Oracle DBMS_MACOLS_SESSION
Version 19.3

General Information
Library Note Morgan's Library Page Header
Which has the higher priority in your organization: Deploying a new database or securing the ones you already have? Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
 
Purpose Provides integration between Database Vault and Label Security's LBACSYS.SA_SESSION package
AUTHID DEFINER
Constants
Name Data Type Value
 Audit Action Code
G_MAC_OLS_UPGRADE_AUDIT_CODE PLS_INTEGER 10010
Dependencies
CODE$ DV$CODE OLS$LAB
DBMS_MACAUD MAC_POLICY$ OLS$POL
DBMS_MACOLS NUMERIC_DOMINATES SA_SESSION
DBMS_MACUTL NUMERIC_LABEL_TO_CHAR SA_UTL
DBMS_STANDARD NUMERIC_STRICTLY_DOMINATES TO_NUMERIC_LABEL
Documented No
Exceptions
Error Code Reason
ORA-47907 Database Vault associated OLS policy <policy_name> not fully configured
First Available 18.1.0.0
Security Model Owned by DVSYS with EXECUTE granted to PUBLIC
Source {ORACLE_HOME}/rdbms/admin/dbmsmacp.sql
Subprograms
 
CAN_SET_LABEL
Determines whether a label be set under MAC OLS for this policy beyond max session label dbms_macols_session.can_set_label(
policy_name IN VARCHAR2,
label       IN VARCHAR2)
RETURN NUMBER;
TBD
 
IS_MAC_LABEL_SET
Determines if the max_session_label of the mac OLS policy is set dbms_macols_session.is_mac_label_set(
policy_name IN VARCHAR2)
RETURN NUMBER;
SELECT dvsys.dbms_macols_session.is_mac_label_set('UWSecPol')
FROM dual;

DVSYS.DBMS_MACOLS_SESSION.IS_MAC_LABEL_SET('UWSECPOL')
------------------------------------------------------
                                                     0
 
IS_MAC_POLICY
Returns 1if the OLS policy is protected by MAC OLS under DV dbms_macols_session.is_mac_policy(policy_name IN VARCHAR2)
RETURN NUMBER;
SELECT dvsys.dbms_macols_session.is_mac_policy('UWSecPol')
FROM dual;

DVSYS.DBMS_MACOLS_SESSION.IS_MAC_POLICY('UWSECPOL')
---------------------------------------------------
                                                  0
 
LABEL_AUDIT_RAISE
Audit invalid attempt to set/change the label for a policy beyond max session label and raise the appropriate exception. This procedure is invoked by sa_session.set_label, sa_session.set_access_profile, and sa_session.restore_default_labels in two cases: the label to set is beyond the max session label;
or the max_session_label is NULL.
dbms_macols_session.label_audit_raise(
policy_name IN VARCHAR2,
label       IN VARCHAR2,
proc_name   IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(label_audit_raise, NONE);
TBD
 
RESTORE_DEFAULT_LABELS
MAC OLS processing to merge default session label for a policy with the labels of any factors associated to the policy after the SA_SESSION restore_default_labels method is called dbms_macols_session.restore_default_labels(
policy_name     IN  VARCHAR2,
x_session_label OUT VARCHAR2,
x_mac_label     OUT VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(restore_default_labels, NONE);
exec dbms_macols_session.label_audit_raise('UWSecPol', 'UWLabel', 'UWProc');
*
ERROR at line 1:
ORA-47907: Database Vault associated OLS policy UWSecPol not fully configured
ORA-06512: at "DVSYS.DBMS_MACUTL", line 34
ORA-06512: at "DVSYS.DBMS_MACUTL", line 389
ORA-06512: at "DVSYS.DBMS_MACOLS_SESSION", line 142
ORA-06512: at line 1
 
SET_ACCESS_PROFILE
MAC OLS processing to merge default session label for a policy with the exist MAX session label after the SA_SESSION set_access_profile method is called dbms_macols_session.set_access_profile(
policy_name         IN  VARCHAR2 ,
user_name           IN  VARCHAR2,
p_max_session_label IN  VARCHAR2,
x_new_session_label OUT VARCHAR2)
RETURN NUMBER;
TBD
 
SET_POLICY_LABEL_CONTEXT
Sets the MAC OLS session context variable for the attribute specified dbms_macols_session.set_policy_label_context(
policy_name IN VARCHAR2,
label       IN VARCHAR2,
attribute   IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(set_policy_label_context, NONE);
TBD

Related Topics
Built-in Functions
Built-in Packages
DBMS_MACSEC
LBAC_EXP
LBAC_SESSION
LBAC_STANDARD
OLS$DATAPUMP
OLS_DIP_NTFY
OLS_ENFORCEMENT
OLS_UTIL_WRAPPER
What's New In 18c
What's New In 19c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2019 Daniel A. Morgan All Rights Reserved
  DBSecWorx