Index

A C D E G H I J K L M N O P R S T U V X

A

ad hoc tools
- Oracle Data Redaction 8.4.2
administrative access to policies, restricting 13.2
aggregate functions
- affect on Data Redaction policy optimization 12.4
ALTER SYSTEM statement
- how compares with ADMINISTER KEY MANAGEMENT statement 5.5
APEX_UTIL.GET_NUMERIC_SESSION_STATE function
- Oracle Data Redaction policies (NV public function) 10.5.6
APEX_UTIL.GET_SESSION_STATE function
- Oracle Data Redaction policies (V public function) 10.5.6
applications
- database applications and Oracle Data Redaction 8.4.1
- modifying to use Transparent Data Encryption 5.4
auto login keystores
- and Transparent Data Encryption (TDE) 4.2.5.4
Automatic Storage Management (ASM)
- moving software keystores from 4.1.8

C

CDBs
- cloning PDBs with encrypted data 6.5.7.2
- cloning PDBs wth encrypted data, about 6.5.7.1
- Data Redaction masking policies 12.8
- moving PDB from one CDB to another 6.5.4
- PDBs with encrypted data 6.5.6
- preserving keystore passwords in PDB move operations 6.5.4
- TDE operations in root 6.5.2
- TDE operations in root and PDBs 6.5.3
change data capture, synchronous 3.3.3
closing hardware keystores 4.1.11.1
closing software keystores 4.1.11.1
column encryption
- about 2.4.2
- changing algorithm 3.3.9
- changing encryption key 3.3.9
- creating encrypted table column with default algorithm 3.3.4.2
- creating encrypted table column with non-default algorithm 3.3.4.3
- creating index on encrypted column 3.3.6
- data loads from external file 5.7
- data types to encrypt 3.3.2
- existing tables
  - about 3.3.5.1
  - adding encrypted column to 3.3.5.2
  - disabling encryption 3.3.5.4
  - encrypting unencrypted column 3.3.5.3
- external tables 3.3.4.7
- incompatibilities 7.1
- limitations 7.1
- performance, optimum 7.2
- restrictions 3.3.3
- salt 3.3.7
- security considerations 5.2.2
- skipping integrity check 3.3.4.4
column sensitive type discovery
- enabling when creating a Data Redaction policy 11.5.2
compliance
- Transparent Data Encryption 2.2
compression of Transparent Data Encryption data 5.1
configuring software keystores
- creating local auto-login keystore 3.1.3.3

D

data at rest 2.1
database close operations
- keystores 5.8
database links
- with Oracle Data Redaction policies 12.3
database roles
- Data Redaction policies 10.5.4
databases
- about encrypting 3.4.1
- encrypting existing 3.4.7.1
- encrypting offline 3.4.7.2
- encrypting online 3.4.7.3
data deduplication of Transparent Data Encryption data 5.1
data redaction
- See: Oracle Data Redaction
Data Redaction supported functions 10.5.1
data storage
- Transparent Data Encryption 5.3.2
DDL statements
- Oracle Data Redaction policies 12.1
decryption
- tablespaces, offline 3.4.5.1, 3.4.5.3
- tablespaces, online 3.4.6.2
DML statements
- Oracle Data Redaction policies 12.1

E

editing custom formats 11.4.3
editing policies 11.5.3
Editions
- Transparent Data Encryption 6.7
encrypted columns
- data loads from external files 5.7
encryption 2.4.2
- See also: Transparent Data Encryption (TDE)
- cloning PDBs with encrypted data 6.5.7.2
- databases offline 3.4.7.2
- databases online 3.4.7.3
- encrypting future tablespaces 3.4.4.2
  - about 3.4.4.1
- existing databases 3.4.7.1
- procedure 3.4.4.2
- supported encryption algorithms 3.4.6.2
- tablespaces, offline 3.4.5.1
- tablespaces, online 3.4.6.2
encryption algorithms, supported 3.4.6.2
EXEMPT REDACTION POLICY privilege
- using with Database Vault 13.2
expressions 10.5.1
- LENGTH functions, character string 10.5.2.3
- namespace functions 10.5.2.1
- Oracle Application Express 10.5.2.4
- Oracle Label Security functions 10.5.2.5
- SUBSTR function 10.5.2.2
external credential store, password-based software keystores 3.1.2.3
external files
- loading data to tables with encrypted columns 5.7
external keystores 3.2.1
external store for passwords
- open and close operations in CDB 6.5.8
- operations in CDB environment 6.5.1
external tables, encrypting columns in
- ORACLE_DATPUMP 5.7
- ORACLE_LOADER 5.7

