Oracle DBMS_PRIV_CAPTURE
Version 12.2.0.1

General Information
Library Note Morgan's Library Page Header
The Library is currently in the process of being upgraded from Oracle Database Version 12.1.0.2 to 12.2.0.1. Demos are being upgraded to reflect the new Container paradigm as well as EBR (Edition Based Redefinition) and may contain references to CDBs, PDBs, and other objects you may not be familiar with such as CDB_OBJECTS_AE: Welcome to 12c.

Do you remember when mainframes were replaced by client-server? When client-server was replaced by n-tier architecture? The "Cloud" is a distraction ... DevOps is not. Prepare for the future.
Purpose Capture privileges used in Oracle defined PL/SQL packages.

The purpose of this project, #32973, is to capture privileges used for an operation. Privileges checked in the kernel(e.g, through KZP layer) have been collected. However, many Oracle defined PL/SQL packages query privilege related dictionary tables/views(for example, session_privs, session_roles, sysauth$, objauth$, etc.) to check whether a user has a given privilege. For such cases, APIs in this package have been used to replace orginal check. For queries that cannot be replaced, privileges are collected directly by calling dbms_priv_capture.capture_privilege_use.
AUTHID CURRENT_USER
Dependencies
DBMS_AQADM_SYS DBMS_RULE_EXP_UTLI KUPP$PROC
DBMS_CDC_IPUBLISH DBMS_SCHED_JOB_EXPORT KUPV$FT
DBMS_COMPRESSION DBMS_SCHED_MAIN_EXPORT LBAC_EXP
DBMS_CSX_ADMIN DBMS_SMB LBAC_SERVICES
DBMS_CUBE_ADVISE DBMS_SNAPSHOT_COMMON LBAC_SYSDBA
DBMS_DDL DBMS_STATS LOGMNR_EM_SUPPORT
DBMS_EDITIONS_UTILITIES DBMS_STATS_ADVISOR LOGSTDBY_INTERNAL
DBMS_FILE_GROUP_IMP DBMS_STREAMS_ADM_UTL_INVOK OLS_ENFORCEMENT
DBMS_HEAT_MAP DBMS_STREAMS_PUB_RPC PRIV_CAPTURE$
DBMS_LOGREP_IMP DBMS_XDB_CONFIG PRIV_PROFILE_LIB
DBMS_LOGREP_UTIL_INVOK DRIACC ROLENAME_ARRAY
DBMS_METADATA ISXMLTYPETABLE ROLE_ARRAY
DBMS_PARALLEL_EXECUTE KUPF$FILE XS_DATA_SECURITY_UTIL
Documented No
First Available 12.1.0
Security Model Owned by SYS with EXECUTE granted to EXFSYS, LBACSYS, OLAPSYS, and XDB
Source {ORACLE_HOME}/rdbms/admin/catprofp.sql
Subprograms
 
CAPTURE_PRIVILEGE_USE
Capture a privilege usage, if a privilege capture condition is met. This procedure is called when a privilege is used in PL/SQL or JAVA.

Overload 1
dbms_priv_capture.capture_privilege_use(
userid     IN NUMBER,
syspriv    IN NUMBER         DEFAULT NULL,
role       IN VARCHAR2       DEFAULT NULL,
objpriv    IN NUMBER         DEFAULT NULL,
obj        IN NUMBER         DEFAULT NULL,
domain     IN role_array     DEFAULT NULL,
domain_str IN rolename_array DEFAULT NULL);
TBD
Overload 2 dbms_priv_capture.capture_privilege_use(
username   IN VARCHAR2,
syspriv    IN VARCHAR2       DEFAULT NULL,
role       IN VARCHAR2       DEFAULT NULL,
objpriv    IN VARCHAR2       DEFAULT NULL,
owner      IN VARCHAR2       DEFAULT NULL,
object     IN VARCHAR2       DEFAULT NULL,
domain     IN role_array     DEFAULT NULL,
domain_str IN rolename_array DEFAULT NULL);
TBD
 
SES_HAS_OBJ_PRIV
Checks whether the current user has a given object privilege

Appears to have a bug as this returns FALSE for SYS
dbms_priv_capture.ses_has_obj_priv(
objpriv  IN VARCHAR2,
objowner IN VARCHAR2,
objname  IN VARCHAR2,
nmspace  IN PLS_INTEGER DEFAULT 1)
RETURN BOOLEAN;
BEGIN
  IF dbms_priv_capture.ses_has_obj_priv('SELECT', 'SYS', 'CDB_USERS') THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
 
SES_HAS_ROLE_PRIV
Determines whether the current user has a given role dbms_priv_capture.ses_has_role_priv(rolename IN VARCHAR2)
RETURN PLS_INTEGER;
SELECT dbms_priv_capture.ses_has_role_priv('DBHADOOP')
FROM dual;
 
SES_HAS_SYS_PRIV
Determines whether the current user has a given system privilege dbms_priv_capture.ses_has_sys_priv(systempriv IN VARCHAR2)
RETURN PLS_INTEGER;
SELECT dbms_priv_capture.ses_has_sys_priv('CREATE TABLE')
FROM dual;

Related Topics
Built-in Functions
Built-in Packages
DBMS_PRIVILEGE_CAPTURE
Object Privileges
Profiles
Roles
Security
System Privileges
What's New In 12cR1
What's New In 12cR2

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2017 Daniel A. Morgan All Rights Reserved