Oracle DBMS_MACSEC
Version 19.3

General Information
Library Note Morgan's Library Page Header
Which has the higher priority in your organization: Deploying a new database or securing the ones you already have? Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Purpose Contains functions that retrieve factor identities. After Oracle Database Vault installation, the install process locks the DVF account to enhance security.

When creating a new factor, Database Vault creates a new retrieval function for the factor owned by the DVF schema.
AUTHID DEFINER
Constants
Name Data Type Value
 General
G_SECURE_ROLE_AUDIT_CODE PLS_INTEGER 10006
Dependencies
DBMS_MACAUD FACTOR$ KZV$FAC_LIBT
DBMS_MACOLS GET_FACTOR OLS$POL
DBMS_MACSEC_RULES GET_FACTOR_LABEL ROLE$
DBMS_MACUTL GET_TRUST_LEVEL ROLE_IS_ENABLED
DBMS_STANDARD GET_TRUST_LEVEL_FOR_IDENTITY SESSION_CONTEXT
DV$RULE IDENTITY$ SET_FACTOR
DV$RULE_SET IS_SECURE_APPLICATION_ROLE  
Documented Yes
First Available Not Known
Security Model Owned by DVF with EXECUTE with no privileges granted
Source {ORACLE_HOME}/rdbms/admin/catmacp.sql
Subprograms
 
GET_FACTOR
Returns the value of a factor. Will return the value cached in the context if the eval_option is set for evaluate on session. dbms_macsec.get_factor(p_factor IN VARCHAR2)
RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_factor, NONE);
col get_expr format a60

SELECT name, get_expr
FROM dvsys.factor$;

SELECT dvsys.dbms_macsec.get_factor('Database_IP')
FROM dual;

DVSYS.DBMS_MACSEC.GET_FACTOR('DATABASE_IP')
--------------------------------------------
FE80::C905:8BD8:A1EC:ECB9%2

SELECT dvsys.dbms_macsec.get_factor('Machine')
FROM dual;

DVSYS.DBMS_MACSEC.GET_FACTOR('MACHINE')
----------------------------------------
WORKGROUP\PERRITO5
 
GET_FACTOR_LABEL
Returns the Factor label dbms_macsec.get_factor_label(
p_factor      IN VARCHAR2,
p_policy_name IN VARCHAR2)
RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_factor_label, NONE);
TBD
 
GET_TRUST_LEVEL
Returns the Trust Level of a Factor

Overload 1
dbms_macsec.get_trust_level(p_factor IN VARCHAR2)
RETURN NUMBER;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_trust_level, NONE);
SELECT dvsys.dbms_macsec.get_trust_level('Authentication_Method')
FROM dual;

DVSYS.DBMS_MACSEC.GET_TRUST_LEVEL('AUTHENTICATION_METHOD')
----------------------------------------------------------
                                                         1
Returns the Trust Level of a Factor Identity

Overload 2
dbms_macsec.get_trust_level(
p_factor   IN VARCHAR2,
p_identity IN VARCHAR2)
RETURN NUMBER;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_trust_level, NONE);
TBD
 
IS_SECURE_APPLICATION_ROLE
Returns TRUE if given role is a secure application role dbms_macsec.is_secure_application_role(p_role VARCHAR2)
RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(is_secure_application_role, NONE);
BEGIN
  IF dvsys.dbms_macsec.is_secure_application_role('DBA') THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
F
 
ROLE_IS_ENABLED
Returns TRUE if a Secure Application Role is enabled for use, else FALSE

Note, in the demo at right, you must create a DVSYS role to use this. Standard Oracle Database roles are not the focus of this package.
dbms_macsec.role_is_enabled(p_role IN VARCHAR2)
RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(role_is_enabled, NONE);
SQL> select role from dvsys.role$;

no rows selected

BEGIN
  IF dvsys.dbms_macsec.role_is_enabled('DBA') THEN
    dbms_output.put_line('F');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
BEGIN
*
ERROR at line 1:
ORA-47301: Role DBA not found
ORA-06512: at "DVSYS.DBMS_MACUTL", line 34
ORA-06512: at "DVSYS.DBMS_MACUTL", line 389
ORA-06512: at "DVSYS.DBMS_MACSEC", line 207
ORA-01403: no data found
ORA-06512: at "DVSYS.DBMS_MACSEC", line 200
ORA-06512: at line 2
 
SET_FACTOR
 Sets the value of a Factor (if allowed by the assignment Rule Set) dbms_macsec.set_factor(
p_factor IN VARCHAR2,
p_value  IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(set_factor, NONE);
TBD

Related Topics
Built-in Functions
Built-in Packages
DBMS_MACAUD
DBMS_MACOLS_SESSION
DBMS_MACOUT
DBMS_MACSEC_FUNCTION
DBMS_MACSEC_ROLES
DBMS_MACSEC_RULES
EVENT
OLS_ENFORCEMENT
OLS$DATAPUMP
What's New In 18c
What's New In 19c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2019 Daniel A. Morgan All Rights Reserved
  DBSecWorx