Oracle DBMS_MACUTL
Version 21c

General Information
Library Note Morgan's Library Page Header
ACE Director Alum Daniel Morgan, founder of Morgan's Library, is scheduling complimentary technical Workshops on Database Security for the first 30 Oracle Database customers located anywhere in North America, EMEA, LATAM, or APAC that send an email to asra_us@oracle.com. Request a Workshop for your organization today.
Purpose Provides constants and utilities for use with Oracle Database Vault
AUTHID DEFINER
Constants
Name Data Type Value
 Code Groups
G_CODES_AUDIT_EVENTS VARCHAR2(30) 'AUDIT_EVENTS'
G_CODES_BOOLEAN VARCHAR2(30) 'BOOLEAN'
G_CODES_DDL_CMDS VARCHAR2(30) 'DDL_CMDS'
G_CODES_FACTOR_AUDIT VARCHAR2(30) 'FACTOR_AUDIT'
G_CODES_FACTOR_EVAL VARCHAR2(30) 'FACTOR_EVALUATE'
G_CODES_FACTOR_FAIL VARCHAR2(30) 'FACTOR_FAIL'
G_CODES_FACTOR_IDENTIFY VARCHAR2(30) 'FACTOR_IDENTIFY'
G_CODES_FACTOR_LABEL VARCHAR2(30) 'FACTOR_LABEL'
G_CODES_DB_OBJECT_TYPE VARCHAR2(30) 'DB_OBJECT_TYPE'
G_CODES_LABEL_ALG VARCHAR2(30) 'LABEL_ALG'
G_CODES_MESSAGES VARCHAR2(30) 'DV_MESSAGES'
G_CODES_OPERATORS VARCHAR2(30) 'OPERATORS'
G_CODES_REALM_AUDIT VARCHAR2(30) 'REALM_AUDIT'
G_CODES_RULESET_AUDIT VARCHAR2(30) 'RULESET_AUDIT'
G_CODES_RULESET_EVAL VARCHAR2(30) 'RULESET_EVALUATE'
G_CODES_RULESET_EVENT VARCHAR2(30) 'RULESET_EVENT'
G_CODES_RULESET_FAIL VARCHAR2(30) 'RULESET_FAIL'
G_CODES_SQL_CMDS VARCHAR2(30) 'SQL_CMDS'
 Context: Namespace, Attribute, Value
G_CONTEXT_PREFIX VARCHAR2(30) 'MAC$'
G_CONTEXT_FACTOR_LABEL VARCHAR2(30) g_context_prefix||'F$'
G_CONTEXT_SESSION_LABEL VARCHAR2(30) g_context_prefix||'S$'
G_CONTEXT_FACTOR VARCHAR2(30) g_context_prefix||'FACTOR'
G_CONTEXT_REALM VARCHAR2(30) g_context_prefix||'REALM'
G_MIN_POLICY_LABEL VARCHAR2(30) 'MIN_POLICY_LABEL'
G_MAX_SESSION_LABEL VARCHAR2(30) 'MAX_SESSION_LABEL'
G_OLS_SESSION_LABEL VARCHAR2(30) 'OLS_SESSION_LABEL'
G_USER_POLICY_LABEL VARCHAR2(30) 'USER_POLICY_LABEL'
 Database Vault Realm Scope
G_SCOPE_LOCAL NUMBER 1
G_SCOPE_COMMON NUMBER 2
 Datapump Authorization Actions
G_DP_ACT_ALL VARCHAR2(30) '%'
G_DP_ACT_CREATE_USER VARCHAR2(30) 'CREATE_USER'
G_DP_ACT_GRANT VARCHAR2(30) 'GRANT'
G_DP_ACT_TABLE VARCHAR2(30) 'TABLE'
 Factor Audit Options
G_AUDIT_OFF NUMBER 0
G_AUDIT_ALWAYS NUMBER POWER(2,0)
G_AUDIT_ON_GET_ERROR NUMBER POWER(2,1)
G_AUDIT_ON_GET_NULL NUMBER POWER(2,2)
G_AUDIT_ON_VALIDATE_ERROR NUMBER POWER(2,3)
G_AUDIT_ON_VALIDATE_FLASE NUMBER POWER(2,4)
G_AUDIT_ON_TRUST_LEVEL_NULL NUMBER POWER(2,5)
G_AUDIT_ON_TRUST_LEVEL_NEG NUMBER POWER(2,6)
 Factor Identify By Column
G_IDENTIFY_BY_CONSTANT NUMBER 0
G_IDENTIFY_BY_METHOD NUMBER 1
G_IDENTIFY_BY_FACTOR NUMBER 2
G_IDENTIFY_BY_CONTEXT NUMBER 3
 Factor Evaluation Options
G_EVAL_ON_SESSION NUMBER 0
G_EVAL_ON_ACCESS NUMBER 1
G_EVAL_ON_STARTUP NUMBER 2
 Factor Labeled By Column
G_LABELED_BY_SELF NUMBER 0
G_LABELED_BY_FACTORS NUMBER 1
 Fail Options
G_FAIL_WITH_MESSAGE NUMBER POWER(2,0)
G_FAIL_SILENTLY NUMBER POWER(2,1)
 Realm Audit Options
G_REALM_AUDIT_OFF NUMBER 0
G_REALM_AUDIT_FAIL NUMBER POWER(2,0)
G_REALM_AUDIT_SUCCESS NUMBER POWER(2,1)
 Realm Authorizations
G_REALM_AUTH_PARTICIPANT NUMBER 0
G_REALM_AUTH_OWNER NUMBER 1
 Realm Objects
G_ALL_OBJECT VARCHAR2(1) '%'
 Rule Set Audit Options
G_RULESET_AUDIT_OFF NUMBER 0
G_RULESET_AUDIT_FAIL NUMBER POWER(2,0)
G_RULESET_AUDIT_SUCCESS NUMBER POWER(2,1)
 Rule Set Evaluation Options
G_RULESET_EVAL_ALL NUMBER 1
G_RULESET_EVAL_ANY NUMBER 2
 Rule Set Fail Options
G_RULESET_FAIL_SHOW NUMBER 1
G_RULESET_FAIL_SILENT NUMBER 2
 Rule Set Handler Options
G_RULESET_HANDLER_OFF NUMBER 0
G_RULESET_HANDLER_FAIL NUMBER POWER(2,0)
G_RULESET_HANDLER_SUCCESS NUMBER POWER(2,1)
 Simulation/Training
G_SIMULATION VARCHAR2(1) 'S'
 Yes/No Constants
G_NO VARCHAR2(1) 'N'
G_YES VARCHAR2(1) 'Y'
Data Types -
Dependencies
ALL_REGISTRY_BANNERS DBMS_MACOLS_SESSION FACTOR$
ALL_USERS DBMS_MACSEC KZV$UTL_LIBT
CHECK_FULL_DVAUTH DBMS_MACSEC_ROLES OLS$PROPS
CHECK_TAB_DVAUTH DBMS_MACSEC_RULES OUT
CHECK_TS_DVAUTH DBMS_STANDARD PLITBLM
CODE$ DBMS_UTILITY ROLENAME_ARRAY
CONFIGURE_DV_INTERNAL DV$CODE ROLE_ARRAY
DBA_SYS_PRIVS EVALUATE_RULE_SET SESSION_CONTEXT
DBMS_ASSERT EVENT_STATUS UTL_LMS
DBMS_MACADM EVENT_STATUS_ROW_TYPE V_$OPTION
DBMS_MACOLS EVENT_STATUS_TABLE_TYPE  
Documented Partially: In the Database Vault Administrator's Guide
Exceptions
Error Code Reason
ORA-29504 invalid or missing schema name
First Available Not known
Security Model Owned by DVSYS with EXECUTE granted to DV_ADMIN

