| Admin users |
Database users |
Default administrative users such as database and system administrators. |
Yes |
| Administration objects |
Table names |
Privileged objects that only administrative users can access (objects that, by default, are
locked to public access). |
Yes |
| Administrative commands |
Commands |
Privileged commands that, by default, can only be executed by administrative users (for
example, GRANT and DDL commands). |
No |
ALTER commands |
Commands |
ALTER commands such as ALTER DATABASE, ALTER
PROCEDURE, ALTER PROFILE, ALTER SESSION, and
ALTER USER. |
No |
| Applications excluded from analysis |
Source program |
Applications excluded from analysis. |
Yes |
| Authorized users |
Database users |
Users that are authorized to use the system. |
Yes |
| Authorized server IPs |
IP address |
Server IP addresses that are authorized to connect to the system. |
Yes |
Database DML and SELECT commands |
Commands |
Data Manipulation Language (DML) and SELECT commands. |
Yes |
| Databases excluded from analysis |
Database name |
Databases excluded from analysis. |
Yes |
| DB users excluded from analysis |
Database users |
Database users excluded from analysis. |
Yes |
| DDL commands |
Commands |
Data Definition Language (DDL) and schema-privileged commands such as ALTER
and DROP. |
No |
| DML commands |
Commands |
Data manipulation language (DML) commands such as INSERT,
TRUNCATE, and UPDATE. |
No |
DROP commands |
Commands |
DROP commands such as DROP CONTEXT, DROP EVENT
MONITOR, DROP PROCEDURE, and DROP ROLE. |
No |
GRANT commands |
Commands |
GRANT commands such as GRANT, GRANT OBJECT
PRIVILEGES, and GRANT SYSTEM PRIVILEGES. |
No |
| OS users excluded from analysis |
OS users |
OS users excluded from analysis. |
Yes |
REVOKE commands |
Commands |
REVOKE commands such as REVOKE, REVOKE OBJECT
PRIVILEGES, and REVOKE SYSTEM PRIVILEGES. |
No |
| Risk-indicative error messages |
Errors |
SQL errors related to security. |
No |
SELECT commands |
Commands |
Commands such as SELECT and SELECT LIST. |
No |
| Sensitive objects |
DB fields |
Sensitive objects such as sales activity. |
Yes |
| Server IP + Database + DB Users excluded from analysis |
Connection |
This group is used to exclude database users from analytics. A database user is defined here
as a combination of a server IP, database name, and database user. All 3 fields, and only these
fields, should be filled in. Other fields are ignored. The group can also be populated while closing
a Risk Event. See the Risk Events page for details. |
Yes |