| Oracle® Database Vault Administrator's Guide 11g Release 1 (11.1) Part Number B31222-01 |
|
|
View PDF |
| Oracle® Database Vault Administrator's Guide 11g Release 1 (11.1) Part Number B31222-01 |
|
|
View PDF |
The DVSYS.DBMS_MACUTL package provides a set of general purpose utility functions that you can use throughout the application code you write for Oracle Database Vault. This package is available to all users.
This chapter includes the following topics:
Table G-1 summarizes field (that is, constant) descriptions for the DVSYS.DBMS_MACUTL package.
Table G-1 DVSYS.DBMS_MACUTL Field Summary
| FIeld Name | Data Type | Description |
|---|---|---|
|
|
|
Realm Objects: Wildcard to indicate all object names or all object types |
|
|
|
Factor |
|
|
|
|
|
|
|
Factor |
|
|
|
Factor |
|
|
|
Factor |
|
|
|
Factor |
|
|
|
Factor |
|
|
|
Factor |
|
|
|
|
|
|
|
Code groups: |
|
|
|
Code groups: Database object types |
|
|
|
Code groups: DDL commands. |
|
|
|
Code groups: Factor |
|
|
|
Code groups: Factor |
|
|
|
Code groups: Factor |
|
|
|
Code groups: Factor |
|
|
|
Code groups: Factor |
|
|
|
Code groups: Oracle Label Security Policy merge algorithms |
|
|
|
Code groups: Oracle Database Vault Error messages |
|
|
|
Code groups: SQL relational operators |
|
|
|
Code groups: Realm |
|
|
|
Code groups: Rule Set |
|
|
|
Code groups: Rule set |
|
|
|
Code groups: Rule set handler_options |
|
|
|
Code groups: Rule set |
|
|
|
Code groups: SQL statements |
|
|
|
Factors: The term context in the field name refers to the application context capability in Oracle Database. |
|
|
|
Factor labels: The term context in the field name refers to the application context capability in Oracle Database. |
|
|
|
The access control and Oracle Label Security context start with this field name The term context in the field name refers to the application context capability in Oracle Database. |
|
|
|
Realm: The term context in the field name refers to the application context capability in Oracle Database. |
|
|
|
Session Labels: The term context in the field name refers to the application context capability in Oracle Database. |
|
|
|
Factor |
|
|
|
|
|
|
|
|
|
|
|
Fail_options: Fail with no message |
|
|
|
Fail_options: Fail with message |
|
|
|
Factor |
|
|
|
Factor |
|
|
|
Factor |
|
|
|
Factor |
|
|
|
Factor |
|
|
|
Factor |
|
|
|
Factor |
|
|
|
This is the highest label a user could set based on the factors. It does not take into account the label for a user. |
|
|
|
The label that a factor with a null label defaults to |
|
|
|
No constant for enabled and |
|
|
|
The Oracle Label Security session label for a user at the time |
|
|
|
|
|
|
|
Realm |
|
|
|
Realm |
|
|
|
Realm authorizations: Owner |
|
|
|
Realm authorizations: Participant |
|
|
|
|
|
|
|
Rule set |
|
|
|
Rule set |
|
|
|
Rule set |
|
|
|
Rule set |
|
|
|
Rule set |
|
|
|
Rule set |
|
|
|
Rule set |
|
|
|
Rule set |
|
|
|
Rule set |
|
|
|
This is what Oracle Label Security has decided the user's label should be set to after factoring in the preceding values. |
|
|
|
Yes constant for enabled and |
Table G-2 lists the functions in the DVSYS.DBMS_MACUTL package.
