Oracle DBMS_MACSEC
Version 21c

General Information
Library Note Morgan's Library Page Header
ACE Director Alum Daniel Morgan, founder of Morgan's Library, is scheduling complimentary technical Workshops on Database Security for the first 30 Oracle Database customers located anywhere in North America, EMEA, LATAM, or APAC that send an email to asra_us@oracle.com. Request a Workshop for your organization today.
Purpose Contains functions that retrieve factor identities. After Oracle Database Vault installation, the install process locks the DVF account to enhance security.

When creating a new factor, Database Vault creates a new retrieval function for the factor owned by the DVF schema.
AUTHID DEFINER
Constants
Name Data Type Value
 General
G_SECURE_ROLE_AUDIT_CODE PLS_INTEGER 10006
Dependencies
DBMS_MACAUD FACTOR$ KZV$FAC_LIBT
DBMS_MACOLS GET_FACTOR OLS$POL
DBMS_MACSEC_RULES GET_FACTOR_LABEL ROLE$
DBMS_MACUTL GET_TRUST_LEVEL ROLE_IS_ENABLED
DBMS_STANDARD GET_TRUST_LEVEL_FOR_IDENTITY SESSION_CONTEXT
DV$RULE IDENTITY$ SET_FACTOR
DV$RULE_SET IS_SECURE_APPLICATION_ROLE  
Documented Yes
First Available Not Known
Security Model Owned by DVSYS with EXECUTE with no privileges granted
Source {ORACLE_HOME}/rdbms/admin/catmacp.sql
Subprograms
GET_FACTOR GET_TRUST_LEVEL ROLE_IS_ENABLED
GET_FACTOR_LABEL IS_SECURE_APPLICATION_ROLE SET_FACTOR
 
GET_FACTOR
Returns the value of a factor. Will return the value cached in the context if the eval_option is set for evaluate on session. dbms_macsec.get_factor(p_factor IN VARCHAR2)
RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_factor, NONE);
col get_expr format a60

SELECT name, get_expr
FROM dvsys.factor$;

SELECT dvsys.dbms_macsec.get_factor('Database_IP')
FROM dual;

DVSYS.DBMS_MACSEC.GET_FACTOR('DATABASE_IP')
--------------------------------------------
FE80::C905:8BD8:A1EC:ECB9%2

SELECT dvsys.dbms_macsec.get_factor('Machine')
FROM dual;

DVSYS.DBMS_MACSEC.GET_FACTOR('MACHINE')
----------------------------------------
WORKGROUP\PERRITO5
 
GET_FACTOR_LABEL
Returns the Factor label dbms_macsec.get_factor_label(
p_factor      IN VARCHAR2,
p_policy_name IN VARCHAR2)
RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_factor_label, NONE);
TBD
 
GET_TRUST_LEVEL
Returns the Trust Level of a Factor

Overload 1		 dbms_macsec.get_trust_level(p_factor IN VARCHAR2)
RETURN NUMBER;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_trust_level, NONE);
SELECT dvsys.dbms_macsec.get_trust_level('Authentication_Method')
FROM dual;

DVSYS.DBMS_MACSEC.GET_TRUST_LEVEL('AUTHENTICATION_METHOD')
----------------------------------------------------------
                                                         1
Returns the Trust Level of a Factor Identity

Overload 2		 dbms_macsec.get_trust_level(
p_factor   IN VARCHAR2,
p_identity IN VARCHAR2)
RETURN NUMBER;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_trust_level, NONE);
TBD
 
IS_SECURE_APPLICATION_ROLE
Returns TRUE if given role is a secure application role dbms_macsec.is_secure_application_role(p_role VARCHAR2)
RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(is_secure_application_role, NONE);
BEGIN
  IF dvsys.dbms_macsec.is_secure_application_role('DBA') THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
F
 
ROLE_IS_ENABLED
Returns TRUE if a Secure Application Role is enabled for use, else FALSE

Note, in the demo at right, you must create a DVSYS role to use this. Standard Oracle Database roles are not the focus of this package.		 dbms_macsec.role_is_enabled(p_role IN VARCHAR2)
RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(role_is_enabled, NONE);
SQL> select role from dvsys.role$;

no rows selected

BEGIN
  IF dvsys.dbms_macsec.role_is_enabled('DBA') THEN
    dbms_output.put_line('F');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
BEGIN
*
ERROR at line 1:
ORA-47301: Role DBA not found
ORA-06512: at "DVSYS.DBMS_MACUTL", line 34
ORA-06512: at "DVSYS.DBMS_MACUTL", line 389
ORA-06512: at "DVSYS.DBMS_MACSEC", line 207
ORA-01403: no data found
ORA-06512: at "DVSYS.DBMS_MACSEC", line 200
ORA-06512: at line 2
 
SET_FACTOR
 Sets the value of a Factor (if allowed by the assignment Rule Set) dbms_macsec.set_factor(
p_factor IN VARCHAR2,
p_value  IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(set_factor, NONE);
TBD

Related Topics
Built-in Functions
Built-in Packages
CONFIGURE_DV_INTERNAL
DBMS_MACAUD
DBMS_MACOLS_SESSION
DBMS_MACOUT
DBMS_MACSEC_FUNCTION
DBMS_MACSEC_ROLES
DBMS_MACSEC_RULES
EVENT
OLS_ENFORCEMENT
OLS$DATAPUMP
What's New In 21c
What's New In 23c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2023 Daniel A. Morgan All Rights Reserved
  DBSecWorx