Oracle DBMS_MACOLS_SESSION
Version 19.3

General Information
Library Note Morgan's Library Page Header
For how many years have you been working with physical servers that are starving your database of the memory necessary to deploy important new performance features such as the Result Cache, Memoptimize Pool, In-Memory Aggregation, In-Memory Column Store, and Full Database Caching? Too long? Contact me to learn how to improve all queries ... not just some queries.
 
Purpose Provides integration between Database Vault and Label Security's LBACSYS.SA_SESSION package
AUTHID DEFINER
Constants
Name Data Type Value
Audit Action Code
G_MAC_OLS_UPGRADE_AUDIT_CODE PLS_INTEGER 10010
Dependencies
CODE$ DV$CODE OLS$LAB
DBMS_MACAUD MAC_POLICY$ OLS$POL
DBMS_MACOLS NUMERIC_DOMINATES SA_SESSION
DBMS_MACUTL NUMERIC_LABEL_TO_CHAR SA_UTL
DBMS_STANDARD NUMERIC_STRICTLY_DOMINATES TO_NUMERIC_LABEL
Documented No
Exceptions
Error Code Reason
ORA-47907 Database Vault associated OLS policy <policy_name> not fully configured
First Available 18.1.0.0
Security Model Owned by DVSYS with EXECUTE granted to PUBLIC
Source {ORACLE_HOME}/rdbms/admin/dbmsmacp.sql
Subprograms
 
CAN_SET_LABEL
Determines whether a label be set under MAC OLS for this policy beyond max session label dbms_macols_session.can_set_label(
policy_name IN VARCHAR2,
label       IN VARCHAR2)
RETURN NUMBER;
TBD
 
IS_MAC_LABEL_SET
Determines if the max_session_label of the mac OLS policy is set dbms_macols_session.is_mac_label_set(
policy_name IN VARCHAR2)
RETURN NUMBER;
SELECT dvsys.dbms_macols_session.is_mac_label_set('UWSecPol')
FROM dual;

DVSYS.DBMS_MACOLS_SESSION.IS_MAC_LABEL_SET('UWSECPOL')
------------------------------------------------------
                                                     0
 
IS_MAC_POLICY
Returns 1if the OLS policy is protected by MAC OLS under DV dbms_macols_session.is_mac_policy(policy_name IN VARCHAR2)
RETURN NUMBER;
SELECT dvsys.dbms_macols_session.is_mac_policy('UWSecPol')
FROM dual;

DVSYS.DBMS_MACOLS_SESSION.IS_MAC_POLICY('UWSECPOL')
---------------------------------------------------
                                                  0
 
LABEL_AUDIT_RAISE
Audit invalid attempt to set/change the label for a policy beyond max session label and raise the appropriate exception. This procedure is invoked by sa_session.set_label, sa_session.set_access_profile, and sa_session.restore_default_labels in two cases: the label to set is beyond the max session label;
or the max_session_label is NULL.
dbms_macols_session.label_audit_raise(
policy_name IN VARCHAR2,
label       IN VARCHAR2,
proc_name   IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(label_audit_raise, NONE);
TBD
 
RESTORE_DEFAULT_LABELS
MAC OLS processing to merge default session label for a policy with the labels of any factors associated to the policy after the SA_SESSION restore_default_labels method is called dbms_macols_session.restore_default_labels(
policy_name     IN  VARCHAR2,
x_session_label OUT VARCHAR2,
x_mac_label     OUT VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(restore_default_labels, NONE);
exec dbms_macols_session.label_audit_raise('UWSecPol', 'UWLabel', 'UWProc');
*
ERROR at line 1:
ORA-47907: Database Vault associated OLS policy UWSecPol not fully configured
ORA-06512: at "DVSYS.DBMS_MACUTL", line 34
ORA-06512: at "DVSYS.DBMS_MACUTL", line 389
ORA-06512: at "DVSYS.DBMS_MACOLS_SESSION", line 142
ORA-06512: at line 1
 
SET_ACCESS_PROFILE
MAC OLS processing to merge default session label for a policy with the exist MAX session label after the SA_SESSION set_access_profile method is called dbms_macols_session.set_access_profile(
policy_name         IN  VARCHAR2 ,
user_name           IN  VARCHAR2,
p_max_session_label IN  VARCHAR2,
x_new_session_label OUT VARCHAR2)
RETURN NUMBER;
TBD
 
SET_POLICY_LABEL_CONTEXT
Sets the MAC OLS session context variable for the attribute specified dbms_macols_session.set_policy_label_context(
policy_name IN VARCHAR2,
label       IN VARCHAR2,
attribute   IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(set_policy_label_context, NONE);
TBD

Related Topics
Built-in Functions
Built-in Packages
DBMS_MACSEC
LBAC_EXP
LBAC_SESSION
LBAC_STANDARD
OLS$DATAPUMP
OLS_DIP_NTFY
OLS_ENFORCEMENT
OLS_UTIL_WRAPPER
What's New In 18cR3
What's New In 19cR3

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2019 Daniel A. Morgan All Rights Reserved