Which has the higher priority in your organization: Deploying a new database or securing the ones you already have?
Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Purpose
Database Vault Administration Utilities
AUTHID
DEFINER
Constants
Name
Data Type
Value
Global
MANDATORY_REALM
BINARY_INTEGER
1
ACTOR_TYPE_CREATION_AUDIT
PLS_INTEGER
20032
FACTOR_TYPE_DELETION_AUDIT
PLS_INTEGER
20033
FACTOR_TYPE_UPDATE_AUDIT
PLS_INTEGER
20034
FACTOR_TYPE_RENAME_AUDIT
PLS_INTEGER
20035
FACTOR_CREATION_AUDIT
PLS_INTEGER
20036
FACTOR_DELETION_AUDIT
PLS_INTEGER
20037
FACTOR_UPDATE_AUDIT
PLS_INTEGER
20038
FACTOR_RENAME_AUDIT
PLS_INTEGER
20039
ADD_FACTOR_LINK_AUDIT
PLS_INTEGER
20040
DELETE_FACTOR_LINK_AUDIT
PLS_INTEGER
20041
ADD_POLICY_FACTOR_AUDIT
PLS_INTEGER
20042
DELETE_POLICY_FACTOR_AUDIT
PLS_INTEGER
20043
IDENTITY_CREATION_AUDIT
PLS_INTEGER
20044
IDENTITY_DELETION_AUDIT
PLS_INTEGER
20045
IDENTITY_UPDATE_AUDIT
PLS_INTEGER
20046
CHANGE_IDENTITY_FACTOR_AUDIT
PLS_INTEGER
20047
CHANGE_IDENTITY_VALUE_AUDIT
PLS_INTEGER
20048
IDENTITY_MAP_CREATION_AUDIT
PLS_INTEGER
20049
IDENTITY_MAP_DELETION_AUDIT
PLS_INTEGER
20050
POLICY_LABEL_CREATION_AUDIT
PLS_INTEGER
20051
POLICY_LABEL_DELETION_AUDIT
PLS_INTEGER
20052
MAC_POLICY_CREATION_AUDIT
PLS_INTEGER
20053
MAC_POLICY_UPDATE_AUDIT
PLS_INTEGER
20054
MAC_POLICY_DELETION_AUDIT
PLS_INTEGER
20055
ROLE_CREATION_AUDIT
PLS_INTEGER
20056
ROLE_DELETION_AUDIT
PLS_INTEGER
20057
ROLE_UPDATE_AUDIT
PLS_INTEGER
20058
ROLE_RENAME_AUDIT
PLS_INTEGER
20059
DOMAIN_IDENTITY_CREATION_AUDIT
PLS_INTEGER
20060
DOMAIN_IDENTITY_DROP_AUDIT
PLS_INTEGER
20061
DV Policy States
G_DISABLED
NUMBER
0
G_ENABLED
NUMBER
1
G_SIMULATION
NUMBER
2
G_PARTIAL
NUMBER
3
DV Object Types
G_REALM
NUMBER
1
G_COMMAND_RULE
NUMBER
2
Dependencies
DBMS_ASSERT
DV_ADMIN_GRANTEES
KZV$ADM_LIBT
DBMS_MACUTL
DV_DICT_OBJ_NAME
REALM_T$
DBMS_STANDARD
DV_OWNER_GRANTEES
ROLE$
DUAL
DV_SQL_TEXT
RULE$
DV$FACTOR
DV_SYSEVENT
REALM_T$
DV$FACTOR_TYPE
FACTOR$
ROLE$
DV$MAC_POLICY
FACTOR_T$
RULE$
DV$REALM
FACTOR_TYPE$
RULE_SET$
DV$RULE
FACTOR_TYPE_T$
RULE_SET_T$
DV$RULE_SET
GET_REQUIRED_SCOPE
RULE_T$
DV$RULE_SET_RULE
IDENTITY$
Documented
Database Vault Administrator's Guide
Exceptions
Error Code
Reason
ORA-20081
Command not found
ORA-20100
Command rule already defined
ORA-20102
Error creating Command Rule
ORA-47503
Database Vault is not enabled in CDB$ROOT or application root.