Some functionality only runs in CDB$ROOT
Source {ORACLE_HOME}/rdbms/admin/catmacp.sql
Subprograms
ALTER_SYSTEM_DUMP_ALLOWED GET_FACTOR_CONTEXT IS_OLS_INSTALLED_VARCHAR
ALTER_SYSTEM_DUMP_VARCHAR GET_HOUR OLS_LDAP_USER
CHECK_DVSYS_DML_ALLOWED GET_MESSAGE_LABEL RAISE_ERROR 7
CHECK_FULL_DVAUTH GET_MINUTE RAISE_UNAUTHORIZED_OPERATION
CHECK_GOLDENGATE_ADMIN GET_MONTH ROLE_GRANTED_ENABLED_VARCHAR
CHECK_GOLDENGATE_REDO_ACCESS GET_SECOND SESSION_ENABLED_ROLE
CHECK_STREAMS_ADMIN GET_SQL_TEXT SESSION_ENABLED_ROLE_VARCHAR
CHECK_TAB_DVAUTH GET_YEAR TO_ORACLE_IDENTIFIER
CHECK_TS_DVAUTH IN_CALL_STACK UNIQUE_USER
CHECK_XSTREAM_ADMIN IS_ALPHA USER_HAS_OBJECT_PRIVILEGE
DECODE_AUDIT_OPTIONS IS_DIGIT USER_HAS_ROLE
GET_ACO_STATUS IS_DVSYS_OWNER USER_HAS_ROLE_VARCHAR
GET_CODE_ID IS_DV_ENABLED USER_HAS_SYSTEM_PRIVILEGE
GET_CODE_VALUE IS_DV_ENABLED_VARCHAR USER_HAS_SYSTEM_PRIV_VARCHAR
GET_DAY IS_OID_ENABLED_OLS VALIDATE_NAME
GET_EVENT_STATUS IS_OLS_INSTALLED  
 
