Oracle DBMS_PRIV_CAPTURE
Version 19.3

General Information
Library Note Morgan's Library Page Header
For how many years have you been working with physical servers that are starving your database of the memory necessary to deploy important new performance features such as the Result Cache, Memoptimize Pool, In-Memory Aggregation, In-Memory Column Store, and Full Database Caching? Too long? Contact me to learn how to improve all queries ... not just some queries.
Purpose Capture privileges used in Oracle defined PL/SQL packages.

The purpose of this project, #32973, is to capture privileges used for an operation. Privileges checked in the kernel(e.g, through KZP layer) have been collected. However, many Oracle defined PL/SQL packages query privilege related dictionary tables/views(for example, session_privs, session_roles, sysauth$, objauth$, etc.) to check whether a user has a given privilege. For such cases, APIs in this package have been used to replace orginal check. For queries that cannot be replaced, privileges are collected directly by calling dbms_priv_capture.capture_privilege_use.
AUTHID CURRENT_USER
Dependencies
DBMS_AQADM_SYS DBMS_PARALLEL_EXECUTE KUPF$FILE
DBMS_CMP_INT DBMS_RULE_EXP_UTLI KUPP$PROC
DBMS_COMPARISON DBMS_SCHED_ARGUMENT_IMPORT KUPV$FT
DBMS_COMPRESSION DBMS_SCHED_JOB_EXPORT KUPW$WORKER
DBMS_CSX_ADMIN DBMS_SCHED_MAIN_EXPORT LBAC_EXP
DBMS_CUBE DBMS_SMB LBAC_SERVICES
DBMS_CUBE_ADVISE DBMS_SNAPSHOT_COMMON LBAC_SYSDBA
DBMS_DATAPUMP DBMS_SQLTUNE LOGMNR_EM_SUPPORT
DBMS_DATA_MINING DBMS_STATS LOGSTDBY_INTERNAL
DBMS_DDL DBMS_STATS_ADVISOR OLS_ENFORCEMENT
DBMS_EDITIONS_UTILITIES DBMS_STREAMS_ADM_UTL_INVOK PRIV_CAPTURE$
DBMS_FILE_GROUP DBMS_STREAMS_PUB_RPC PRIV_PROFILE_LIB
DBMS_FILE_GROUP_IMP DBMS_TRANSFORM RDF_APIS
DBMS_HPROF DBMS_XDB_CONFIG ROLENAME_ARRAY
DBMS_ILM DRIACC ROLE_ARRAY
DBMS_LOGREP_IMP DRIIMP SDO_RDF
DBMS_LOGREP_UTIL_INVOK DRVDDL SEM_RDFSA_DR
DBMS_METADATA ISXMLTYPETABLE XS_DATA_SECURITY_UTIL
Documented No
First Available 12.1.0
Security Model Owned by SYS with EXECUTE granted to EXFSYS, LBACSYS, OLAPSYS, and XDB
Source {ORACLE_HOME}/rdbms/admin/catprofp.sql
Subprograms
 
CAPTURE_PRIVILEGE_USE
Capture a privilege usage, if a privilege capture condition is met. This procedure is called when a privilege is used in PL/SQL or JAVA.

Overload 1
dbms_priv_capture.capture_privilege_use(
userid     IN NUMBER,
syspriv    IN NUMBER         DEFAULT NULL,
role       IN VARCHAR2       DEFAULT NULL,
objpriv    IN NUMBER         DEFAULT NULL,
obj        IN NUMBER         DEFAULT NULL,
domain     IN role_array     DEFAULT NULL,
domain_str IN rolename_array DEFAULT NULL);
TBD
Overload 2 dbms_priv_capture.capture_privilege_use(
username   IN VARCHAR2,
syspriv    IN VARCHAR2       DEFAULT NULL,
role       IN VARCHAR2       DEFAULT NULL,
objpriv    IN VARCHAR2       DEFAULT NULL,
owner      IN VARCHAR2       DEFAULT NULL,
object     IN VARCHAR2       DEFAULT NULL,
domain     IN role_array     DEFAULT NULL,
domain_str IN rolename_array DEFAULT NULL);
TBD
 
SES_HAS_OBJ_PRIV
Checks whether the current user has a given object privilege

Appears to have a bug as this returns FALSE for SYS
dbms_priv_capture.ses_has_obj_priv(
objpriv  IN VARCHAR2,
objowner IN VARCHAR2,
objname  IN VARCHAR2,
nmspace  IN PLS_INTEGER DEFAULT 1)
RETURN BOOLEAN;
BEGIN
  IF dbms_priv_capture.ses_has_obj_priv('SELECT', 'SYS', 'CDB_USERS') THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
 
SES_HAS_ROLE_PRIV
Determines whether the current user has a given role dbms_priv_capture.ses_has_role_priv(rolename IN VARCHAR2)
RETURN PLS_INTEGER;
SELECT dbms_priv_capture.ses_has_role_priv('DBHADOOP')
FROM dual;
 
SES_HAS_SYS_PRIV
Determines whether the current user has a given system privilege dbms_priv_capture.ses_has_sys_priv(systempriv IN VARCHAR2)
RETURN PLS_INTEGER;
SELECT dbms_priv_capture.ses_has_sys_priv('CREATE TABLE')
FROM dual;

Related Topics
Built-in Functions
Built-in Packages
DBMS_PRIVILEGE_CAPTURE
Object Privileges
Profiles
Roles
Security
System Privileges
What's New In 18cR3
What's New In 19cR3

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2019 Daniel A. Morgan All Rights Reserved
DBSecWorx