Table G-2 DVSYS.DBMS_MACUTL Utility Functions
| Function | Descriptions |
|---|---|
|
CHECK_DVSYS_DML_ALLOWED Function |
Verifies that public-packages are not being bypassed by users updating the Oracle Database Vault configuration. |
|
|
Looks up the ID for a code within a code group; returns a |
|
|
Looks up the value for a code within a code group; returns a |
|
|
Constructs an XML document that contains the values for all of the factors; returns a Use this function to retrieve factors at the current time for a session. It is also useful for auditing purposes. |
|
|
Returns the seconds in Oracle SS format (00-59); returns a |
|
|
Returns the minute in Oracle MI format (00–59); returns a |
|
|
Returns the month in Oracle HH24 format (00–23); returns a |
|
|
Returns the day in Oracle DD format (01–31); returns a |
|
|
Returns the month in Oracle MM format (01–12); returns a |
|
|
Returns the year in Oracle YYYY format (0001–9999); returns a |
|
|
Checks for a string in the PL/SQL call stack; returns a |
|
|
Concatenates the elements of |
|
|
Checks whether the character is alphabetic; returns a |
|
|
Checks whether the character is numeric; returns a |
|
|
Determines whether a user is authorized to manage the Oracle Database Vault configuration; returns a |
|
|
Returns an indicator as to whether or not Oracle Label Security is installed; returns a |
|
IS_OLS_INSTALLED_VARCHAR Function |
Returns an indicator as to whether or not Oracle Label Security is installed; returns a |
|
RAISE_UNAUTHORIZED_OPERATION Function |
|
|
|
Looks up an Oracle RDBMS error message; returns a |
|
|
Looks up an Oracle RDBMS error message; returns a |
|
|
Alters a string to make it a legal Oracle identifier; returns a |
|
USER_HAS_OBJECT_PRIVILEGE Function |
Checks whether a user or role may access an object through an object privilege grant; returns a |
|
|
Checks whether a user has a role privilege, directly or indirectly (through another role); returns a |
|
USER_HAS_ROLE_VARCHAR Function |
Checks whether a user has a role privilege, directly or indirectly (through another role); returns a |
|
USER_HAS_SYSTEM_PRIVILEGE Function |
Checks whether a user has a system privilege, directly or indirectly (through a role); returns a |
This function verifies that public packages are not being bypassed by users updating the Oracle Database Vault configuration.
Syntax
CHECK_DVSYS_DML_ALLOWED( p_user VARCHAR2 DEFAULT USER);
Parameter
Table G-3 CHECK_DVSYS_DML_ALLOWED Parameter
| Parameter | Description |
|---|---|
|
|
User performing the operation. To find existing users in the current database instance, use the following views:
|
This function looks up the ID for a code within a code group, and then returns a NUMBER value. These codes are used for the user interface, views, and for validating input in a translatable fashion.
Syntax
GET_CODE_ID( p_code_group VARCHAR2, p_code VARCHAR2);
Parameters
Table G-4 GET_CODE_ID Parameters
| Parameter | Description |
|---|---|
|
|
Code group, for example, To find available code groups in the current database instance, use the |
|
|
Value of the code from This value is listed when you run the |
This function looks up the value for a code within a code group, and then returns a VARCHAR2 value.
Syntax
GET_CODE_VALUE( p_code_group VARCHAR2, p_code VARCHAR2);
Parameters
Table G-5 GET_CODE_VALUE Parameters
| Parameter | Description |
|---|---|
|
|
Code group, for example, To find existing code groups in the current database instance, use the |
|
|
ID of the code. This ID is listed when you run the |
This function constructs an XML document that contains the values for all of the factors. This XML document is only intended for auditing or tracing and is truncated if it is longer than 4000 characters. The function returns a VARCHAR2 value.
Use this function to retrieve factors at the current time for a session. It is also useful for auditing purposes.
Syntax
GET_FACTOR_CONTEXT();
Parameters
None.
This function returns the seconds in Oracle SS (seconds) format (00–59), and then returns a NUMBER value. It is useful for rule expressions based on time data.
Syntax
GET_SECOND( p_date DATE DEFAULT SYSDATE);
Parameter
This function returns the minute in Oracle MI (minute) format (00–59); returns a NUMBER value. Useful for rule expressions based on time data.
