Which has the higher priority in your organization: Deploying a new database or securing the ones you already have?
Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Purpose
Real Application Security Access Control Lists
AUTHID
CURRENT_USER
Constants
Name
Data Type
Value
Parent ACL Types
EXTENDED
PLS_INTEGER
1
CONSTRAINED
PLS_INTEGER
2
Principal's Types
PTYPE_XS
PLS_INTEGER
1
PTYPE_DB
PLS_INTEGER
2
PTYPE_DN
PLS_INTEGER
3
PTYPE_EXTERNAL
PLS_INTEGER
4
Parameter Value Types
TYPE_NUMBER
PLS_INTEGER
1
TYPE_VARCHAR
PLS_INTEGER
2
Data Types
TYPE SYS.XS$ACE_LIST
TYPE SYS.XS$ACE_TYPE
Dependencies
DBA_XS_ACES
DBMS_UTILITY
XS_ADMIN_INT
DBMS_ASSERT
XS$ACE_LIST
XS_ADMIN_UTIL
DBMS_NETWORK_ACL_ADMIN
XS$ACE_TYPE
XS_SECURITY_CLASS_INT
DBMS_SFW_ACL_ADMIN
XS_ACL_INT
Documented
No
Exceptions
Error Code
Reason
ORA-46152
XS Security - invalid ACE specified
ORA-46215
XS entity by the name <string> did not exist.
First Available
11.2
Security Model
Owned by SYS with EXECUTE granted to PUBLIC and DBSFWUSER
xs_acl.create_acl(
name IN VARCHAR2,
ace_list IN XS$ACE_LIST,
sec_class IN VARCHAR2 := NULL,
parent IN VARCHAR2 := NULL,
inherit_mode IN PLS_INTEGER := NULL,
description IN VARCHAR2 := NULL);
col acl format a45
col owner format a20
SELECT acl, owner
FROM dba_xs_aces;
DECLARE
nlist xs$name_list;
alist xs$ace_list; -- a varray of XS$ACE_TYPE which needs name list
BEGIN
nlist := xs$name_list(NULL);
nlist(1) := 'CONNECT';
xs_acl.create_acl('UWACL', alist);
END;
/
DECLARE
*
ERROR at line 1:
ORA-46152: XS Security - invalid ACE specified
ORA-06512: at "SYS.XS_ACL", line 36
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 53
ORA-06512: at "SYS.XS_ACL_INT", line 108
ORA-06512: at "SYS.XS_ACL_INT", line 395
ORA-06512: at "SYS.XS_ACL", line 25
ORA-06512: at line 11
-- looked at the DDL for dba_xs_aces but a bit more work is required to
-- figure out how to create a valid ACE and need to prep for a meeting.