First Available
12.1
Security Model
Owned by DVSYS with EXECUTE granted to DV_ADMIN and DV_POLICY_OWNER
Direct access to some subprograms in this package is prevented by an ACCESSIBLE BY clause.
dbms_macadm.add_app_exception(
owner IN VARCHAR2,
package_name IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(add_app_exception, AUTO_WITH_COMMIT);
exec dvsys.dbms_macadm.add_app_exception('C##UWCLASS','COMMON_UTILS');
BEGIN dvsys.dbms_macadm.add_app_exception('C##UWCLASS','COMMON_UTILS'); END;
*
ERROR at line 1:
ORA-47503: Database Vault is not enabled in CDB$ROOT or application root.
ORA-06512: at "DVSYS.DBMS_MACADM", line 1403
ORA-06512: at "DVSYS.DBMS_MACADM", line 1741
ORA-06512: at line 1
Authorize a user or role to access a Realm as a participant or owner
Overload 1
dbms_macadm.add_auth_to_realm(
realm_name IN VARCHAR2,
grantee IN VARCHAR2,
rule_set_name IN VARCHAR2,
auth_options IN NUMBER,
auth_scope IN NUMBER := dvsys.dbms_macutl.g_scope_local);
PRAGMA SUPPLEMENTAL_LOG_DATA(add_auth_to_realm, AUTO_WITH_COMMIT);
TBD
Authorize a user or role to access a Realm as a participant
Overload 2
dbms_macadm.add_auth_to_realm(
realm_name IN VARCHAR2,
grantee IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(add_auth_to_realm, AUTO_WITH_COMMIT);
TBD
Authorize a user or role to access a Realm as an owner or participant (no Rule Set)
Overload 3
dbms_macadm.add_auth_to_realm(
realm_name IN VARCHAR2,
grantee IN VARCHAR2,
auth_options IN NUMBER);
PRAGMA SUPPLEMENTAL_LOG_DATA(add_auth_to_realm, AUTO_WITH_COMMIT);
TBD
Authorize a user or role to access a Realm as a participant (optional)
Overload 4
dbms_macadm.add_auth_to_realm(
realm_name IN VARCHAR2,
grantee IN VARCHAR2,
rule_set_name IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(add_auth_to_realm, AUTO_WITH_COMMIT);
dbms_macadm.add_cmd_rule_to_policy(
policy_name IN VARCHAR2,
command IN VARCHAR2,
object_owner IN VARCHAR2,
object_name IN VARCHAR2,
clause_name IN VARCHAR2 := '%',
parameter_name IN VARCHAR2 := '%',
event_name IN VARCHAR2 := '%',
component_name IN VARCHAR2 := '%',
action_name IN VARCHAR2 := '%',
scope IN NUMBER := dvsys.dbms_macutl.g_scope_local);
PRAGMA SUPPLEMENTAL_LOG_DATA(add_cmd_rule_to_policy, AUTO_WITH_COMMIT);
Specify a parent-child relationship for two factors. The relationship may be used to compute the Factor's identity or label
dbms_macadm.add_factor_link(
parent_factor_name IN VARCHAR2,
child_factor_name IN VARCHAR2,
label_indicator IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(add_factor_link, AUTO_WITH_COMMIT);
dbms_macadm.add_object_to_realm(
realm_name IN VARCHAR2,
object_owner IN VARCHAR2,
object_name IN VARCHAR2,
object_type IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(add_object_to_realm, AUTO_WITH_COMMIT);
dbms_macadm.add_owner_to_policy(
policy_name IN VARCHAR2,
owner_name IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(add_owner_to_policy, AUTO_WITH_COMMIT);
dbms_macadm.add_realm_to_policy(
policy_name IN VARCHAR2,
realm_name IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(add_realm_to_policy, AUTO_WITH_COMMIT);
dbms_macadm.add_rule_to_rule_set(
rule_set_name IN VARCHAR2,
rule_name IN VARCHAR2,
rule_order IN NUMBER,
enabled IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(add_rule_to_rule_set, AUTO_WITH_COMMIT);
TBD
Add an enabled Rule to a Rule Set
Overload 2
dbms_macadm.add_rule_to_rule_set(