Syntax
GET_MINUTE( p_date DATE DEFAULT SYSDATE);
Parameter
Table G-7 GET_MINUTE Parameter
| Parameter | Description |
|---|---|
|
|
Date in MI format, for example, If you do not specify a date, Oracle Database Vault uses the Oracle Database |
This function returns the hour in Oracle HH24 (hour) format (00–23); returns a NUMBER value. Useful for rule expressions based on time data.
Syntax
GET_HOUR( p_date DATE DEFAULT SYSDATE);
Parameter
Table G-8 GET_HOUR Parameter
| Parameter | Description |
|---|---|
|
|
Date in HH24 format, for example, If you do not specify a date, Oracle Database Vault uses the Oracle Database |
This function returns the day in Oracle DD (day) format (01–31); returns a NUMBER value. It is useful for rule expressions based on time data.
Syntax
GET_DAY( p_date DATE DEFAULT SYSDATE);
Parameter
Table G-9 GET_DAY Parameter
| Parameter | Description |
|---|---|
|
|
Date in DD format, for example, If you do not specify a date, Oracle Database Vault uses the Oracle Database |
This function returns the month in Oracle MM (month) format (01–12); returns a NUMBER value. Useful for rule expressions based on time data.
Syntax
GET_MONTH( p_date DATE DEFAULT SYSDATE);
Parameter
This function returns the year in Oracle YYYY (year) format (0001–9999); returns a NUMBER value. Useful for rule expressions based on time data.
Syntax
GET_YEAR( p_date DATE DEFAULT SYSDATE);
Parameter
This function concatenates the elements of ora_name_list_t into a single VARCHAR2 value, and then returns a VARCHAR2 value.
Syntax
GET_SQL_TEXT( p_sql_text ora_name_list_t);
Parameters
This function checks for a string in the PL/SQL call stack, and then returns a BOOLEAN value. IN_CALL_STACK returns TRUE if the string is in the call stack.
Syntax
IN_CALL_STACK( p_search_term VARCHAR2);
Parameter
This function checks whether the character is alphabetic, and then returns a BOOLEAN value. IS_ALPHA returns TRUE if the character is alphabetic.
Syntax
IS_ALPHA( c VARCHAR2);
Parameter
This function checks whether the character is numeric, and then returns a BOOLEAN value. IS_DIGIT returns TRUE if the character is a digit.
Syntax
IS_DIGIT( c VARCHAR2);
Parameter
This function determines whether a user is authorized to manage the Oracle Database Vault configuration, and then returns a BOOLEAN value. IS_DVSYS_OWNER returns TRUE if the user is authorized.
Syntax
IS_DVSYS_OWNER( p_user VARCHAR2 DEFAULT USER);
Parameter
Table G-16 IS_DVSYS_OWNER Parameter
| Parameter | Description |
|---|---|
|
|
User to check. To find existing users, use the following views:
|
This function returns an indicator as to whether or not Oracle Label Security is installed, and then returns a TRUE or FALSE BOOLEAN value. If Oracle Label Security is installed, IS_OLS_INSTALLED returns TRUE.
Syntax
IS_OLS_INSTALLED()
Parameters
None.
This function returns an indicator as to whether or not Oracle Label Security is installed, and then returns a Y or N VARCHAR2 value. If Oracle Label Security is installed, IS_OLS_INSTALLED_VARCHAR returns Y.
Syntax
IS_OLS_INSTALLED_VARCHAR()
Parameters
None.
This function looks up an Oracle RDBMS error message, and then returns a VARCHAR2 value.
Syntax
GET_MESSAGE_LABEL( p_message_code VARCHAR2);
Parameters
Table G-17 GET_MESSAGE_LABEL Parameter
| Parameter | Description |
|---|---|
|
|
Message code. See Oracle Database Error Messages for a listing of error messages. |
|
|
Value to substitute for %1 |
|
|
Value to substitute for %2 |
|
|
Value to substitute for %3 |
|
|
Value to substitute for %4 |
|
|
Value to substitute for %5 |
|
|
Value to substitute for %6 |
This function looks up an Oracle RDBMS error message, and then returns a NUMBER value.
