components are as follows:
Realms. A realm is a protection zone inside the database where database schemas, objects, and roles can be secured. For example, you can secure a set of schemas, objects, and roles that are related to accounting, sales, or human resources. After you have secured these into a realm, you can use the realm to control the use of system and object privileges to specific accounts or roles. This enables you to provide fine-grained access controls for anyone who wants to use these schemas, objects, and roles Configuring Realms, discusses realms in detail. See also Oracle Database Vault Realm APIs.
Command rules. A command rule is a special security policy that you can create to control how users can run almost any SQL statement, including SELECT, ALTER SYSTEM, database definition language (DDL), and data manipulation language (DML) statements. Command rules use rule sets to determine whether the statement is allowed. Configuring Command Rules, discusses command rules in detail. See also Oracle Database Vault Command Rule APIs.
Rule sets. A rule set is a collection of one or more rules that you can associate with a realm authorization, command rule, factor assignment, or secure application role. The rule set evaluates to true or false based on the evaluation of each rule it contains and the evaluation type (All True or Any True). Rule sets can be associated with zero, one, or multiple realm authorizations, command rules, or secure application roles. Configuring Rule Sets, discusses rule sets in detail. See also Oracle Database Vault Rule Set APIs.
Rules. A rule is a PL/SQL expression that evaluates to true or false. You can use the same rule in multiple rule sets. For more information, see How Rule Sets Work.
Factors. A factor is a named variable or attribute, such as a user location, database IP address, or session user, which Oracle Database Vault can recognize and use as a trusted path. You can use factors in rules to control activities such as authorizing database accounts to connect to the database or the execution of a specific database command to restrict the visibility and manageability of data. Each factor can have one or more identities. An identity is the actual value of a factor. A factor can have several identities depending on the factor retrieval method or its identity mapping logic. Configuring Factors, discusses factors in detail. See also Oracle Database Vault Factor APIs.
Secure application roles. A secure application role is a special Oracle Database role that can be enabled based on the evaluation of an Oracle Database Vault rule set. Configuring Secure Application Roles for Oracle Database Vault, discusses secure application roles in detail. See also Oracle Database Vault Secure Application Role APIs.