G

guidelines
- ad hoc query attacks and Data Redaction 13.1
- application context value handling by Data Redaction policies 13.1
- day-to-day operations and Data Redaction 13.1
- DDL statements and Data Redaction policies 13.1
- exhaustive SQL queries and inference and Data Redaction 13.1
- materialized views and Data Redaction 13.5
- recycle bin and Data Redaction 13.6
- SYS_CONTEXT values and Data Redaction 13.4

H

hardware keystores
- backing up 4.1.5
- closing 4.1.11.1
hardware security modules
- backing up keystores 4.1.5
- plugging PDBs 6.5.6.4
- unplugging PDBs 6.5.6.3

I

import/export utilities, original 3.3.3
indexes
- creating on encrypted column 3.3.6
index range scans 2.4.3
inline views
- Data Redaction policies order of redaction 12.2
- Data Redaction redaction 12.2
intruders
- ad hoc query attacks 13.1

J

JSON
- Oracle Data Redaction 12.14

K

keystores
- about 2.4.4.1
- architecture 2.4.2
- ASM-based 4.1.12
- auto login 4.2.5.4
- auto-login, open and close operations in CDBs 6.5.8
- backing up password-based software keystores
  - about 4.1.4.1
  - backup identifier rules 4.1.4.2
  - procedure 4.1.4.4
- changing hardware keystore password 4.1.3
- changing passwords for password-based software keystores 4.1.2.1
- closing hardware keystores 4.1.11.1
- closing in CDBs 6.5.8
- closing software keystores 4.1.11.1
- database close operations 5.8
- deleting 4.1.14
- external 3.2.1
- hardware keystore
  - configuration process 3.2
- master encryption key merge differing from import or export 4.2.6.10
- merging
  - about 4.1.6.1
  - auto-login into password-based 4.1.6.4
  - one into another existing keystore 4.1.6.3
  - reversing merge operation 4.1.6.5
  - two into a third new keystore 4.1.6.2
- migrating
  - creating master encryption key for hardware keystore-based encryption 4.1.9.1.3
  - hardware keystore to software keystore 4.1.9.2.1
  - keystore order after migration 4.1.9.3
  - password key into hardware keystore 4.1.9.1.2
- migration using Oracle Key Vault 4.1.10
- moving out of ASM 4.1.8
- moving software keystore to a new location 4.1.7
- opening hardware keystores 3.2.4
- opening in CDBs 6.5.8
- opening software keystores 3.1.4.1
- Oracle Database secrets
  - about 4.3.1
  - storing in hardware keystore 4.3.6
  - storing in software keystore 4.3.2
- password access 4.1.1
- password preservation in PDB move operations 6.5.4
- possible states of 3.1.4.1
- using auto-login hardware keystore 4.3.10.1
keystores, software
- configuration process 3.1

L

LENGTH functions, character string
- expressions 10.5.2.3

M

masking
- See: Oracle Data Redaction
master encryption key
- See: TDE master encryption key
materialized views
- Data Redaction guideline 13.5
- Transparent Data Encryption tablespace encryption 6.2
multitenant container databases
- See: CDBs

N

namespace functions
- expressions 10.5.2.1
nested functions
- Data Redaction policies order of redaction 12.2
NV public function (APEX_UTIL.GET_NUMERIC_SESSION_STATE function), Data Redaction policies 10.5.6

