of Color(Level A)Supports

The product was tested for:

  • Security Levels indicated by colors is also available in text form.
1.4.2 Audio Control(Level A)Not ApplicableThe product has no multimedia.
1.4.3 Contrast (Minimum) (Level AA)Supports

The product was tested for:

  • Text has a contrast ratio of at least 4.5:1
  • There are no images in DBSAT Reports
  • Logo and brand names are presented in text
1.4.4 Resize text(Level AA)Supports

The product was tested for:

  • Text can be resized up to 200% without loss of content or functionality
  • When rendered in a GUI-based terminal application that supports text rendering sizes up to 200% larger than normal
1.4.5 Images of Text(Level AA)Supports

The product was tested for:

  • Images of text are not used
2.1.1 Keyboard(Level A)Supports

The product (CLI) was tested for:

  • ability to perform functions from the keyboard only

The product (HTML report) was tested for:

  • The ability to use the product with OS keyboard aids: StickyKeys and FilterKeys (feature names may be different on different platforms)
2.1.2 No Keyboard Trap (Level A)Supports

The product was tested for:

  • Movement of focus through each control only using the keyboard, with no "keyboard trap" that prevents focus from moving away from any control
2.2.1 Timing Adjustable(Level A)Not Applicable

The product was tested for:

  • Time limits are not used
2.2.2 Pause, Stop, Hide (Level A)Not Applicable

The product was tested for:

  • There is no moving, blinking or scrolling content
2.3.1 Three Flashes or Below Threshold(Level A)Supports

The product was tested for:

  • No portion of the screen flickers or flashes with a frequency between 2 Hz and 55 Hz
2.4.1 Bypass Blocks(Level A)Supports

The product (HTML report) was tested for:

  • A ‘Skip to Main Content’ link is provided to skip repetitive navigation links at the top of the page.
  • Structure and hierarchy is marked up with Header elements outside of repetitive navigation links

The product (CLI) was tested for:

  • Oracle non-Web software products, including bundles and suites of software, do not behave as a set of software programs as the term is defined. Therefore this guideline is automatically met.
2.4.2 Page Titled(Level A)Supports

The product (HTML report) was tested for:

  • Pages have a meaningful title specified in the TITLE element

The product (CLI) was tested for:

  • The name of the software application is meaningful.
2.4.3 Focus Order(Level A)Supports

The product was tested for:

  • Logical movement through the focusable components using only the keyboard, in an order that follows a meaningful sequence
2.4.4 Link Purpose (In Context)(Level A)Supports

The product was tested for:

  • The text of links and their surrounding paragraph, list, table cell (with marked up table headers), is sufficient to describe their purpose.
2.4.5 Multiple Ways(Level AA)Not Applicable

The product (CLI) was tested for:

  • Collector, Reporter and Discoverer pieces behave as a set of software programs as the term is defined, as part of DBSAT Product CLI. Therefore this guideline is automatically met.

The product (HTML report) was tested for:

  • Each report is a single page and have no links to other pages.
2.4.6 Headings and Labels(Level AA)Supports

The product was tested for:

  • Headers describe the topic or purpose of the content below them
  • Labels describe the purpose of the associated field
2.4.7 Focus Visible(Level AA)Supports

The product was tested for:

  • Visual indication of the location of the focus
3.1.1 Language of Page(Level A)Supports

This application only runs in English, therefore it is expected that the user is also running their assistive technology in English, where applicable.

The product (HTML report) was tested for:

  • The HTML report page has set lang="en" attribute.
3.1.2 Language of Parts(Level AA)Supports

This application only runs in English, therefore it is expected that the user is also running their assistive technology in English, where applicable.

The product (HTML report) was tested for:

  • Use of lang="en" attribute

However, the product could be run against non-English language databases, and schema names, table names and column names could be in non-English.

