Oracle DBMS_MACSEC_ROLES
Version 23c

General Information
Library Note Morgan's Library Page Header
ACE Director Alum Daniel Morgan, founder of Morgan's Library, is scheduling complimentary technical Workshops on Database Security for the first 30 Oracle Database customers located anywhere in North America, EMEA, LATAM, or APAC that send an email to asra_us@oracle.com. Request a Workshop for your organization today.
Purpose Used to check the authorization for a user or to set an Oracle Database Vault secure application role. The DVSYS.DBMS_MACSEC_ROLES package is available to all users which is a gross violation of good security practices. The Library recommends revoking the GRANT to PUBLIC and only granting execute on this package to a very limited number of authorized and audited users.
AUTHID CURRENT_USER
Dependencies
DBMS_ASSERT DBMS_STANDARD IS_SECURE_APPLICATION_ROLE
DBMS_MACUTL DBMS_UTILITY ROLE_IS_ENABLED
DBMS_SESSION    
Documented Yes
First Available Not Known
Security Model Owned by DVSYS with EXECUTE granted to PUBLIC
Source {ORACLE_HOME}/rdbms/admin/catmacp.sql
Subprograms
 
CAN_SET_ROLE
Checks whether the user invoking the method is authorized to use the specified DV Secure Application Role. The authorization is determined by checking the Rule Set associated with the role. dbms_macsec_roles.can_set_role(p_role IN VARCHAR2) RETURN BOOLEAN ;
BEGIN
  IF dbms_macsec_roles.can_set_role('UW_APP_MGR') THEN
       dbms_macsec_roles.set_role('UW_APP_MGR');
  ELSE
    RAISE_APPLICATION_ERROR(-20001, 'UW_APP_MGR Role Cannot Be Set');
  END IF;
END;
/
 
SET_ROLE
Issues the SET ROLE command for a DV Secure Application Role dbms_macsec_roles.set_role(p_role IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(set_role, NONE);
See CAN_SET_ROLE function above

Related Topics
Built-in Functions
Built-in Packages
CONFIGURE_DV_INTERNAL
DBMS_MACAUD
DBMS_MACOLS_SESSION
DBMS_MACOUT
DBMS_MACSEC
DBMS_MACSEC_FUNCTION
DBMS_MACSEC_RULES
EVENT
OLS_ENFORCEMENT
OLS$DATAPUMP
What's New In 21c
What's New In 23c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2023 Daniel A. Morgan All Rights Reserved
  DBSecWorx