O

OLS_LABEL_DOMINATES public function
- Data Redaction policies 10.5.5
ONE_STEP_PLUGIN_FOR_PDB_WITH_TDE dynamic system parameter 6.5.4
opening hardware keystores 3.2.4
opening software keystores 3.1.4.1
ORA-00979
- not a GROUP BY expression error 13.1
ORA-28081
- Insufficient privileges - the command references a redacted object error 12.1
Oracle Application Express
- filtering using by session state in Data Redaction policies 10.5.6
Oracle Application Expression
- expressions 10.5.2.4
Oracle Call Interface
- Transparent Data Encryption 6.6
Oracle Database Real Application Security
- Data Redaction 12.10
Oracle Database Vault
- using with Data Redaction 13.2
Oracle Data Guard
- Transparent Data Encryption 6.2
Oracle Data Pump
- encrypted columns 6.1.2
- encrypted data 6.1.1
- encrypted data with dump sets 6.1.3
- exported data from Data Redaction policies 12.12.3
- exporting Oracle Data Redaction objects 12.12.2.1
- imported data from Data Redaction policies 12.12.4
- Oracle Data Redaction security policy 12.12.1
Oracle Data Redaction 9.4
- about 8.1
- ad hoc tools 8.4.2
- aggregate functions 12.4
- benefits 8.3
- CDBs 12.8
- columns with XML-generated data 12.6
- creating custom format 11.4.2
- database applications 8.4.1
- DBMS_REDACT.ADD_POLICY procedure
  - using 10.3
- DBMS_REDACT.ALTER_POLICY procedure
  - about 10.14.1
  - example 10.14.4
  - parameters required for various actions 10.14.3
  - syntax 10.14.2
- DBMS_REDACT.DISABLE_POLICY
  - about 10.16.1
  - example 10.16.1
  - syntax 10.16.1
- DBMS_REDACT.DROP_POLICY
  - about 10.17
  - examples 10.17
  - syntax 10.17
- DBMS_REDACT.ENABLE_POLICY
  - about 10.16.2
  - example 10.16.2
  - syntax 10.16.2
- DBMS_REDACT.UPDATE_FULL_REDACTION_VALUES procedure
  - about 10.7.2.1
  - syntax 10.7.2.2
  - using 10.7.2.3
- deleting policies 11.5.6
- editing custom format 11.4.3
- editions 12.7
- Enterprise Manager Cloud Control 11.4.1, 11.4.2, 11.4.3, 11.5.1
- Enterprise Manager Cloud Control, about 11.1
- Enterprise Manager Cloud Control workflow 11.2
- exporting data using Data Pump Export 12.12.3
- exporting objects using Data Pump 12.12.2.1
- full data redaction
  - about 9.1
  - creating policy for 10.7.1.1
  - examples 10.7.1.3
  - modifying default value 10.7.2.1
  - syntax 10.7.1.2
- functions used in expressions 10.5.2
- how differs from Oracle Database Real Application Security masking 12.10
- how differs from Oracle Virtual Private Database masking 12.9
- importing data using Data Pump Export 12.12.4
- inline views order of redaction 12.2
- JSON 12.14
- managing policies 11.5.1
- named policy expressions
  - about 9.8
- nested functions order of redaction 12.2
- no data redaction
  - about 9.7, 10.12.1
  - creating policies for 10.12.1
  - example 10.12.2
  - syntax 10.12.1
- Oracle Data Pump security policy 12.12.1
- Oracle Enterprise Manager Data Masking and Subsetting Pack 12.13
- partial data redaction
  - about 9.2
  - character types, policies for 10.9.4.1
  - data-time data types 10.9.6.1
  - example using character data type 10.9.4.2
  - example using data-time data type 10.9.6.2
  - example using fixed character format 10.9.3.2
  - example using number data type 10.9.5.2
  - formats, fixed character 10.9.3.1
  - number data types 10.9.5.1
  - syntax 10.9.2
- policy expressions
  - about 10.6.1
  - creating 10.6.2
  - dropping 10.6.4
  - tutorial 10.6.5
  - updating 10.6.3
- privileges for creating policies 10.2