rule_set_name IN VARCHAR2,
rule_name IN VARCHAR2,
rule_order IN NUMBER);
PRAGMA SUPPLEMENTAL_LOG_DATA(add_rule_to_rule_set, AUTO_WITH_COMMIT);
TBD
Add an enabled Rule to the end of Rule Set (i.e. evaluated last)
Overload 3
dbms_macadm.add_rule_to_rule_set(
rule_set_name IN VARCHAR2,
rule_name IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(add_rule_to_rule_set, AUTO_WITH_COMMIT);
Authorize a user as Database Replay admin to run capture
dbms_macadm.authorize_dbcapture(uname IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(authorize_dbcapture, AUTO_WITH_COMMIT);
exec dvsys.dbms_macadm.authorize_dbcapture('C##UWCLASS');
BEGIN dvsys.dbms_macadm.authorize_dbcapture('C##UWCLASS'); END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "DVSYS.DBMS_MACADM", line 1403
ORA-06512: at "DVSYS.DBMS_MACADM", line 1604
ORA-06512: at line 1
Authorize a user as Database Replay admin to run replay
dbms_macadm.authorize_dbreplay(uname IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(authorize_dbcapture, AUTO_WITH_COMMIT);
exec dvsys.dbms_macadm.authorize_dbreplay('C##UWCLASS');
BEGIN dvsys.dbms_macadm.authorize_dbreplay('C##UWCLASS'); END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "DVSYS.DBMS_MACADM", line 1403
ORA-06512: at "DVSYS.DBMS_MACADM", line 1615
ORA-06512: at line 1
Authorize a user to execute PREPROCESSOR directive in external tables
dbms_macadm.authorize_preprocessor(uname IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(authorize_preprocessor, AUTO_WITH_COMMIT);
exec dvsys.dbms_macadm.authorize_preprocessor('C##UWCLASS');
BEGIN dvsys.dbms_macadm.authorize_preprocessor('C##UWCLASS'); END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "DVSYS.DBMS_MACADM", line 1403
ORA-06512: at "DVSYS.DBMS_MACADM", line 1578
ORA-06512: at line 1
dbms_macadm.authorize_proxy_user(
uname IN VARCHAR2,
sname IN VARCHAR2 DEFAULT NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(authorize_proxy_user, AUTO_WITH_COMMIT);
-- found in $ORACLE_HOME/rdbms/admin/catmacpost.sql
BEGIN
dbms_macadm.authorize_scheduler_user('SYS', 'EXFSYS');
EXCEPTION
WHEN OTHERS THEN
-- ignore the error if EXFSYS is not created
IF SQLCODE IN (-47324, -47951) THEN
NULL;
ELSE
RAISE;
END IF;
END;
/
dbms_macadm.auth_datapump_grant_role(
uname IN VARCHAR2,
role IN VARCHAR2 DEFAULT '%');
PRAGMA SUPPLEMENTAL_LOG_DATA(auth_datapump_grant_role, AUTO_WITH_COMMIT);
dbms_macadm.change_identity_factor(
factor_name IN VARCHAR2,
value IN VARCHAR2,
new_factor_name IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(change_identity_factor, AUTO_WITH_COMMIT);
dbms_macadm.change_identity_value(
factor_name IN VARCHAR2,
value IN VARCHAR2,
new_value IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(change_identity_value, AUTO_WITH_COMMIT);
Protect a database command by associating it with a Rule Set
The command can only be executed if the Rule Set evaluates to TRUE
dbms_macadm.create_command_rule(
command IN VARCHAR2,
rule_set_name IN VARCHAR2,
object_owner IN VARCHAR2,
object_name IN VARCHAR2,
enabled IN VARCHAR2,
privilege_scope IN NUMBER DEFAULT NULL,
clause_name IN VARCHAR2 := '%',
parameter_name IN VARCHAR2 := '%',
event_name IN VARCHAR2 := '%',
component_name IN VARCHAR2 := '%',
action_name IN VARCHAR2 := '%',
scope IN NUMBER := dvsys.dbms_macutl.g_scope_local,
pl_sql_stack IN BOOLEAN DEFAULT FALSE);
