Oracle XS_ADMIN_UTIL
Version 21c

General Information
Library Note Morgan's Library Page Header
ACE Director Alum Daniel Morgan, founder of Morgan's Library, is scheduling complimentary technical Workshops on Database Security for the first 30 Oracle Database customers located anywhere in North America, EMEA, LATAM, or APAC that send an email to asra_us@oracle.com. Request a Workshop for your organization today.
Purpose Real Application Security
AUTHID CURRENT_USER
Constants
Name Data Type Value
COMMON_WORKSPACE VARCHAR2(6) 'XS'
SCHEMA_ACL VARCHAR2(13) 'XS$SCHEMA_ACL'
XSCONNECT VARCHAR2(9) 'XSCONNECT'
STRING_MAXLEN PLS_INTEGER 4000
NON_EMPTY_STRING_MINLEN PLS_INTEGER 1
STRING_MINLEN PLS_INTEGER 0
XSNAME_MINLEN PLS_INTEGER 1
XSNAME_MAXLEN PLS_INTEGER 130
PARAMNAME_MINLEN PLS_INTEGER 1
PARAMNAME_MAXLEN PLS_INTEGER 128
XSQNAME_MINLEN PLS_INTEGER 1
XSQNAME_MAXLEN PLS_INTEGER 261
EXTERNAL_NAME_MINLEN PLS_INTEGER 1
EXTERNAL_NAME_MAXLEN PLS_INTEGER 130
WORKSPACE_MINLEN PLS_INTEGER 1
WORKSPACE_MAXLEN PLS_INTEGER 128
DBNAME_MINLEN PLS_INTEGER 1
DBNAME_MAXLEN PLS_INTEGER 130
OBJTYPE_PRINCIPAL PLS_INTEGER 1
OBJTYPE_SECURITY_CLASS PLS_INTEGER 2
OBJTYPE_ACL PLS_INTEGER 3
OBJTYPE_PRIVILEGE PLS_INTEGER 4
OBJTYPE_DATA_SECURITY PLS_INTEGER 5
OBJTYPE_ROLESET PLS_INTEGER 6
OBJTYPE_NSTEMPL PLS_INTEGER 7
OBJTYPE_SYSOP PLS_INTEGER 101
OBJTYPE_ADMOP PLS_INTEGER 102
OBJTYPE_APPLY_POLICY PLS_INTEGER 103
OBJTYPE_GRANTOP PLS_INTEGER 104
OBJTYPE_REVOKEOP PLS_INTEGER 105
OBJTYPE_SET_POLICY PLS_INTEGER 106
Delete Options
DEFAULT_OPTION PLS_INTEGER 1
CASCADE_OPTION PLS_INTEGER 2
ALLOW_INCONSISTENCIES_OPTION PLS_INTEGER 3
Specify if an object exists in the base table or not
STATUS_NOT_EXISTS PLS_INTEGER 0
STATUS_EXISTS PLS_INTEGER 1
Principal Type Definition
PTYPE_XS PLS_INTEGER 1
PTYPE_DB PLS_INTEGER 2
PTYPE_DN PLS_INTEGER 3
PTYPE_EXTERNAL PLS_INTEGER 4
Dependencies
DBMS_NETWORK_ACL_ADMIN XS$OBJ XS_DATA_SECURITY_UTIL_INT
DBMS_RXS_LIB XS$PRIVILEGE XS_DIAG
DBMS_SFW_ACL_ADMIN XS$REALM_CONSTRAINT_TYPE XS_DIAG_INT
DBMS_STANDARD XS$ROLE_GRANT_TYPE XS_NAMESPACE
DBMS_WRR_PROTECTED XS_ACL XS_NAMESPACE_INT
DBMS_XDS_INT XS_ACL_INT XS_PRINCIPAL
DBMS_XSS_LIB XS_ADMIN_INT XS_PRINCIPAL_INT
XS$ACE_TYPE XS_ADMIN_UTIL_INT XS_ROLESET
XS$COLUMN_CONSTRAINT_TYPE XS_DATA_SECURITY XS_ROLESET_INT
XS$KEY_TYPE XS_DATA_SECURITY_INT XS_SECURITY_CLASS
XS$NS_ATTRIBUTE XS_DATA_SECURITY_UTIL XS_SECURITY_CLASS_INT
Documented Yes
Exceptions
Error Code Reason
1031 ERR_INSUFFICIENT_PRIV
28222 ERR_RESERVED_USER
46025 ERR_NO_STATIC_RULE
46055 ERR_ROLE_NOT_GRANTED
46076 ERR_INVALID_LENGTH
46083 ERR_SET_PRIN_GUID
46084 ERR_DROP_SEEDED_OBJ
46085 ERR_NO_PROXY_ROLES
46096 ERR_DEFV_FREVNT_COEXIST
46097 ERR_NO_ROLESET_ROLE
ERR_NO_GRANTEDROLE_PRIN
ERR_NO_SC_PARENTSC
46098 ERR_DUP_PARENT
ERR_DUP_LEAF
ERR_DUP_PRIMARY_KEY
ERR_DUP_ATTR_PRIV_PAIR
ERR_DUP_PROXY
ERR_DUP_ACL_PARAM
ERR_DUP_ROLESET_ROLE
ERR_DUP_POLICY_PARAM
ERR_DUP_NS_ATTR
46099 ERR_FEATURE_NOT_SUPPORTED
46101 ERR_AGGR_CYCLE CONSTANT NUMBER
46103 ERR_SECCLS_CYCLE
46116 ERR_ACL_REFERREDBY_NSTEMPLATE
46117 ERR_ACL_REFERREDBY_PRINCIPLAL
46118 ERR_ACL_SCHEMA_NOT_SYS
46119 ERR_ACL_IS_NULL
46152 ERR_INVALID_VALUE
46202 ERR_NO_HANDLER_FUNC
46211 ERR_INVALID_ENTITY_LENGTH
46212 ERR_DUP_NAME
46214 ERR_OBJ_REFERRED
46215 ERR_INVALID_OBJECT
ERR_NO_OBJ_FOUND
46230 ERR_INTERNAL
46231 ERR_GRANT_ROLE
46232 ERR_ROLE_GRANT_CYCLE
46233 ERR_PARENT_ACL_CYCLE
46235 ERR_NO_POLICY_PARAMETER
46236 ERR_INVALID_POLICY_TYPE
46237 ERR_MIDTIER_CACHE
46238 ERR_NO_DB_USER_ROLE
46240 ERR_PROXY_SCHEMA_EXIST
46241 ERR_PROXY_SCHEMA_NOT_EXIST
46242 ERR_GRANT_ROLE_XSGUEST
First Available 12.1
Security Model Owned by SYS with EXECUTE granted to PUBLIC
Source {ORACLE_HOME}/rdbms/admin/xsutil.sql
Subprograms
CHECK_LENGTH GRANT_SYSTEM_PRIVILEGE SET_DEFAULT_WORKSPACE
CHECK_SEEDED RAISE_ERROR VALIDATE_DB_OBJECT_NAME
DROP_SCHEMA_OBJECTS REMOVE_DBUSER_ACES VALIDATE_DB_USER
GET_DEFAULT_WORKSPACE REVOKE_SYSTEM_PRIVILEGE XSNAME_TO_ID
GET_OBJECT_ID    
 