3.2.1 On Focus(Level A)Supports

The product was tested for:

  • When an element receives focus, it does not result in a substantial change to the user interface of the software, an additional change of keyboard focus, or the spawning of a new window.
3.2.2 On Input(Level A)Supports

The product was tested for:

  • Changes in the value of user interface components does not result in change to the user interface of the software, an additional change of keyboard focus, or the spawning of a new window.
3.2.3 Consistent Navigation(Level AA)Supports

The product (HTML report) was tested for:

  • There are no navigational mechanisms that are repeated

The product (CLI) was tested for:

  • Oracle non-Web software products, including bundles and suites of software, do not behave as a set of software programs as the term is defined. Therefore this guideline is automatically met.
3.2.4 Consistent Identification(Level AA)Not Applicable

The product was tested for:

  • Images and controls are not used
3.3.1 Error Identification(Level A)Supports

The product was tested for:

  • When input errors are detected, they are described to the user in text, including identifying the item where the error occurred.
3.3.2 Labels or Instructions (Level A)Supports

The product was tested for:

  • Labels or instructions are provided when the product requires user input.
3.3.3 Error Suggestion (Level AA)Supports

The product was tested for:

  • Where suggestions for fixing an input error are known, they are provided to the user.
3.3.4 Error Prevention (Legal, Financial, Data)(Level AA)Supports

The product was tested for:

  • Reversible: The tool does not change content of the database and thus, there is nothing to reverse.
  • Checked: All user input data is checked and validated before the tool is run against the database. If there is an error in user input or the input is incomplete, the tool aborts with useful information for them to correct the input.
4.1.1 Parsing(Level A)Supports

The product (HTML report) was tested for:

  • Elements in HTML content have complete start and end tags, are properly nested, do not contain duplicate attributes, and have unique IDs
  • Pages validate to the HTML specification

The product (CLI) was tested for:

  • Markup languages aren't used to generate the user interface
4.1.2 Name, Role, Value (Level A)Not Applicable

The product (CLI) was tested for:

  • User interface components are not used

The HTML report is a static report does not support any custom controls.

back to top

2017 Section 508 Report

Chapter 3: Functional Performance Criteria (FPC)

Criteria
Conformance Level
Remarks and Explanations
302.1 Without VisionNot ApplicableThe product does not rely on equivalent functionality, and all aspects are addressed by the technical standards.
302.2 With Limited VisionNot ApplicableThe product does not rely on equivalent functionality, and all aspects are addressed by the technical standards.
302.3 Without Perception of ColorNot ApplicableThe product does not rely on equivalent functionality, and all aspects are addressed by the technical standards.
302.4 Without HearingNot ApplicableThe product does not rely on equivalent functionality, and all aspects are addressed by the technical standards.
302.5 With Limited HearingNot ApplicableThe product does not rely on equivalent functionality, and all aspects are addressed by the technical standards.
302.6 Without SpeechNot ApplicableThe product does not rely on equivalent functionality, and all aspects are addressed by the technical standards.
302.7 With Limited ManipulationNot ApplicableThe product does not rely on equivalent functionality, and all aspects are addressed by the technical standards.
302.8 With Limited Reach and StrengthNot ApplicableThe product does not rely on equivalent functionality, and all aspects are addressed by the technical standards.
302.9 With Limited Language, Cognitive, and Learning AbilitiesNot ApplicableThe product does not rely on equivalent functionality, and all aspects are addressed by the technical standards.

back to top

Chapter 4: Hardware

These criteria are all Not Applicable because the product is not Hardware

Chapter 5: Software

Criteria
Conformance Level
Remarks and Explanations
501.1 Scope - Incorporation of WCAG 2.0 AASupportsSee the responses in the WCAG 2.0 section of this report.
 502 Interoperability with Assistive TechnologyHeading cell - no response requiredHeading cell - no response required
502.2.1 User Control of Accessibility FeaturesNot ApplicableThe product is not a platform or does not have access to platform accessibility features.
502.2.2 No Disruption of Accessibility FeaturesSupports

DBSAT does not disrupt platform features.