PRAGMA SUPPLEMENTAL_LOG_DATA(create_command_rule, AUTO_WITH_COMMIT);
dbms_macadm.create_connect_command_rule(
user_name IN VARCHAR2,
rule_set_name IN VARCHAR2,
enabled IN VARCHAR2,
scope IN NUMBER := dvsys.dbms_macutl.g_scope_local);
PRAGMA SUPPLEMENTAL_LOG_DATA(create_connect_command_rule, AUTO_WITH_COMMIT);
dbms_macadm.create_domain_identity(
domain_name IN VARCHAR2,
domain_host IN VARCHAR2,
policy_name IN VARCHAR2 DEFAULT NULL,
domain_label IN VARCHAR2 DEFAULT NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(create_domain_identity, AUTO_WITH_COMMIT);
dbms_macadm.create_factor(
factor_name IN VARCHAR2,
factor_type_name IN VARCHAR2,
description IN VARCHAR2,
rule_set_name IN VARCHAR2,
get_expr IN VARCHAR2,
validate_expr IN VARCHAR2,
identify_by IN NUMBER,
labeled_by IN NUMBER,
eval_options IN NUMBER,
audit_options IN NUMBER,
fail_options IN NUMBER,
namespace IN VARCHAR2 DEFAULT NULL,
namespace_attribute IN VARCHAR2 DEFAULT NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(create_factor, AUTO_WITH_COMMIT);
dbms_macadm.create_identity(
factor_name IN VARCHAR2,
value IN VARCHAR2,
trust_level IN NUMBER);
PRAGMA SUPPLEMENTAL_LOG_DATA(create_identity, AUTO_WITH_COMMIT);
Define a set of tests that are used to derive the identity of a Factor from the value of linked child factors (sub-factors)
dbms_macadm.create_identity_map(
identity_factor_name IN VARCHAR2,
identity_factor_value IN VARCHAR2,
parent_factor_name IN VARCHAR2,
child_factor_name IN VARCHAR2,
operation IN VARCHAR2,
operand1 IN VARCHAR2,
operand2 IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(create_identity_map, AUTO_WITH_COMMIT);
Specify the algorithm that is used to merge labels when computing the label for a Factor, or the MAC OLS Session label
dbms_macadm.create_mac_policy(
policy_name IN VARCHAR2,
algorithm IN VARCHAR2,
error_label IN VARCHAR2 DEFAULT NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(create_mac_policy, AUTO_WITH_COMMIT);
dbms_macadm.create_policy(
policy_name IN VARCHAR2,
description IN VARCHAR2,
policy_state IN NUMBER,
pl_sql_stack IN BOOLEAN DEFAULT FALSE);
PRAGMA SUPPLEMENTAL_LOG_DATA(create_policy, AUTO_WITH_COMMIT);
dbms_macadm.create_policy_label(
identity_factor_name IN VARCHAR2,
identity_factor_value IN VARCHAR2,
policy_name IN VARCHAR2,
label IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(create_policy_label, AUTO_WITH_COMMIT);
dbms_macadm.create_realm(
realm_name IN VARCHAR2,
description IN VARCHAR2,
enabled IN VARCHAR2,
audit_options IN NUMBER,
realm_type IN NUMBER DEFAULT NULL,
realm_scope IN NUMBER := dvsys.dbms_macutl.g_scope_local,
pl_sql_stack IN BOOLEAN DFAULT FALSE);
PRAGMA SUPPLEMENTAL_LOG_DATA(create_realm, AUTO_WITH_COMMIT);
Create a DV Secure Application Role with role access protected by a Rule Set
dbms_macadm.create_role(
role_name IN VARCHAR2,
enabled IN VARCHAR2,
rule_set_name IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(create_role, AUTO_WITH_COMMIT);
dbms_macadm.create_rule(
rule_name IN VARCHAR2,
rule_expr IN VARCHAR2,
scope IN NUMBER := dvsys.dbms_macutl.g_scope_local);
PRAGMA SUPPLEMENTAL_LOG_DATA(create_rule, AUTO_WITH_COMMIT);
dbms_macadm.create_rule_set(
rule_set_name IN VARCHAR2,
description IN VARCHAR2,
enabled IN VARCHAR2,
eval_options IN NUMBER,
audit_options IN NUMBER,
fail_options IN NUMBER,
fail_message IN VARCHAR2,
fail_code IN NUMBER,
handler_options IN NUMBER,
handler IN VARCHAR2,