ALTER_SYSTEM_DUMP_ALLOWED
Checks whether 'alter system dump datafile' is only dumping header block dbms_macutl.alter_system_dump_allowed RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(alter_system_dump_allowed, NONE);
TBD
 
ALTER_SYSTEM_DUMP_VARCHAR
Checks whether 'alter system dump datafile' is only dumping header block dbms_macutl.alter_system_dump_varchar RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(alter_system_dump_varchar, NONE);
TBD
 
CHECK_DVSYS_DML_ALLOWED
Verifies that a public-APIs are not being bypassed by users updating the DV configuration dbms_macutl.check_dvsys_dml_allowed(p_user IN VARCHAR2
  DEFAULT sys.dbms_assert.enquote_name(SYS_CONTEXT('USERENV', 'CURRENT_USER'), FALSE));
PRAGMA SUPPLEMENTAL_LOG_DATA(check_dvsys_dml_allowed, NONE);
TBD
 
CHECK_FULL_DVAUTH
Returns 1 if full database authorization level dbms_macutl.check_full_dvauth RETURN BINARY_INTEGER;
PRAGMA SUPPLEMENTAL_LOG_DATA(check_full_dvauth, NONE);
SELECT dvsys.dbms_macutl.check_full_dvauth
FROM dual;

CHECK_FULL_DVAUTH
-----------------
                1
 
CHECK_GOLDENGATE_ADMIN
Checks whether the given user can perform Golden Gate extract operation dbms_macutl.check_goldengate_admin(p_user IN VARCHAR2) RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(check_goldengate_admin, NONE);
TBD
 
CHECK_GOLDENGATE_REDO_ACCESS
Checks whether the given user can perform Golden Gate extract operation using the OCI interface dbms_macutl.check_goldengate_redo_access(p_user IN VARCHAR2) RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(check_goldengate_redo_access, NONE);
TBD
 
CHECK_STREAMS_ADMIN
Checks whether the given user can perform Streams administrative operation dbms_macutl.check_streams_admin(p_user IN VARCHAR2) RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(check_streams_admin, NONE);
TBD
 
