Oracle Real Application Security (RAS)
Version 12.1

General Information
Library Note Morgan's Library Page Header
Which has the higher priority in your organization: Deploying a new database or securing the ones you already have? Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Be sure to view the full listing of monographs in Morgan's Library
Purpose  
Dependencies
DBA_ACL_NAME_MAP DBA_XDS_ACL_REFRESH DBMS_XS_PRINCIPALS
DBA_HOST_ACLS| DBA_XDS_ACL_REFSTAT DBMS_XS_SESSIONS
DBA_NETWORK_ACLS DBA_XDS_LATEST_ACL_REFSTAT XS$ACE_TYPE
DBA_NETWORK_ACL_PRIVILEGES DBA_XS_ACLS DBMS_XS_SESSIONS_FFI
DBA_WALLET_ACLS DBA_XS_ACL_PARAMETERS  
RAS Functions
RAS Packages
DBMS_XS_SESSIONS XS_DATA_SECURITY XS_NAMESPACE
XS_ACL XS_DATA_SECURITY_UTIL XS_PRINCIPAL
XS_ADMIN_UTIL XS_DIAG XS_SECURITY_CLASS
 
RAS Functions
COLUMN_AUTH_INDICATOR
Checks if the specified table column is authorized on a particular table row
COLUMN_AUTH_INDICATOR(col) RETURN BOOLEAN;
TBD
ORA_CHECK_ACL

Checks if an application user has the queried application
privileges according to a list of ACLs
ora_check_acl(XS_Operator IN HEX_NUMBER, arg2, arg3) RETURN BOOLEAN

ORA_CHECK_ACL(
acls IN RAW,
(privileges IN VARCHAR(128))+)
return NUMBER;
SELECT ora_check_acl(2147483661,  2147483653, NULL) FROM dual;
                     *
ERROR at line 1:
ORA-00932: inconsistent datatypes: expected BINARY got NUMBER
ORA_CHECK_PRIVILEGE

Checks if the specified system privileges have been granted to an application user

As can be seen in the demo at right I was unable to find a valid combination that would return a 1
ora_check_privilege(
arg1 IN VARCHAR2,
arg2 IN VARCHAR2)
RETURN NUMBER;
SELECT ora_check_privilege('SYS', 'CREATE TABLE') FROM dual;

SELECT ora_check_privilege('CREATE TABLE', 'SYS') FROM dual;

SQL> SELECT ora_check_privilege('A', 'B', 'C', 'D','E','F','G','H')
  2  FROM dual;

ORA_CHECK_PRIVILEGE('A','B','C','D','E','F','G','H')
----------------------------------------------------
                                                   0
ORA_GET_ACLIDS

Returns a list of ACL identifiers associated with an object instance of the
XDS-enabled tables for the current application user
ORA_GET_ACLIDS (
table_alias IN VARCHAR2,
privileges  IN VARCHAR(128))+)
RETURN RAW;
The example on page 10-4 of the docs is nonsense
TO_ACLID

Appears able to converts an unknown value, possibly an ACL name to an ACL_ID but, as in the demo at right, I can prove the function exits but not get it working properly
to_aclid(<arg> IN VARCHAR2) RETURN VARCHAR2;
SELECT to_aclid(name)
FROM xs$obj;
FROM xs$obj
     *
ERROR at line 2:
ORA-46114: ACL name XSAUTHENTICATED not found.

TO_ACLID(
(acls IN VARCHAR(128))+)
return NUMBER;
XS_SYS_CONTEXT (Introduced 11.1.0.6)

Retrieves the session attributes and the XS$GLOBAL_VAR namespace
attribute for the current application session

Known CONTEXT attributes:
CURRENT_XS_USER
SESSION_ID
SESSION_XS_USER_GUID

 
xs_sys_context(
namespace IN VARCHAR2
attribute IN VARCHAR2)
RETURN VARCHAR2;
SQL> SELECT xs_sys_context('XS$SESSION','CURRENT_XS_USER')
  2  FROM dba_xs_users;

XS_SYS_CONTEXT('XS$SESSION','CURRENT_XS_USER')
-----------------------------------------------


SQL> SELECT name
  2  FROM dba_xs_users
  3* WHERE name = xs_sys_context('XS$SESSION','CURRENT_XS_USER');

no rows selected
From %$ORACLE_HOME/rdbms/admin SQL> DECLARE
  2   sessID RAW(64);
  3  BEGIN
  4    dbms_xs_sessions.create_session('MORGAN', sessID, is_external=>TRUE);
  5    dbms_output.put_line(sessID);
  6* END;
  7  /
1E72B33ED6E040AEAFB4896F81582932

SELECT xs_sys_context('XS$SESSION',  'SESSION_XS_USER_GUID')
FROM dual;

SELECT xs_sys_context('XS$SESSION', 'SESSION_ID')
FROM dual;

Related Topics
DBMS_METADATA
DBMS_XS_PRINCIPALS
DBMS_XS_SESSIONS
DBMS_XS_SESSIONS_FFI
DBMS_XS_SYSTEM
DBMS_XS_SYSTEM_FFI
DBMS_XS_SIDP
DBMS_XS_SYSTEM
DBMS_XS_SYSTEM_FFI
Packages
XS_ACL
XS_ACL_INT
XS_ADMIN_UTIL
XS_DATA_SECURITY
XS_DATA_SECURITY_UTIL
XS_DIAG
XS_DIAG_INT
XS_NAMESPACE
XS_PRINCIPAL
XS_SECURITY_CLASS
What's New In 19c
What's New In 20c-21c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2019 Daniel A. Morgan All Rights Reserved
  DBSecWorx