- random data redaction
  - about 10.11.1
  - creating policies for 10.11.1
  - example 10.11.2
- randomized data redaction
  - about 9.5
- regular expression data redaction
  - creating policies for 10.10.1
  - custom, creating policies for 10.10.4
  - example 10.10.3.2
  - example of custom 10.10.4.2
  - formats 10.10.3.1
  - formats, creating policies for 10.10.3
  - settings for 10.10.4.1
  - syntax 10.10.2
- regular expression redaction
  - about 9.3
- returning null values
  - about 10.8.1
  - example 10.8.3
  - syntax 10.8.2
- SYS schema objects 13.3
- SYSTEM schema objects 13.3
- use cases 8.4
- when to use 8.2
- WHERE clause redaction 12.2
Oracle Data Redaction, database links 12.3
Oracle Data RedactionEnterprise Manager Cloud Control
- deleting custom format 11.4.5
Oracle Data Redaction formats
- creating in Cloud Control 11.4.2
- deleting in Cloud Control 11.4.5
- editing in Cloud Control 11.4.3
- Enterprise Management Cloud Control, managing in 11.4.1
- Enterprise Manager Cloud Control, sensitive column types 11.3
- Enterprise Manager Cloud Control, viewing in 11.4.4
Oracle Data Redaction partial redaction
- creating policies for 10.9, 10.9.1
Oracle Data Redaction policies 10.5.3
- about 10.1
- altering 10.14.1
- building reports 10.18
- creating
  - examples 10.7.1.4
  - general syntax 10.4
  - procedure 10.3
- creating in Cloud Control 11.5.2
- deleting in Cloud Control 11.5.6
- disabling 10.16.1
- disabling in Cloud Control 11.5.5
- dropping 10.17
- editing in Cloud Control 11.5.3
- enabling 10.16.2
- Enterprise Manager Cloud Control, viewing in 11.5.4
- exempting users from 10.13
- expressions
  - by Application Express session state 10.5.6
  - by database role 10.5.4
  - by OLS label dominance 10.5.5
  - by user environment 10.5.3
- filtering users
  - about 10.5.1
  - no filtering 10.5.7
- finding information about 10.19
- Oracle Enterprise Manager Cloud Control 11.5.6
- redacting multiple columns in one policy 10.15
Oracle Data Redaction policy expressions
- Cloud Control, about 11.6.1
- creating in Cloud Control 11.6.2
- deleting in Cloud Control 11.6.5
- editing in Cloud Control 11.6.3
- viewing in Cloud Control 11.6.4
Oracle Enterprise Manager Cloud Control 11.5.3
- creating custom formats 11.4.2
- creating policy expressions 11.6.2
- deleting policy expressions 11.6.5
- disabling policies 11.5.5
- editing policy expressions 11.6.3
- Oracle Data Redaction 11.4.2, 11.4.3, 11.5.5, 11.6.3, 11.6.1, 11.6.2, 11.6.4, 11.6.5
- Oracle Data Redaction, creating policies 11.5.2
- Oracle Data Redaction, viewing details of a policy 11.5.4
- Oracle Data Redaction formats, viewing in 11.4.4
- policy expressions, about 11.6.1
- viewing policy expressions 11.6.4
Oracle Enterprise Manager Data Masking and Subsetting Pack
- Oracle Data Redaction impact 12.13
Oracle GoldenGate
- storing secrets in Oracle keystores 4.4.1
Oracle Key Vault
- migration of keystores 4.1.10
Oracle Label Security
- functions using Data Redaction expressions 10.5.2.5
Oracle Real Application Clusters
- non-shared file systems to store TDE keystores 6.3.2
- Transparent Data Encryption 6.3.1
Oracle Recovery Manager
- Transparent Data Encryption 4.1.13
Oracle Securefiles
- Transparent Data Encryption 6.4, 6.4.1
Oracle Virtual Private Database (VPD)
- Data Redaction 12.9
orapki utility
- how compares with ADMINISTER KEY MANAGEMENT statement 5.5
original import/export utilities 3.3.3