Syntax
GET_MESSAGE_LABEL( p_message_code NUMBER);
Parameters
Table G-18 GET_MESSAGE_LABEL Parameter
| Parameter | Description |
|---|---|
|
|
Message code. See Oracle Database Error Messages for a listing of error messages. |
|
|
Value to substitute for %1 |
|
|
Value to substitute for %2 |
|
|
Value to substitute for %3 |
|
|
Value to substitute for %4 |
|
|
Value to substitute for %5 |
|
|
Value to substitute for %6 |
This function generates an ORA-20920 (Unauthorized Operation) error for unauthorized users.
Syntax
RAISE_UNAUTHORIZED_OPERATION( p_user VARCHAR2 DEFAULT USER);
Parameter
Table G-19 RAISE_UNAUTHORIZED_OPERATION Parameter
| Parameter | Description |
|---|---|
|
|
User performing the operation. To find existing users, use the following views:
|
This function turns string into a legal Oracle identifier, and then returns a VARCHAR2 value.
Syntax
TO_ORACLE_IDENTIFIER( id VARCHAR2);
Parameter
This function checks whether a user or role may access an object through an object privilege grant, and then returns a BOOLEAN value. If the user or role has object privileges, then USER_HAS_OBJECT_PRIVILEGE returns TRUE.
Syntax
USER_HAS_OBJECT_PRIVILEGE( p_user VARCHAR2, p_object_owner VARCHAR2, p_object_name VARCHAR2, p_privilege VARCHAR2);
Parameters
Table G-21 USER_HAS_OBJECT_PRIVILEGE Parameters
| Parameter | Description |
|---|---|
|
|
User or role to check. To find existing users, use the following views:
|
|
|
Object owner. To find the available users, use the To find the authorization of a particular user, use the |
|
|
Object name. To find the available objects, use the To find objects that are secured by existing realms, use the |
|
|
Object privilege, for example, To find privileges for a database account excluding |
This function checks whether a user has a role privilege, directly or indirectly (through another role), and then returns a BOOLEAN value. If the user has a role privilege, then USER_HAS_ROLE returns TRUE.
Syntax
USER_HAS_ROLE( p_role VARCHAR2, p_user VARCHAR2 DEFAULT USER);
Parameters
Table G-22 USER_HAS_ROLE Parameters
| Parameter | Description |
|---|---|
|
|
Role privilege to check. To find existing roles, use the following views:
|
|
|
User to check. To find existing users, use the following views:
|
This function checks whether a user has a role privilege, directly or indirectly (through another role), and then returns a VARCHAR2 value. If the user has the role privilege specified, then USER_HAS_ROLE_VARCHAR returns Y.
Syntax
USER_HAS_ROLE_VARCHAR( p_role VARCHAR2, p_user VARCHAR2 DEFAULT USER);
Parameters
Table G-23 USER_HAS_ROLE_VARCHAR Parameters
| Parameter | Description |
|---|---|
|
|
Role to check. To find existing roles, use the following views:
|
|
|
User to check. To find existing users, use the following views:
|
This function checks whether a user has a system privilege, directly or indirectly (through a role), and then returns a BOOLEAN value. If the user has the system privilege specified, then USER_HAS_SYSTEM_PRIVILEGE returns TRUE.
Syntax
USER_HAS_SYSTEM_PRIVILEGE( p_privilege VARCHAR2, p_user VARCHAR2 DEFAULT USER);
Parameters
Table G-24 USER_HAS_SYSTEM_PRIVILEGE Parameters
| Parameter | Description |
|---|---|
|
|
System privilege to check for. To find privileges for a database account excluding |
|
|
User to check. To find existing users, use the following views:
|