CHECK_TAB_DVAUTH
Verifies DV authorization for a specified table dbms_macutl.check_tab_dvauth(
schema_name IN VARCHAR2,
table_name  IN VARCHAR2)
RETURN BINARY_INTEGER;
PRAGMA SUPPLEMENTAL_LOG_DATA(check_tab_dvauth, NONE);
SELECT dvsys.dbms_macutl.check_tab_dvauth('UWCLASS', 'SERVERS')
FROM dual;

DVSYS.DBMS_MACUTL.CHECK_TAB_DVAUTH('UWCLASS','SERVERS')
-------------------------------------------------------
                                                      1
 
CHECK_TS_DVAUTH
Verifies DV authorization for a specified tablespace dbms_macutl.check_ts_dvauth(ts_name IN VARCHAR2) RETURN BINARY_INTEGER;
PRAGMA SUPPLEMENTAL_LOG_DATA(check_ts_dvauth, NONE);
SELECT dvsys.dbms_macutl.check_ts_dvauth('USERS')
FROM dual;

DVSYS.DBMS_MACUTL.CHECK_TS_DVAUTH('USERS')
------------------------------------------
                                         1
 
CHECK_XSTREAM_ADMIN
Checks whether the given user can perform XSTREAM capture operation dbms_macutl.check_xstream_admin(p_user IN VARCHAR2) RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(check_xstream_admin, NONE);
TBD
 
DECODE_AUDIT_OPTIONS
Converts the audit_options value for a table to its corresponding string dbms_macutl.decode_audit_options(
p_table_name    IN VARCHAR2,
p_audit_options IN NUMBER)
RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(decode_audit_options, NONE);
TBD
 
GET_ACO_STATUS (new 21c)
Returns ALLOW COMMON OPERATION status dbms_macutl.get_aco_status(RETURN PLS_INTEGER;
PRAGMA SUPPLEMENTAL_LOG_DATA(GET_ACO_STATUS, NONE);
SELECT dvsys.dbms_macutl.get_aco_status
FROM dual;

DVSYS.DBMS_MACUTL.GET_ACO_STATUS
--------------------------------
                               1
 
GET_CODE_ID
Looks up the id for a code within a code group dbms_macutl.get_code_id(
p_code_group IN VARCHAR2,
p_code       IN VARCHAR2)
RETURN NUMBER;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_code_id, NONE);
TBD
 
GET_CODE_VALUE
Looks up the value for a code within a code group dbms_macutl.get_code_value(
p_code_group IN VARCHAR2,
p_code       IN VARCHAR2)
RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_code_value, NONE);
TBD
 
GET_DAY
Returns the day in Oracle DD format (01-31) dbms_macutl.get_day(p_date IN DATE DEFAULT SYSDATE) RETURN NUMBER;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_day, NONE);
TBD
 
GET_EVENT_STATUS
Obtain the status of events 10079 and 24473 dbms_macutl.get_event_status RETURN dvsys.event_status_table_type PIPELINED;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_event_status, NONE);
SELECT * FROM TABLE(dvsys.dbms_macutl.get_event_status);

     EVENT ENABL
---------- -----
     10079 FALSE
     24473 FALSE
 
GET_FACTOR_CONTEXT
Constructs an XML document which contains the values for all of the factors dbms_macutl.get_factor_context(skip_default IN VARCHAR2) RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_factor_context, NONE);
TBD
 
GET_HOUR
Returns the hour in Oracle HH24 format (00-23) dbms_macutl.get_hour(p_date IN DATE DEFAULT SYSDATE) RETURN NUMBER;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_hour, NONE);
TBD
 
GET_MESSAGE_LABEL
Looks up an error message and replaces parameters accordingly

Overload 1		 dbms_macutl.get_message_label(
p_message_code IN VARCHAR2,
p_parameter1   IN VARCHAR2 DEFAULT NULL,
p_parameter2   IN VARCHAR2 DEFAULT NULL,
p_parameter3   IN VARCHAR2 DEFAULT NULL,
p_parameter4   IN VARCHAR2 DEFAULT NULL,
p_parameter5   IN VARCHAR2 DEFAULT NULL,
p_parameter6   IN VARCHAR2 DEFAULT NULL)
RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_message_label, NONE);
TBD
Looks up an error message and replaces parameters accordingly