is_static IN BOOLEAN DEFAULT FALSE,
scope IN NUMBER := dvsys.dbms_macutl.g_scope_local);
PRAGMA SUPPLEMENTAL_LOG_DATA(create_rule_set, AUTO_WITH_COMMIT);
dbms_macadm.create_session_event_cmd_rule(
rule_set_name IN VARCHAR2,
enabled IN VARCHAR2,
event_name IN VARCHAR2 := '%',
component_name IN VARCHAR2 := '%',
action_name IN VARCHAR2 := '%',
scope IN NUMBER := dvsys.dbms_macutl.g_scope_local,
pl_sql_stack IN BOOLEAN DEFAULT FALSE);
PRAGMA SUPPLEMENTAL_LOG_DATA(create_session_event_cmd_rule, AUTO_WITH_COMMIT);
dbms_macadm.create_system_event_cmd_rule(
rule_set_name IN VARCHAR2,
enabled IN VARCHAR2,
event_name IN VARCHAR2 := '%',
component_name IN VARCHAR2 := '%',
action_name IN VARCHAR2 := '%',
scope IN NUMBER := dvsys.dbms_macutl.g_scope_local,
pl_sql_stack IN BOOLEAN DEFAULT FALSE);
PRAGMA SUPPLEMENTAL_LOG_DATA(create_system_event_cmd_rule, AUTO_WITH_COMMIT);
dbms_macadm.delete_app_exception(
owner IN VARCHAR2,
package_name IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(delete_app_exception, AUTO_WITH_COMMIT);
exec dvsys.dbms_macadm.delete_app_exception('C##UWCLASS','COMMON_UTILS');
BEGIN dvsys.dbms_macadm.delete_app_exception('C##UWCLASS','COMMON_UTILS'); END;
*
ERROR at line 1:
ORA-47503: Database Vault is not enabled in CDB$ROOT or application root.
ORA-06512: at "DVSYS.DBMS_MACADM", line 1435
ORA-06512: at "DVSYS.DBMS_MACADM", line 1747
ORA-06512: at line 1
Remove the authorization of a user or role to access a Realm
dbms_macadm.delete_auth_from_realm(
realm_name IN VARCHAR2,
grantee IN VARCHAR2,
auth_scope IN NUMBER := dvsys.dbms_macutl.g_scope_local);
PRAGMA SUPPLEMENTAL_LOG_DATA(delete_auth_from_realm, AUTO_WITH_COMMIT);
Delete a command rule from a Database Vault policy
dbms_macadm.delete_cmd_rule_from_policy(
policy_name IN VARCHAR2,
command IN VARCHAR2,
object_owner IN VARCHAR2,
object_name IN VARCHAR2,
clause_name IN VARCHAR2 := '%',
parameter_name IN VARCHAR2 := '%',
event_name IN VARCHAR2 := '%',
component_name IN VARCHAR2 := '%',
action_name IN VARCHAR2 := '%',
scope IN NUMBER := dvsys.dbms_macutl.g_scope_local);
PRAGMA SUPPLEMENTAL_LOG_DATA(delete_cmd_rule_from_policy, AUTO_WITH_COMMIT);
dbms_macadm.delete_command_rule(
command IN VARCHAR2,
object_owner IN VARCHAR2,
object_name IN VARCHAR2,
clause_name IN VARCHAR2 := '%',
parameter_name IN VARCHAR2 := '%',
event_name IN VARCHAR2 := '%',
component_name IN VARCHAR2 := '%',
action_name IN VARCHAR2 := '%',
scope IN NUMBER := dvsys.dbms_macutl.g_scope_local);
PRAGMA SUPPLEMENTAL_LOG_DATA(delete_command_rule, AUTO_WITH_COMMIT);
dbms_macadm.delete_connect_command_rule(
user_name IN VARCHAR2,
scope IN NUMBER := dvsys.dbms_macutl.g_scope_local);
PRAGMA SUPPLEMENTAL_LOG_DATA(delete_connect_command_rule, AUTO_WITH_COMMIT);
Remove a parent-child relationship between two factors
dbms_macadm.delete_factor_link(
parent_factor_name IN VARCHAR2,
child_factor_name IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(delete_factor_link, AUTO_WITH_COMMIT);
dbms_macadm.delete_identity_map(
identity_factor_name IN VARCHAR2,
identity_factor_value IN VARCHAR2,
parent_factor_name IN VARCHAR2,
child_factor_name IN VARCHAR2,
operation IN VARCHAR2,
operand1 IN VARCHAR2,
operand2 IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(delete_identity_map, AUTO_WITH_COMMIT);
dbms_macadm.delete_object_from_realm(
realm_name IN VARCHAR2,
object_owner IN VARCHAR2,