P

passwords
- access to for ADMINISTER KEY MANAGEMENT operations 4.1.1
- preserving in PDB move operations 6.5.4
PDBs
- Data Redaction policies 12.8
- finding TDE keystore status for all PDBs 6.5.9
- master encryption keys
  - exporting 6.5.5.1
  - importing 6.5.5.1
- Transparent Data Encryption 6.5.1
performance
- Transparent Data Encryption 5.3.1
PKI encryption
- backup and recovery operations 5.6.3
- hardware keystores 5.6.2
- master encryption key 5.6.1
- tablespace encryption 5.6.2
pluggable databases
- See: PDBs
policy expressions, Oracle Data Redaction 10.6.1

R

recycle bin
- Data Redaction policies and 13.6
reports
- based Data Redaction policies 10.18
returning null values
- about 9.4
rotating
- master encryption key 4.2.5.4

S

salt
- removing 3.3.8
salt (TDE)
- adding 3.3.7
secrets
- storing Oracle Database secrets in keystore
  - about 4.3.1
  - storing in hardware keystore 4.3.6
  - storing in software keystore 4.3.2
SecureFiles
- Transparent Data Encryption 6.4, 6.4.1
software keystores
- password-based using external keystore 3.1.2.3
SUBSTR function
- expressions 10.5.2.2
synchronous change data capture 3.3.3
SYS_CONTEXT function
- Data Redaction policies 13.4
- SYS_SESSION_ROLES namespace used in Data Redaction 10.5.4
SYS_SESSION_ROLES SYS_CONTEXT namespace
- Data Redaction 10.5.4
SYSTEM user
- Data Redaction policies 13.3
SYS user
- Data Redaction policies 13.3