Overload 2		 dbms_macutl.get_message_label(
p_message_code IN NUMBER,
p_parameter1   IN VARCHAR2 DEFAULT NULL,
p_parameter2   IN VARCHAR2 DEFAULT NULL,
p_parameter3   IN VARCHAR2 DEFAULT NULL,
p_parameter4   IN VARCHAR2 DEFAULT NULL,
p_parameter5   IN VARCHAR2 DEFAULT NULL,
p_parameter6   IN VARCHAR2 DEFAULT NULL)
RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_message_label, NONE);
TBD
 
GET_MINUTE
Returns the minute in Oracle MI format (00-59) dbms_macutl.get_minute(p_date IN DATE DEFAULT SYSDATE) RETURN NUMBER;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_minute, NONE);
TBD
 
GET_MONTH
Returns the month in Oracle MM format (01-12) dbms_macutl.get_month(p_date IN DATE DEFAULT SYSDATE) RETURN NUMBER;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_month, NONE);
TBD
 
GET_SECOND
Returns the seconds in Oracle SS format (00-59) dbms_macutl.get_second(p_date IN DATE DEFAULT SYSDATE) RETURN NUMBER;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_second, NONE);
TBD
 
GET_SQL_TEXT
Concatenates the elements of an ora_name_list_t into a single VARCHAR2 dbms_macutl.get_sql_text(p_sql_text IN ora_name_list_t) RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_sql_text, NONE);
DECLARE
  test_sql ora_name_list_t := ora_name_list_t();
  retVal dbms_id;
BEGIN
  test_sql.extend(3);
  test_sql(1) := 'SELECT dummy ';
  test_sql(2) := 'FROM dual';
  retVal := dvsys.dbms_macutl.get_sql_text(test_sql);
  dbms_output.put_line(retVal);
END;
/
SELECT DUMMY FROM DUAL

PL/SQL procedure successfully completed.
 
GET_YEAR
Returns the year in Oracle YYYY format (0001-9999) dbms_macutl.get_year(p_date IN DATE DEFAULT SYSDATE) RETURN NUMBER;
PRAGMA SUPPLEMENTAL_LOG_DATA(get_year, NONE);
TBD
 
IN_CALL_STACK
Checks for a string in the PL/SQL call stack dbms_macutl.in_call_stack(p_search_term IN VARCHAR2) RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(in_call_stack, NONE);
TBD
 
IS_ALPHA
Checks the first character of a string to determine whether it is alpha

The Oracle docs are technically incorrect on this function and should not be relied upon as demonstrated at right		 dbms_macutl.is_alpha(c IN varchar2) RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(is_alpha, NONE);
BEGIN
  IF dvsys.dbms_macutl.is_alpha('A1234567#$') THEN
    dbms_output.put_line('Alpha');
  ELSE
    dbms_output.put_line('Not Alpha');
  END IF;
END;
/
Alpha

PL/SQL procedure successfully completed.
 
IS_DIGIT
Checks the first character of a string to determine whether it is a digit

The Oracle docs are technically incorrect on this function and should not be relied upon as demonstrated at right		 dbms_macutl.is_digit(c IN varchar2) RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(is_digit, NONE);
BEGIN
  IF dvsys.dbms_macutl.is_digit('1ABCDEFG#$') THEN
    dbms_output.put_line('Digit');
  ELSE
    dbms_output.put_line('Not Digit');
  END IF;
END;
/
Digit

PL/SQL procedure successfully completed.
 
IS_DVSYS_OWNER
Determines whether a user is authorized to manage the DV configuration. The
DVSYS user and users granted the DV_OWNER role are authorized.		 dbms_macutl.is_dvsys_owner(
p_user    IN VARCHAR2
  DEFAULT sys.dbms_assert.enquote_name(SYS_CONTEXT('USERENV', 'CURRENT_USER'), FALSE),
p_profile IN BOOLEAN  DEFAULT TRUE,
p_scope   IN VARCHAR2 := 'LOCAL')
RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(is_dvsys_owner, NONE);
BEGIN
  IF dvsys.dbms_macutl.is_dvsys_owner THEN
    dbms_output.put_line('Yes');
  ELSE
    dbms_output.put_line('No');
  END IF;
END;
/
No

PL/SQL procedure successfully completed.
 