object_name IN VARCHAR2,
object_type IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(delete_object_from_realm, AUTO_WITH_COMMIT);
dbms_macadm.delete_owner_from_policy(
policy_name IN VARCHAR2,
owner_name IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(delete_owner_from_policy, AUTO_WITH_COMMIT);
Removes the Factor from contributing to the MAC OLS Label
dbms_macadm.delete_policy_factor(
policy_name IN VARCHAR2,
factor_name IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(delete_policy_factor, AUTO_WITH_COMMIT);
Drop the Label from an Identity within a MAC OLS Policy
dbms_macadm.delete_policy_label(
identity_factor_name IN VARCHAR2,
identity_factor_value IN VARCHAR2,
policy_name IN VARCHAR2,
label IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(delete_policy_label, AUTO_WITH_COMMIT);
dbms_macadm.delete_realm_from_policy(
policy_name IN VARCHAR2,
realm_name IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(delete_realm_from_policy, AUTO_WITH_COMMIT);
dbms_macadm.delete_rule_from_rule_set(
rule_set_name IN VARCHAR2,
rule_name IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(delete_rule_from_rule_set, AUTO_WITH_COMMIT);
dbms_macadm.delete_session_event_cmd_rule(
event_name IN VARCHAR2 := '%',
component_name IN VARCHAR2 := '%',
action_name IN VARCHAR2 := '%',
scope IN NUMBER := dvsys.dbms_macutl.g_scope_local);
PRAGMA SUPPLEMENTAL_LOG_DATA(delete_session_event_cmd_rule, AUTO_WITH_COMMIT);
dbms_macadm.delete_system_event_cmd_rule(
event_name IN VARCHAR2 := '%',
component_name IN VARCHAR2 := '%',
action_name IN VARCHAR2 := '%',
scope IN NUMBER := dvsys.dbms_macutl.g_scope_local);
PRAGMA SUPPLEMENTAL_LOG_DATA(delete_system_event_cmd_rule, AUTO_WITH_COMMIT);
Disable application protection for whole CDB or one of the PDBs
dbms_macadm.disable_app_protection(pdb_name IN VARCHAR2 DEFAULT NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(disable_app_protection, AUTO_WITH_COMMIT);
exec dvsys.dbms_macadm.disable_app_protection('PDBDEV');
BEGIN dvsys.dbms_macadm.disable_app_protection('PDBDEV'); END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "DVSYS.DBMS_MACADM", line 2822
ORA-06512: at line 1
exec dvsys.dbms_macadm.disable_dv_dictionary_accts;
BEGIN dvsys.dbms_macadm.disable_dv_dictionary_accts; END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "DVSYS.DBMS_MACADM", line 1173
ORA-06512: at line 1
exec dvsys.dbms_macadm.disable_dv_patch_admin_audit;
BEGIN dvsys.dbms_macadm.disable_dv_patch_admin_audit; END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "DVSYS.DBMS_MACADM", line 1185
ORA-06512: at line 1
exec dvsys.dbms_macadm.disable_oradebug;
BEGIN dvsys.dbms_macadm.disable_oradebug; END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "DVSYS.DBMS_MACADM", line 1157
ORA-06512: at line 1
dbms_macadm.drop_domain_identity(
domain_name IN VARCHAR2,
domain_host IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(drop_domain_identity, AUTO_WITH_COMMIT);
Enable application protection for whole CDB or one of the PDBs
dbms_macadm.enable_app_protection(pdb_name IN VARCHAR2 DEFAULT NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(enable_app_protection, AUTO_WITH_COMMIT);
exec dvsys.dbms_macadm.enable_app_protection('PDBDEV');
BEGIN
dvsys.dbms_macadm.enable_app_protection('PDBDEV'); END;
*
ERROR at line 1:
ORA-47503: Database Vault is not enabled in CDB$ROOT or application root.