 502.3 Accessibility ServicesHeading cell - no response requiredHeading cell - no response required
502.3.1 Object InformationNot ApplicableThe product is not a platform or does not have access to platform accessibility features.
502.3.2 Modification of Object InformationNot ApplicableThe product is not a platform or does not have access to platform accessibility features.
502.3.3 Row, Column, and HeadersNot ApplicableThe product is not a platform or does not have access to platform accessibility features.
502.3.4 ValuesNot ApplicableThe product is not a platform or does not have access to platform accessibility features.
502.3.5 Modification of ValuesNot ApplicableThe product is not a platform or does not have access to platform accessibility features.
502.3.6 Label RelationshipsNot ApplicableThe product is not a platform or does not have access to platform accessibility features.
502.3.7 Hierarchical RelationshipsNot ApplicableThe product is not a platform or does not have access to platform accessibility features.
502.3.8 TextNot ApplicableThe product is not a platform or does not have access to platform accessibility features.
502.3.9 Modification of TextNot ApplicableThe product is not a platform or does not have access to platform accessibility features.
502.3.10 List of ActionsNot ApplicableThe product is not a platform or does not have access to platform accessibility features.
502.3.11 Actions on ObjectsNot ApplicableThe product is not a platform or does not have access to platform accessibility features.
502.3.12 Focus CursorNot ApplicableThe product is not a platform or does not have access to platform accessibility features.
502.3.13 Modification of Focus CursorNot ApplicableThe product is not a platform or does not have access to platform accessibility features.
502.3.14 Event NotificationNot ApplicableThe product is not a platform or does not have access to platform accessibility features.
502.4 Platform Accessibility FeaturesNot ApplicableThe product is not a platform or does not have access to platform accessibility features.
 503 ApplicationsHeading cell - no response requiredHeading cell - no response required
503.2 User PreferencesSupports

The HTML format report files were tested for:

  • Responds to platform settings for color, contrast, font type, font size, and focus cursor
503.3 Alternative User InterfacesNot ApplicableThe product does not have assistive technology features.
 503.4 User Controls for Captions and Audio DescriptionHeading cell - no response requiredHeading cell - no response required
503.4.1 Caption ControlsNot ApplicableThe product has no multimedia.
503.4.2 Audio Description ControlsNot ApplicableThe product has no multimedia.
 504 Authoring ToolsHeading cell - no response requiredHeading cell - no response required
504.2 Content Creation or EditingNot ApplicableThe product is not an authoring tool.
504.2.1 Preservation of Information Provided for Accessibility in Format ConversionNot ApplicableThe product is not an authoring tool.
504.2.2 PDF ExportNot ApplicableThe product is not an authoring tool.
504.3 PromptsNot ApplicableThe product is not an authoring tool.
504.4 TemplatesNot ApplicableThe product is not an authoring tool.

back to top

Chapter 6: Support Documentation and Services

Criteria
Conformance Level
Remarks and Explanations
 602 Support DocumentationHeading cell - no response requiredHeading cell - no response required
602.2 Accessibility and Compatibility FeaturesSupports

DBSAT Documentation Accessibility is explained under Documentation Accessibility chapter for version 1.0.2.

Similarly, Documentation Accessibility chapter for version 2.0.1 is available at Documentation Accessibility chapter for version 2.0.1 (to be published).

602.3 Scope - Incorporation of WCAG 2.0 AASupportsSee the responses in the WCAG 2.0 section of this report.
602.4 Alternate Formats for Non-Electronic Support DocumentationSupports

Documentation for DBSAT are provided in Electronic format only.

 603 Support ServicesHeading cell - no response requiredHeading cell - no response required
603.2 Information on Accessibility and Compatibility FeaturesSupportsOracle Global Customer Support can provide information about accessibility features of the product.
603.3 Accommodation of Communication NeedsSupportsOracle customers have access to electronic support through My Oracle Support or by calling Oracle Support at 1.800.223.1711. Hearing-impaired customers in the U.S. who wish to speak to an Oracle Support representative may use a telecommunications relay service (TRS). Information about the TRS is available at http://www.fcc.gov/cgb/consumerfacts/trs.html, and a list of telephone numbers is available at https://www.fcc.gov/general/telecommunications-relay-services-directory. International hearing-impaired customers should use the TRS at +1.605.224.1837. An Oracle Support engineer will respond to technical issues according to the standard service request process.

back to top

Oracle Legal Disclaimer

The information above describes this product's ability to support the applicableStandards/Guidelines, subject to Oracle's interpretation of those standards(available at http://www.oracle.com/us/corporate/accessibility/oracle-accessibility-program-173235.html) and the remarks in this document. For more information regarding the accessibility status of this product or other Oracle products, see http://www.oracle.com/us/corporate/accessibility or contact: accessible_ww@oracle.com.

This document is provided for information purposes only and the contents hereof are subject to change without notice. Oracle Corporation does not warrant that this document is error free, nor does it provide any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. Oracle Corporation specifically disclaims any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. Oracle further makes no representation concerning the ability of assistive technologies or other products to interoperate with Oracle products. This document addresses the named product(s) only and not prerequisite products for which Oracle supplies restricted use licenses.