Configure an Oracle Database control to execute custom SQL statements on Oracle databases and create corresponding policy reports.
The statement you provide is like the control name that describes what it is and how it should be implemented in the environment. You'll also need to decide which category and sub-category the control belongs to. This is important because users can search and filter controls by category, they can also search by keywords in the statement.
Your control may apply to many technologies. In case the values for each technology is different then select each technology you're interested in individually and provide a rationale, statement and description for this control.
If you plan to use the same values for many technologies you only need to specify them once. Define your values in the "Default Values for Control Technologies" section first and then select the check box for each technology you want or click the Apply to All Technologies button. You'll see that the values get copied automatically to each technology that you select.
Enter a rationale statement describing how the control should be implemented for each technology.
Enter your SQL statement here. Only SELECT Statements are supported for this check.
Make sure you only use supported output data types when forming SQL statements. If you use an unsupported data type in the SQL statement, then the control posture will result in Error. To avoid this, use only supported data types.
Supported data types:
SMALLINT, INTEGER, NUMBER, DECIMAL, FLOAT, DOUBLE PRECISION, REAL, CHAR, VARCHAR, VARCHAR2, NCHAR, NVARCHAR2, INTERVAL YEAR TO MONTH, INTERVAL DAY TO SECOND, DATE, TIMESTAMP, TIMESTAMP WITH TIME ZONE, LONG, ROWID
DISTINCT, *(All), /* */ (comments), /*+ */(hint), Coulmn Alias, Table Alias, schema, table, view, WHERE, GROUP BY, ORDER BY, HAVING, INTERSECT, UNION, UNION ALL, LIKE, MINUS, select.. from.. select, ORDER BY, ASC, DESC
Describe your SQL statement here and it will appear in compliance policies and reports. You can also add your SQL statement to the description if you wish to view it in policies and reports.
Add remediation steps for this check.
We'll report the compliance status (Passed, Failed or Error) for each control instance in your compliance reports and on your PC dashboard. The status Error is returned in cases where errors occurred during control evaluation. This means the control was not tested for compliance.
If you do not want to see the Error status then you can ignore these errors and set their status to Pass or Fail. This will reflect in your reports accordingly.
Add up to 10 references for the control. These may be references to internal policies, documents and web sites. For each reference, enter a description, a URL or both. When providing a URL, you must start the URL with http://, https:// or ftp://. For example, enter http://www.qualys.com to link to the Qualys web site. Once added users have the option to include references in policy reports..
We'll return a maximum of 5000 rows. You can lower this limit in the compliance option profile.
We'll return a maximum of 30 columns. This is not configurable.