ORA-06512: at "DVSYS.DBMS_MACADM", line 2811
ORA-06512: at line 1
exec dvsys.dbms_macadm.enable_dv_dictionary_accts;
BEGIN dvsys.dbms_macadm.enable_dv_dictionary_accts; END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "DVSYS.DBMS_MACADM", line 1165
ORA-06512: at line 1
exec dvsys.dbms_macadm.enable_dv_patch_admin_audit;
BEGIN dvsys.dbms_macadm.enable_dv_patch_admin_audit; END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "DVSYS.DBMS_MACADM", line 1179
ORA-06512: at line 1
Revoke authorization for a user as Database Replay admin to run capture
dbms_macadm.unauthorize_dbcapture(uname IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(unauthorize_dbcapture, AUTO_WITH_COMMIT);
exec dvsys.dbms_macadm.unauthorize_dbcapture('C##UWCLASS');
BEGIN dvsys.dbms_macadm.unauthorize_dbcapture('C##UWCLASS'); END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "DVSYS.DBMS_MACADM", line 1435
ORA-06512: at "DVSYS.DBMS_MACADM", line 1609
ORA-06512: at line 1
Revoke authorization for a user as Database Replay admin to run replay
dbms_macadm.unauthorize_dbreplay(uname IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(unauthorize_dbreplay, AUTO_WITH_COMMIT);
exec dvsys.dbms_macadm.unauthorize_dbreplay('C##UWCLASS');
BEGIN dvsys.dbms_macadm.unauthorize_dbreplay('C##UWCLASS'); END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "DVSYS.DBMS_MACADM", line 1435
ORA-06512: at "DVSYS.DBMS_MACADM", line 1620
ORA-06512: at line 1
Revoke authorization to execute PREPROCESSOR directives in external tables
dbms_macadm.unauthorize_preprocessor(uname IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(unauthorize_preprocessor, AUTO_WITH_COMMIT);
exec dvsys.dbms_macadm.unauthorize_preprocessor('C##UWCLASS');
BEGIN dvsys.dbms_macadm.unauthorize_preprocessor('C##UWCLASS'); END;
*
ERROR at line 1:
ORA-01031: insufficient privileges
ORA-06512: at "DVSYS.DBMS_MACADM", line 1435
ORA-06512: at "DVSYS.DBMS_MACADM", line 1583
ORA-06512: at line 1
dbms_macadm.unauth_datapump_grant_role(
uname IN VARCHAR2,
role IN VARCHAR2 DEFAULT '%');
PRAGMA SUPPLEMENTAL_LOG_DATA(unauth_datapump_grant_role, AUTO_WITH_COMMIT);
dbms_macadm.update_command_rule(
command IN VARCHAR2,
rule_set_name IN VARCHAR2,
object_owner IN VARCHAR2,
object_name IN VARCHAR2,
enabled IN VARCHAR2,
privilege_scope IN NUMBER DEFAULT NULL,
clause_name IN VARCHAR2 := '%',
parameter_name IN VARCHAR2 := '%',
event_name IN VARCHAR2 := '%',
component_name IN VARCHAR2 := '%',
action_name IN VARCHAR2 := '%',
scope IN NUMBER := dvsys.dbms_macutl.g_scope_local,
pl_sql_stack IN BOOLEAN DEFAULT NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(update_command_rule, AUTO_WITH_COMMIT);
-- found in $ORACLE_HOME/rdbms/admin/catmacpost.sql
BEGIN
FOR command_rule_rec IN (SELECT * FROM dvsys.dba_dv_command_rule) LOOP
dbms_macadm.update_command_rule(
command => command_rule_rec.command,
rule_set_name => command_rule_rec.rule_set_name,
object_owner => command_rule_rec.object_owner,
object_name => command_rule_rec.object_name,
enabled => dbms_macutl.g_yes);
END LOOP;
COMMIT;
END;
/
dbms_macadm.update_connect_command_rule(
user_name IN VARCHAR2,
rule_set_name IN VARCHAR2,
enabled IN VARCHAR2,
scope IN NUMBER := dvsys.dbms_macutl.g_scope_local);
PRAGMA SUPPLEMENTAL_LOG_DATA(update_connect_command_rule, AUTO_WITH_COMMIT);
dbms_macadm.update_factor(
factor_name IN VARCHAR2,