T

tablespace encryption
- about 2.4.3
- architecture 2.4.3
- creating encrypted tablespaces 3.4.3.3.2
- examples 3.4.3.3.3
- incompatibilities 7.1
- opening keystore 3.4.3.1.2
- performance, optimum 7.2
- performance overhead 5.3.1
- procedure 3.4.3.1.1
- restrictions 3.4.2
- security considerations for plaintext fragments 5.2.3
- setting tablespace key 3.4.3.2
- storage overhead 5.3.2
tablespace master encryption key
- setting 3.4.3.2
tablespaces
- about encrypting 3.4.1
- comparison between offline and online conversions 3.4.1
- rotating encryption algorithm 4.2.5.5
tablespaces, offline decryption
- procedure 3.4.5.3
tablespaces, offline encryption
- about 3.4.5.1
- procedure 3.4.5.2
tablespaces, online encryption
- about 3.4.6.2
- decrypting 3.4.6.4
- finishing interrupted job 3.4.6.5
- procedure 3.4.6.1
- rekeying 3.4.6.3
TDE
- See: Transparent Data Encryption (TDE)
TDE master encryption keys
- activating
  - about 4.2.2.1
  - example 4.2.2.3
  - procedure 4.2.2.2
- architecture 2.4.2
- attributes 4.2.3.1
- creating for later use
  - about 4.2.1.1
  - examples 4.2.1.3
  - procedure 4.2.1.2
- custom attribute tags
  - about 4.2.4.1
  - creating 4.2.4.2
- disabling not allowed 4.2.5.1
- exporting 4.2.6.2
- exporting in PDBs 6.5.5.1
- finding currently used key 4.2.3.2
- importing 4.2.6.7
- importing in PDBs 6.5.5.1
- keystore merge differing from import or export 4.2.6.10
- resetting in keystore 4.2.5.3
- rotating 4.2.5.4
- setting in keystore 4.2.5.1
Transparent Data Encryption (TDE)
- about 2.1
- benefits 2.2
- CDBs
  - operations in root or PDBs 6.5.3
- column encryption
  - about 2.4.2, 3.3.1
  - adding encrypting column to existing table 3.3.5.2
  - changing algorithm 3.3.9
  - changing encryption key 3.3.9
  - creating encrypted column in external table 3.3.4.7
  - creating index on encrypted column 3.3.6
  - creating tables with default encryption algorithm 3.3.4.2
  - creating tables with non-default encryption algorithm 3.3.4.3
  - data types supported 3.3.2
  - disabling encryption in existing column 3.3.5.4
  - encrypting columns in existing tables 3.3.5.1
  - encrypting existing column 3.3.5.3
  - encryption and integrity algorithms 2.4.5
  - restrictions 3.3.3
  - salt in encrypted columns 3.3.7
- columns with identity columns 3.3.3
- compatibility with application software 7.1
- compatibility with Oracle Database tools 7.1
- compression of encrypted data 5.1
- configuring hardware keystores
  - about 3.2.1
  - configuration step 3.2.3
  - opening 3.2.4
  - PKCS#11 library 3.2.3
  - reconfiguring software keystore 3.2.5.3
  - setting master encryption key 3.2.5.1
  - sqlnet.ora configuration 3.2.2
- configuring software keystores
  - about 3.1.1
  - creating auto-login keystore 3.1.3.3
  - creating password-based keystore 3.1.3.2
  - opening keystores 3.1.4.1
  - setting software master encryption key 3.1.5
  - sqlnet.ora file configuration 3.1.2
- data deduplication of encrypted data 5.1
- editions 6.7
- encryption and integrity algorithms 2.4.5
- finding information about 3.5
- frequently asked questions 7
- incompatibilities 7.1
- keystore management
  - ASM-based keystore 4.1.12
  - backing up password-based software keystores 4.1.4.1
  - changing hardware keystore password 4.1.3
  - changing password-based software keystore password 4.1.2.1
  - closing hardware keystores 4.1.11.1
  - closing software keystore 4.1.11.1
  - master encryption key attributes 4.2.3.1
  - merging keystores, about 4.1.6.1
  - merging keystores, auto-login into password-based 4.1.6.4
  - merging keystores, one into an existing 4.1.6.3
  - merging keystores, reversing merge operation 4.1.6.5
  - merging keystores, two into a third new keystore 4.1.6.2
  - migrating password key and hardware keystore, master encryption key creation 4.1.9.1.3
  - migrating password key and hardware keystore, reverse migration 4.1.9.2.1
  - migrating password key and hardware keystore, sqlnet.ora configuration 4.1.9.1.2
- keystores
  - about 2.4.4.1
  - benefits 2.4.4.2
  - types 2.4.4.3
- master encryption key
  - rotating 4.2.5.4
- master encryption key attributes
  - about 4.2.4.1
  - creating custom tags 4.2.4.2
- master encryption keys
  - exporting and importing 4.2.6.1
  - resetting in keystore 4.2.5.3
  - setting in keystore, about 4.2.5.1
  - setting in keystore procedure 4.2.5.1
- modifying applications for use with 5.4
- multidatabase environments 6.8
- Oracle Call Interface 6.6
- Oracle Data Guard 6.2
- Oracle Data Pump
  - export and import operations on dump sets 6.1.3
  - export and import operations on encrypted columns 6.1.2
- Oracle Data Pump export and import operations
  - about 6.1.1
- Oracle Real Application Clusters
  - about 6.3.1
  - non-shared file systems to store keystores 6.3.2
- Oracle Recovery Manager 4.1.13
  - keystores 4.1.13
- PDBs
  - about 6.5.1
  - finding keystore status for all PDBs 6.5.9
  - operations in root 6.5.2
- performance
  - database workloads 7.2
  - decrypting entire data set 7.2
  - optimum 7.2
  - worst case scenario 7.2
- performance overheads
  - about 5.3.1
  - typical 7.2
- PKI encryption 5.6
- privileges required 2.3
- SecureFiles 6.4, 6.4.1
- security considerations
  - column encryption 5.2.2
  - general advice 5.2.1
  - platintext fragments 5.2.3
- storage overhead 5.3.2
- storing Oracle GoldenGate secrets 4.4.1
- tablespace encryption
  - about 2.4.3, 3.4
  - creating 3.4.3.3.1
  - encryption and integrity algorithms 2.4.5
  - examples 3.4.3.3.3
  - opening keystore 3.4.3.1.2
  - restrictions 3.4.2
  - setting master encryption key 3.4.3.2
- tablespace encryption, setting with COMPATIBLE parameter 3.4.3.1.1
- views 3.5
Transparent Data Encryption (TDE)integrity
- column encryption
  - creating tables without integrity checks (NOMAC) 3.3.4.4
  - improving performance 3.3.4.4
- NOMAC parameter (TDE) 3.3.4.4
Transparent Data Encryption (TDE) keystores
- deleting 4.1.14
- moving software keystore to a new location 4.1.7
transportable tablespaces 3.3.3
tutorials
- named Data Redaction policy expressions 10.6.5

U

utilities, import/export 3.3.3

V

V$ENCRYPTION_WALLET view
- keystore order after migration 4.1.9.3
views
- Data Redaction 10.19
V public function (APEX_UTIL.GET_SESSION_STATE function), Data Redaction policies 10.5.6

X

XML generation 12.6