Oracle XS_ACL
Version 19c

General Information
Library Note Morgan's Library Page Header
Which has the higher priority in your organization: Deploying a new database or securing the ones you already have? Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Purpose Real Application Security Access Control Lists
AUTHID CURRENT_USER
Constants
Name Data Type Value
 Parent ACL Types
EXTENDED PLS_INTEGER 1
CONSTRAINED PLS_INTEGER 2
 Principal's Types
PTYPE_XS PLS_INTEGER 1
PTYPE_DB PLS_INTEGER 2
PTYPE_DN PLS_INTEGER 3
PTYPE_EXTERNAL PLS_INTEGER 4
 Parameter Value Types
TYPE_NUMBER PLS_INTEGER 1
TYPE_VARCHAR PLS_INTEGER 2
Data Types TYPE SYS.XS$ACE_LIST

TYPE SYS.XS$ACE_TYPE
Dependencies
DBA_XS_ACES DBMS_UTILITY XS_ADMIN_INT
DBMS_ASSERT XS$ACE_LIST XS_ADMIN_UTIL
DBMS_NETWORK_ACL_ADMIN XS$ACE_TYPE XS_SECURITY_CLASS_INT
DBMS_SFW_ACL_ADMIN XS_ACL_INT  
Documented No
Exceptions
Error Code Reason
ORA-46152 XS Security - invalid ACE specified
ORA-46215 XS entity by the name <string> did not exist.
First Available 11.2
Security Model Owned by SYS with EXECUTE granted to PUBLIC and DBSFWUSER
Source {ORACLE_HOME}/rdbms/admin/xsacl.sql
Subprograms
 
ADD_ACL_PARAMETER
Add a numeric parameter value

Overload 1
xs_acl.add_acl_parameter(
acl       IN VARCHAR2,
policy    IN VARCHAR2,
parameter IN VARCHAR2,
value     IN NUMBER);
TBD
Add a string parameter value

Overload 2
xs_acl.add_acl_parameter(
acl       IN VARCHAR2,
policy    IN VARCHAR2,
parameter IN VARCHAR2,
value     IN VARCHAR2);
TBD
 
APPEND_ACES
Append one ACE to the ACL

Overload 1
xs_acl.append_aces(
acl IN VARCHAR2,
ace IN XS$ACE_TYPE);
TBD
Append ACEs to the ACL

Overload 2
xs_acl.append_aces(
acl      IN VARCHAR2,
ace_list IN XS$ACE_LIST);
TBD
 
CREATE_ACL
Create ACL API xs_acl.create_acl(
name         IN VARCHAR2,
ace_list     IN XS$ACE_LIST,
sec_class    IN VARCHAR2    := NULL,
parent       IN VARCHAR2    := NULL,
inherit_mode IN PLS_INTEGER := NULL,
description  IN VARCHAR2    := NULL);
col acl format a45
col owner format a20

SELECT acl, owner
FROM dba_xs_aces;

DECLARE
 nlist xs$name_list;
 alist xs$ace_list;  -- a varray of XS$ACE_TYPE which needs name list
BEGIN
  nlist := xs$name_list(NULL);
  nlist(1) := 'CONNECT';

  alist := xs$ace_list(NULL, NULL, NULL, NULL, NULL, NULL, NULL);
  alist(1) := xs$ace_type(nlist, TRUE, FALSE, 'MDSYS', 2, NULL, NULL);

  xs_acl.create_acl('UWACL', alist);
END;
/
DECLARE
*
ERROR at line 1:
ORA-46152: XS Security - invalid ACE specified
ORA-06512: at "SYS.XS_ACL", line 36
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 53
ORA-06512: at "SYS.XS_ACL_INT", line 108
ORA-06512: at "SYS.XS_ACL_INT", line 395
ORA-06512: at "SYS.XS_ACL", line 25
ORA-06512: at line 11


-- looked at the DDL for dba_xs_aces but a bit more work is required to
-- figure out how to create a valid ACE and need to prep for a meeting.
 
DELETE_ACL
Delete an ACL xs_acl.delete_acl(
acl           IN VARCHAR2,
delete_option IN PLS_INTEGER := XS_ADMIN_UTIL.DEFAULT_OPTION);
exec xs_acl.delete_acl('UWACL');
 
REMOVE_ACES
Remove all ACEs from the ACL xs_acl.remove_aces(acl IN VARCHAR2);
exec xs_acl.remove_aces('UWACL');
 
REMOVE_ACL_PARAMETERS
Remove all parameters
Overload 1
xs_acl.remove_acl_parameters(acl IN VARCHAR2);
exec xs_acl.remove_acl_parameters('UWACL');
Remove a single parameter
Overload 2
xs_acl.remove_acl_parameters(
acl       IN VARCHAR2,
parameter IN VARCHAR2);
TBD
Remove a parameter associate with a policy

Overload 3
xs_acl.remove_acl_parameters(
acl       IN VARCHAR2,
policy    IN VARCHAR2,
parameter IN VARCHAR2);
TBD
 
SET_DESCRIPTION
Set an ACL description xs_acl.set_description(
acl         IN VARCHAR2,
description IN VARCHAR2);
exec xs_acl.set_description('UWACL', 'UW Secure ACL');
 
SET_PARENT_ACL
Sets the parent ACL xs_acl.set_parent_acl(
acl          IN VARCHAR2,
parent       IN VARCHAR2,
inherit_mode IN PLS_INTEGER);
TBD
 
SET_SECURITY_CLASS
Sets the security class xs_acl.set_security_class(
acl       IN VARCHAR2,
sec_class IN VARCHAR2);
TBD

Related Topics
Built-in Functions
Built-in Packages
DBMS_NETWORK_ACL_ADMIN
DBMS_SFW_ACL_ADMIN
XS_ADMIN_UTIL
What's New In 19c
What's New In 20c-21c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2019 Daniel A. Morgan All Rights Reserved
  DBSecWorx