factor_type_name IN VARCHAR2,
description IN VARCHAR2,
rule_set_name IN VARCHAR2,
get_expr IN VARCHAR2,
validate_expr IN VARCHAR2,
identify_by IN NUMBER,
labeled_by IN NUMBER,
eval_options IN NUMBER,
audit_options IN NUMBER,
fail_options IN NUMBER,
namespace IN VARCHAR2 DEFAULT NULL,
namespace_attribute IN VARCHAR2 DEFAULT NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(update_factor, AUTO_WITH_COMMIT);
dbms_macadm.update_identity(
factor_name IN VARCHAR2,
value IN VARCHAR2,
trust_level IN NUMBER);
PRAGMA SUPPLEMENTAL_LOG_DATA(update_identity, AUTO_WITH_COMMIT);
Specify the algorithm that is used to merge labels when computing the label for a Factor, or the MAC OLS Session label
dbms_macadm.update_mac_policy(
policy_name IN VARCHAR2,
algorithm IN VARCHAR2,
error_label IN VARCHAR2 DEFAULT NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(update_mac_policy, AUTO_WITH_COMMIT);
Update the description of exiting Database Vault policy
dbms_macadm.update_policy_description(
policy_name IN VARCHAR2,
description IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(update_policy_description, AUTO_WITH_COMMIT);
Update the state of existing Database Vault policy
dbms_macadm.update_policy_state(
policy_name IN VARCHAR2,
policy_state IN NUMBER,
pl_sql_stack IN BOOLEAN DEFAULT NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(update_policy_state, AUTO_WITH_COMMIT);
dbms_macadm.update_realm(
realm_name IN VARCHAR2,
description IN VARCHAR2,
enabled IN VARCHAR2,
audit_options IN NUMBER DEFAULT NULL,
realm_type IN NUMBER DEFAULT NULL,
pl_sql_stack IN BOOLEAN DEFAULT NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(update_realm, AUTO_WITH_COMMIT);
Update the authorization of a user or role to access a Realm
dbms_macadm.update_realm_auth(
realm_name IN VARCHAR2,
grantee IN VARCHAR2,
rule_set_name IN VARCHAR2,
auth_options IN NUMBER,
auth_scope IN NUMBER := dvsys.dbms_macutl.g_scope_local);
PRAGMA SUPPLEMENTAL_LOG_DATA(update_realm_auth, AUTO_WITH_COMMIT);
Update a DV Secure Application Role with.access protected by a Rule Set
dbms_macadm.update_role(
role_name IN VARCHAR2,
enabled IN VARCHAR2,
rule_set_name IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(update_role, AUTO_WITH_COMMIT);
dbms_macadm.update_rule_set(
rule_set_name IN VARCHAR2,
description IN VARCHAR2,
enabled IN VARCHAR2,
eval_options IN NUMBER,
audit_options IN NUMBER,
fail_options IN NUMBER,
fail_message IN VARCHAR2,
fail_code IN NUMBER,
handler_options IN NUMBER,
handler IN VARCHAR2,
is_static IN BOOLEAN DEFAULT FALSE);
PRAGMA SUPPLEMENTAL_LOG_DATA(update_rule_set, AUTO_WITH_COMMIT);
dbms_macadm.update_session_event_cmd_rule(
rule_set_name IN VARCHAR2,
enabled IN VARCHAR2,
event_name IN VARCHAR2 := '%',
component_name IN VARCHAR2 := '%',
action_name IN VARCHAR2 := '%',
scope IN NUMBER := dvsys.dbms_macutl.g_scope_local,
pl_sql_stack IN BOOLEAN DEFAULT NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(update_session_event_cmd_rule, AUTO_WITH_COMMIT);
dbms_macadm.update_system_event_cmd_rule(
rule_set_name IN VARCHAR2,
enabled IN VARCHAR2,
event_name IN VARCHAR2 := '%',
component_name IN VARCHAR2 := '%',
action_name IN VARCHAR2 := '%',
scope IN NUMBER := dvsys.dbms_macutl.g_scope_local,
pl_sql_stack IN BOOLEAN DEFAULT NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(update_system_event_cmd_rule, AUTO_WITH_COMMIT);