Oracle | XS_DATA_SECURITY

Oracle XS_DATA_SECURITY_UTIL Version 21c

General Information

Library Note

Morgan's Library Page Header

ACE Director Alum Daniel Morgan, founder of Morgan's Library, is scheduling complimentary technical Workshops on Database Security for the first 30 Oracle Database customers located anywhere in North America, EMEA, LATAM, or APAC that send an email to asra_us@oracle.com. Request a Workshop for your organization today.

Purpose Real Application Security

The following important note was added to the create script
-- Bug 23597785: Create XS_DATA_SECURITY_UTIL with invoker rights

AUTHID CURRENT_USER

Data Types TYPE objnametype IS TABLE OF VARCHAR2(130) INDEX BY BINARY_INTEGER; TYPE objnumtype IS TABLE OF NUMBER INDEX BY BINARY_INTEGER;

Dependencies

ACLMV$	DBMS_SQL	DBMS_XDS_LIB
ACLMV$_REFLOG	DBMS_SYS_ERROR	PLITBLM
ACLMVREFSTAT$	DBMS_SYS_SQL	XS_ADMIN_UTIL
DBMS_PRIV_CAPTURE	DBMS_XDS_INT	XS_DATA_SECURITY_UTIL_INT
DBMS_SNAP_INTERNAL

Documented Partially

Exceptions

Error Code	Reason
46025	No static rule specified in applied policy

First Available 12.1

Security Model Owned by SYS with no privileges granted

Source {ORACLE_HOME}/rdbms/admin/xsds.sql

Subprograms

ALTER_STATIC_ACL_REFRESH	SCHEDULE_STATIC_ACL_REFRESH	XS$REFRESH_STATIC_ACL
PURGE_ACL_REFRESH_HISTORY	SET_TRACE_LEVEL

ALTER_STATIC_ACL_REFRESH

Alters the refresh mode for a ACLMV for a table by removing any refresh schedule for this ACLMV (see schedule_static_acl_refresh) xs_data_security_util.alter_static_acl_refresh( schema_name IN VARCHAR2 := NULL, table_name IN VARCHAR2, refresh_mode IN VARCHAR2); -- refresh mode for internal ACLMV. 'ON DEMAND' or 'ON COMMIT' are the only legal values PRAGMA SUPPLEMENTAL_LOG_DATA(alter_static_acl_refresh, AUTO_WITH_COMMIT);

exec xs_data_security_util.alter_static_acl_refresh('UWCLASS', 'SERVERS', xs_data_security_util.aclmv_on_commit);

PURGE_ACL_REFRESH_HISTORY

Purges contents for the table's ACL MV xs_data_security_util.purge_acl_refresh_history( object_schema IN VARCHAR2 := NULL, object_name IN VARCHAR2, purge_date IN DATE := NULL); PRAGMA SUPPLEMENTAL_LOG_DATA(purge_acl_refresh_history, AUTO_WITH_COMMIT);

exec xs_data_security_util.purge_acl_refresh_history('UWCLASS', 'SERVERS', SYSDATE);

      

      SELECT *

      FROM sys.aclmvrefstat$;

SCHEDULE_STATIC_ACL_REFRESH

Schedules automatic refresh of an ACL MV changing the refresh mode to "ON DEMAND" xs_data_security_util.schedule_static_acl_refresh( schema_name IN VARCHAR2 := NULL, table_name IN VARCHAR2, start_date IN TIMESTAMP WITH TIME ZONE := NULL, repeat_interval IN VARCHAR2 := NULL, comments IN VARCHAR2 := NULL); -- Bug 22545933: Enable log based replication for the procedure PRAGMA SUPPLEMENTAL_LOG_DATA(schedule_static_acl_refresh, AUTO_WITH_COMMIT);

exec xs_data_security_util.schedule_static_acl_refresh('UWCLASS', 'SERVERS', SYSTIMESTAMP+1, 'freq=hourly; interval=4', 'Refresh On Demand');

SET_TRACE_LEVEL

Sets the debugging trace level xs_data_security_util.set_trace_level( schema_name IN VARCHAR2, table_name IN VARCHAR2, level IN NUMBER);

exec xs_data_security_util.set_trace_level('UWCLASS', 'SERVERS', 8);

      

      SELECT *

      FROM sys.aclmv$_reflog;

XS$REFRESH_STATIC_ACL

Scheduler callback procedure to refresh an acl-mv xs_data_security_util.xs$refresh_static_acl( schema_name IN VARCHAR2, table_name IN VARCHAR2, mview_name IN VARCHAR2, job_name IN VARCHAR2);

exec xs_data_security_util.xs$refresh_static_acl('SEC_MGR', 'SECTAB', 'SEC_TAB_MV', 'SECJOB');

Morgan's Library Page Footer

This site is maintained by Dan Morgan. Last Updated:

DBSecWorx