Oracle DBMS_MACOLS_SESSION
Version 21c

General Information
Library Note Morgan's Library Page Header
ACE Director Alum Daniel Morgan, founder of Morgan's Library, is scheduling complimentary technical Workshops on Database Security for the first 30 Oracle Database customers located anywhere in North America, EMEA, LATAM, or APAC that send an email to asra_us@oracle.com. Request a Workshop for your organization today.
 
Purpose Provides integration between Database Vault and Label Security's LBACSYS.SA_SESSION package
AUTHID DEFINER
Constants
Name Data Type Value
 Audit Action Code
G_MAC_OLS_UPGRADE_AUDIT_CODE PLS_INTEGER 10010
Dependencies
CODE$ DV$CODE OLS$LAB
DBMS_MACAUD MAC_POLICY$ OLS$POL
DBMS_MACOLS NUMERIC_DOMINATES SA_SESSION
DBMS_MACUTL NUMERIC_LABEL_TO_CHAR SA_UTL
DBMS_STANDARD NUMERIC_STRICTLY_DOMINATES TO_NUMERIC_LABEL
Documented No
Exceptions
Error Code Reason
ORA-47907 Database Vault associated OLS policy <policy_name> not fully configured
First Available 18.1.0.0
Security Model Owned by DVSYS with EXECUTE granted to PUBLIC
Source {ORACLE_HOME}/rdbms/admin/dbmsmacp.sql
Subprograms
CAN_SET_LABEL LABEL_AUDIT_RAISE SET_ACCESS_PROFILE
IS_MAC_LABEL_SET RESTORE_DEFAULT_LABELS SET_POLICY_LABEL_CONTEXT
IS_MAC_POLICY    
 
CAN_SET_LABEL
Determines whether a label be set under MAC OLS for this policy beyond max session label dbms_macols_session.can_set_label(
policy_name IN VARCHAR2,
label       IN VARCHAR2)
RETURN NUMBER;
TBD
 
IS_MAC_LABEL_SET
Determines if the max_session_label of the mac OLS policy is set dbms_macols_session.is_mac_label_set(
policy_name IN VARCHAR2)
RETURN NUMBER;
SELECT dvsys.dbms_macols_session.is_mac_label_set('UWSecPol')
FROM dual;

DVSYS.DBMS_MACOLS_SESSION.IS_MAC_LABEL_SET('UWSECPOL')
------------------------------------------------------
                                                     0
 
IS_MAC_POLICY
Returns 1if the OLS policy is protected by MAC OLS under DV dbms_macols_session.is_mac_policy(policy_name IN VARCHAR2)
RETURN NUMBER;
SELECT dvsys.dbms_macols_session.is_mac_policy('UWSecPol')
FROM dual;

DVSYS.DBMS_MACOLS_SESSION.IS_MAC_POLICY('UWSECPOL')
---------------------------------------------------
                                                  0
 
LABEL_AUDIT_RAISE
Audit invalid attempt to set/change the label for a policy beyond max session label and raise the appropriate exception. This procedure is invoked by sa_session.set_label, sa_session.set_access_profile, and sa_session.restore_default_labels in two cases: the label to set is beyond the max session label or the max_session_label is NULL. dbms_macols_session.label_audit_raise(
policy_name IN VARCHAR2,
label       IN VARCHAR2,
proc_name   IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(label_audit_raise, NONE);
TBD
 
RESTORE_DEFAULT_LABELS
MAC OLS processing to merge default session label for a policy with the labels of any factors associated to the policy after the SA_SESSION restore_default_labels method is called dbms_macols_session.restore_default_labels(
policy_name     IN  VARCHAR2,
x_session_label OUT VARCHAR2,
x_mac_label     OUT VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(restore_default_labels, NONE);
exec dbms_macols_session.label_audit_raise('UWSecPol', 'UWLabel', 'UWProc');
*
ERROR at line 1:
ORA-47907: Database Vault associated OLS policy UWSecPol not fully configured
ORA-06512: at "DVSYS.DBMS_MACUTL", line 34
ORA-06512: at "DVSYS.DBMS_MACUTL", line 389
ORA-06512: at "DVSYS.DBMS_MACOLS_SESSION", line 142
ORA-06512: at line 1
 
SET_ACCESS_PROFILE
MAC OLS processing to merge default session label for a policy with the exist MAX session label after the SA_SESSION set_access_profile method is called dbms_macols_session.set_access_profile(
policy_name         IN  VARCHAR2 ,
user_name           IN  VARCHAR2,
p_max_session_label IN  VARCHAR2,
x_new_session_label OUT VARCHAR2)
RETURN NUMBER;
TBD
 
SET_POLICY_LABEL_CONTEXT
Sets the MAC OLS session context variable for the attribute specified dbms_macols_session.set_policy_label_context(
policy_name IN VARCHAR2,
label       IN VARCHAR2,
attribute   IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(set_policy_label_context, NONE);
TBD

Related Topics
Built-in Functions
Built-in Packages
CONFIGURE_DV_INTERNAL
DBMS_MACAUD
DBMS_MACOLS
DBMS_MACSEC
LBAC_EXP
LBAC_SESSION
LBAC_STANDARD
OLS$DATAPUMP
OLS_ENFORCEMENT
OLS_UTIL_WRAPPER
What's New In 21c
What's New In 23c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2023 Daniel A. Morgan All Rights Reserved
  DBSecWorx