| Oracle SA_USER_ADMIN Version 21c |
|---|
| General Information | |||||||||||||||||
| Library Note |
|
||||||||||||||||
| Purpose | Use this package to add, alter and drop compartments, groups, labels, levels, and user access and privileges. | ||||||||||||||||
| AUTHID | CURRENT_USER | ||||||||||||||||
| Dependencies |
|
||||||||||||||||
| Documented | No | ||||||||||||||||
| First Available | 10.1 | ||||||||||||||||
| Security Model | Owned by LBACSYS with no privileges granted. | ||||||||||||||||
| Security Privileges |
|
||||||||||||||||
| Source | {ORACLE_HOME}/rdbms/admin/prvtolsdd.plb | ||||||||||||||||
| Subprograms | |||||||||||||||||
| ADD_COMPARTMENTS | |||||||||||||||||
| Adds (assigns) compartments to a user's authorizations, indicating if the compartments are authorized for write and read privileges | sa_user_admin.add_compartments( |
||||||||||||||||
BEGIN |
|||||||||||||||||
| ADD_GROUPS | |||||||||||||||||
| Adds (assigns) groups to a user, indicating if the groups are authorized for write and read privileges |
sa_user_admin.add_groups( |
||||||||||||||||
BEGIN |
|||||||||||||||||
| ALTER_COMPARTMENTS | |||||||||||||||||
| Changes the write access, default label indicator, and row label indicator for the specified compartments | sa_user_admin.alter_compartments( |
||||||||||||||||
BEGIN |
|||||||||||||||||
| ALTER_GROUPS | |||||||||||||||||
| Changes the write access, default label indicator, and row label indicator for the specified groups | sa_user_admin.alter_groups( |
||||||||||||||||
BEGIN |
|||||||||||||||||
| DROP_ALL_COMPARTMENTS | |||||||||||||||||
| Drop all assigned compartments from the named user for the named policy | sa_user_admin.drop_all_compartments( |
||||||||||||||||
exec sa_user_admin.drop_all_compartments('DATA_ACCESS', 'UWCLASS'); |
|||||||||||||||||
| DROP_ALL_GROUPS | |||||||||||||||||
| Drop all assigned groups from the named user for the named policy | sa_user_admin.drop_all_groups( |
||||||||||||||||
exec sa_user_admin.drop_all_groups('DATA_ACCESS', 'UWCLASS'); |
|||||||||||||||||
| DROP_COMPARTMENTS | |||||||||||||||||
| Drop the named compartment from the user's authorizations under the named policy | sa_user_admin.drop_compartments( |
||||||||||||||||
exec sa_user_admin.drop_compartments('DATA_ACCESS', 'UWCLASS', 'FA'); |
|||||||||||||||||
| DROP_GROUPS | |||||||||||||||||
| Drop the named groups from the user's authorizations under the name policy | sa_user_admin.drop_groups( |
||||||||||||||||
exec sa_user_admin.drop_groups('DATA_ACCESS', 'UWCLASS', 'OP'); |
|||||||||||||||||
| DROP_USER_ACCESS | |||||||||||||||||
| Removes all Oracle Label Security authorizations and privileges from the specified user based on the named policy | sa_user_admin.drop_user_access( |
||||||||||||||||
exec sa_user_admin.drop_user_access('DATA_ACCESS', 'UWCLASS'); |
|||||||||||||||||
| SET_COMPARTMENTS | |||||||||||||||||
| Assigns compartments to a user and identifies default values for the user's session label and row label | sa_user_admin.set_compartments( |
||||||||||||||||
exec sa_user_admin.set_compartments('DATA_ACCESS', 'UWCLASS', 'IS', 'IS', 'IS', 'IS'); |
|||||||||||||||||
| SET_DEFAULT_LABEL | |||||||||||||||||
| Sets a user's initial session label to the one specified | sa_user_admin.set_default_label( |
||||||||||||||||
exec sa_user_admin.default_label('DATA_ACCESS', 'UWCLASS',
'P::OP::AO'); |
|||||||||||||||||
| SET_GROUPS | |||||||||||||||||
| Assigns groups to a user and identifies default values for the user's session label and row label | sa_user_admin.set_groups( |
||||||||||||||||
BEGIN |
|||||||||||||||||
| SET_LEVELS | |||||||||||||||||
| Assigns a user minimum and maximum levels and identifies default values for the user's session label and row label | sa_user_admin.set_levels( |
||||||||||||||||
'BEGIN |
|||||||||||||||||
| SET_PROG_PRIVS | |||||||||||||||||
| Sets policy-specific privileges for program units. If NULL, then program privs are revoked. To grant privileges to a stored program unit, you must have the POLICY_DBA role and EXECUTE on the SA_USER_ADMIN package. |
sa_user_admin.set_prog_privs( |
||||||||||||||||
CREATE TABLE emp_work_sched( |
|||||||||||||||||
| SET_ROW_LABEL | |||||||||||||||||
| sets a user's initial row label to the one specified. A user can reset the row label, but only to: A level that is less than or equal to the level of the session label, and greater than or equal to the user's minimum level Include a subset of the compartments and groups from the session label, for which the user is authorized to have write access Setting a row label to an invalid value is disallowed, and the row label value is unchanged. |
sa_user_admin.set_row_label( |
||||||||||||||||
exec sa_user_admin.set_row_label('DATA_ACCESS', 'UWCLASS', 'S::IT::IS'); |
|||||||||||||||||
| SET_USER_LABELS | |||||||||||||||||
| Sets the user's levels, compartments, and groups using a set of labels, instead of the individual components | sa_user_admin.set_user_labels( |
||||||||||||||||
BEGIN |
|||||||||||||||||
| SET_USER_PRIVS | |||||||||||||||||
| Sets policy-specific privileges for a user. Privs become effective at the next login replacing previously granted privs.NULL revokes all policy. To assign policy privileges to users, you must have the EXECUTE privilege for the SA_USER_ADMIN package, and must have been granted the POLICY_DBA role. |
sa_user_admin.set_user_privs( |
||||||||||||||||
exec sa_user_admin.set_user_labels('DATA_ACCESS', 'UWCLASS', 'FULL'); |
|||||||||||||||||
| This site is maintained by Dan Morgan. Last Updated: | This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2023 Daniel A. Morgan All Rights Reserved | |||||||||
|
||||||||||