CHECK_LENGTH
Returns an exception if the test string's length is not between the min and max boundaries xs_admin_util.check_length(
str        IN VARCHAR2,
min_length IN PLS_INTEGER,
max_length IN PLS_INTEGER);
exec xs_admin_util.check_length('TEST', 1, 10);

PL/SQL procedure successfully completed.

exec xs_admin_util.check_length('TEST', 7, 10);
BEGIN xs_admin_util.check_length('TEST', 7, 10); END;

*
ERROR at line 1:
ORA-46076: The specified name length not within valid range.
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 70
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 54
ORA-06512: at line 1
 
CHECK_SEEDED
Check whether the object is seeded or not, internal use xs_admin_util.check_seeded(obj_id IN NUMBER);
-- appears to do precisely nothing

exec xs_admin_util.check_seeded(18);

exec xs_admin_util.check_seeded(89999);

exec xs_admin_util.check_seeded(-1);
 
DROP_SCHEMA_OBJECTS
Drop schema objects under a schema xs_admin_util.drop_schema_objects(schema_name IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(drop_schema_objects, MANUAL);
-- appears to do precisely nothing

CREATE USER c##zzyzx;

CREATE TABLE c##zzyzx.test(
testcol date);

exec xs_admin_util.drop_schema_objects('C##ZZYZX');

SELECT username
FROM dba_users
WHERE username LIKE 'C##%';

USERNAME
---------
C##OE
C##SH
C##ZZYZX
 
GET_DEFAULT_WORKSPACE
Returns the name of the default RAS workspace xs_admin_util.get_default_workspace RETURN VARCHAR2;
SELECT xs_admin_util.get_default_workspace
FROM dual;
 
GET_OBJECT_ID
Called by ADMIN APIs for internal use only returns the object ID xs_admin_util.get_object_id(
obj_name    IN VARCHAR2,
obj_type    IN PLS_INTEGER,
workspace   IN VARCHAR2,
status_flag IN PLS_INTEGER := NULL)
RETURN NUMBER;
TBD
 
