Today I had the opportunity to give a presentation on Oracle 18c new Security Features at the SOUG day in Baden. It was a great opportunity to discuss the security enhancements in the latest Oracle database release. This release introduces some new security features that simplify the secure operation of on-premises or cloud-based databases. Especially the new central managed user with MS Active Directory.

Based on first experiences and insights, the following topics have been discussed:

• Create schema only accounts
• Integration of Active Directory services with Oracle Database
• Encrypt sensitive credential data in the data dictionary
• Write Unified Audit Trail records to SYSLOG or the Windows event viewer
• Use Oracle Data Pump to export and import the Unified Audit Trail
• Authentication and certification parameters
• Enterprise User Security Manager (EUSM)
• User defined master encryption key
• Keystore for each Pluggable Database
• User defined master encryption key
• Enhancements to Oracle Database Vault simulation mode
• Grant Data Pump-Database Vault authorizations to roles
• Oracle Database Vault support for Oracle Database Replay

The Killer feature in this release is definitely the centrally managed user with its simple MS Active Directory integration. It is an ideal solution to simplify the user management in small / midsize environments. For larger and more complex environments it makes more sense to engineer central user management using Oracle Enterprise User Security. Many other improvements are due to Oracle’s cloud strategy. Necessary and meaningful but not earth-shattering.

The presentation is available in English over the following links:

• Agenda SOUG Day
• Presentation on OraDBA (English)  SOUGDay_Oracle18cNewSecurity_SOE.pdf