GRANT_SYSTEM_PRIVILEGE
Grant system privilege to a user/role xs_admin_util.grant_system_privilege(
priv_name IN VARCHAR2,
user_name IN VARCHAR2,
user_type IN PLS_INTEGER := xs_admin_util.ptype_db,
schema    IN VARCHAR2    := NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(grant_system_privilege, AUTO);
conn sys@pdbdev as sysdba

exec xs_admin_util.grant_system_privilege('ADMINISTER_SESSION', 'UWCLASS');
 
RAISE_ERROR
Raises a RAS application error xs_admin_util.raise_error(
error_number IN PLS_INTEGER,
error_str1   IN VARCHAR2 DEFAULT NULL,
error_str2   IN VARCHAR2 DEFAULT NULL,
keep_stack   IN BOOLEAN  DEFAULT TRUE);
exec xs_admin_util.raise_error(-600, 'Just What We Need');
BEGIN xs_admin_util.raise_error(-600, 'Just What We Need'); END;
*
ERROR at line 1:
ORA-46095: Invalid error code supplied
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 70
ORA-06512: at line 1

SQL> exec xs_admin_util.raise_error(46084, 'Just What We Need');
BEGIN xs_admin_util.raise_error(46084, 'Just What We Need'); END;
*
ERROR at line 1:
ORA-46084: cannot update or delete system-seeded XS objects.
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 70
ORA-06512: at line 1
 
REMOVE_DBUSER_ACES
Revoke system privilege from a user/role with RAS privs xs_admin_util.remove_dbuser_aces(user_name IN VARCHAR2);
exec xs_admin_util.remove_dbuser_aces('UWCLASS');
 
REVOKE_SYSTEM_PRIVILEGE
Revoke System privilege from a user/role xs_admin_util.revoke_system_privilege(
priv_name IN VARCHAR2,
user_name IN VARCHAR2,
user_type IN PLS_INTEGER := xs_admin_util.ptype_db,
schema    IN VARCHAR2    := NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(revoke_system_privilege, AUTO);
conn sys@pdbdev as sysdba

exec xs_admin_util.revoke_system_privilege('ADMINISTER_SESSION', 'UWCLASS');
 
SET_DEFAULT_WORKSPACE
Sets the default workspace name xs_admin_util.set_default_workspace(workspace IN VARCHAR2);
exec xs_admin_util.set_default_workspace('XS');
 
VALIDATE_DB_OBJECT_NAME
Validate DB object name. Internal use only. xs_admin_util.validate_db_object_name(
input_name  IN  VARCHAR2,
object_name OUT VARCHAR2,
error_msg   IN  VARCHAR2 DEFAULT NULL);
DECLARE
 outVal VARCHAR2(30);
BEGIN
  xs_admin_util.validate_db_object_name('N0n Sense', outVal, 'ReadTheDocs');
  dbms_output.put_line(outVal);
END;
/
DECLARE
*
ERROR at line 1:
ORA-28104: input value for ReadTheDocs is not valid
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 163
ORA-06512: at line 4

DECLARE
 outVal VARCHAR2(30);
BEGIN
  xs_admin_util.validate_db_object_name('N0nSense', outVal);
  dbms_output.put_line(outVal);
END;
/
N0NSENSE
 
VALIDATE_DB_USER
Validate DB user/schema. Internal use xs_admin_util.validate_db_user(
input_name IN VARCHAR2,
error_msg  IN VARCHAR2 DEFAULT NULL);
exec xs_admin_util.validate_db_user('N0nSense', 'Bad Choice')
BEGIN xs_admin_util.validate_db_user('N0nSense', 'Bad Choice'); END;
*
ERROR at line 1:
ORA-28104: input value for Bad Choice is not valid
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 185
ORA-06512: at line 1
 
XSNAME_TO_ID
Utility Function: XS name to ID xs_admin_util.xsname_to_id(
obj_name IN VARCHAR2,
obj_type IN PLS_INTEGER)
RETURN NUMBER;
SELECT owner, name
FROM dba_xs_objects
WHERE rownum = 1;

OWNER  NAME
------ -------------------
SYS    ADMINISTER_SESSION

SELECT xs_admin_util.xsname_to_id('ADMINISTER_SESSION', 1)
FROM dual;

Related Topics
Built-in Functions
Built-in Packages
Database Security
DBMS_XS_PRINCIPALS
DBMS_XS_SESSIONS
DBMS_XS_SESSIONS_FFI
DBMS_XS_SIDP
DBMS_XS_SYSTEM
DBMS_XS_SYSTEM_FFI
XS_ACL
XS_ADMIN_UTIL
XS_DATA_SECURITY
XS_DATA_SECURITY_UTIL
XS_DIAG
XS_DIAG_INT
XS_NAMESPACE
XS_PRINCIPAL
XS_PRINCIPAL_INT
XS_SECURITY_CLASS
What's New In 21c
What's New In 23c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2023 Daniel A. Morgan All Rights Reserved
  DBSecWorx