IS_DV_ENABLED
Returns TRUE if Database Vault is enabled dbms_macutl.is_dv_enabled(RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(is_dv_enabled, NONE);
BEGIN
  IF dvsys.dbms_macutl.is_dv_enabled THEN
    dbms_output.put_line('Enabled');
  ELSE
    dbms_output.put_line('Disabled');
  END IF;
END;
/
Enabled

PL/SQL procedure successfully completed.
 
IS_DV_ENABLED_VARCHAR
Returns Y if Database Vault is enabled dbms_macutl.is_dv_enabled_varchar(RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(is_dv_enabled_varchar, NONE);
SELECT dvsys.dbms_macutl.is_dv_enabled_varchar
FROM dual;

IS_DV_ENABLED_VARCHAR
----------------------
Y
 
IS_OID_ENABLED_OLS
Returns TRUE if OID is enabled with Oracle Label Security dbms_macutl.is_oid_enabled_ols RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(is_oid_enabled_ols, NONE);
BEGIN
  IF dvsys.dbms_macutl.is_oid_enabled_ols THEN
    dbms_output.put_line('Enabled');
  ELSE
    dbms_output.put_line('Not Enabled');
  END IF;
END;
/
Not Enabled

PL/SQL procedure successfully completed.
 
IS_OLS_INSTALLED
Returns TRUE if OLS is installed dbms_macutl.is_ols_installed RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(is_ols_installed, NONE);
BEGIN
  IF dvsys.dbms_macutl.is_ols_installed THEN
    dbms_output.put_line('Installed');
  ELSE
    dbms_output.put_line('Not Installed');
  END IF;
END;
/
Installed

PL/SQL procedure successfully completed.
 
IS_OLS_INSTALLED_VARCHAR
Returns Y if OLS is installed dbms_macutl.is_ols_installed_varchar(RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(is_ols_installed_varchar, NONE);
SELECT dvsys.dbms_macutl.is_ols_installed_varchar
FROM dual;

IS_OLS_INSTALLED_VARCHAR
-------------------------
Y
 
OLS_LDAP_USER
Returns the LDAP user if OID enabled and OLS is installed

Note: OID may be enabled from the database standpoint but that does not mean it is installed and operational		 dbms_macutl.ols_ldap_user(RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(ols_ldap_user, NONE);
SELECT dvsys.dbms_macutl.ols_ldap_user
FROM dual;

OLS_LDAP_USER
--------------
SYS
 
RAISE_ERROR
Look up an error message, replaces parameters accordingly and raise an exception

Overload 1		 dbms_macutl.raise_error(p_message_code IN NUMBER);
PRAGMA SUPPLEMENTAL_LOG_DATA(raise_error, NONE);
TBD
Overload 2 dbms_macutl.raise_error(
p_message_code IN NUMBER,
p_parameter1   IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(raise_error, NONE);
-- found in $ORACLE_HOME/rdbms/admin/catmact.sql
IF (LENGTH(l_name) > 126) THEN
  dvsys.dbms_macutl.raise_error(47951,'factor_name');
END IF;
Overload 3 dbms_macutl.raise_error(
p_message_code IN NUMBER,
p_parameter1   IN VARCHAR2,
p_parameter2   IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(raise_error, NONE);
TBD
Overload 4 dbms_macutl.raise_error(
p_message_code IN NUMBER,
p_parameter1   IN VARCHAR2,
p_parameter2   IN VARCHAR2,
p_parameter3   IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(raise_error, NONE);
TBD
Overload 5 dbms_macutl.raise_error(
p_message_code IN NUMBER,
p_parameter1   IN VARCHAR2,
p_parameter2   IN VARCHAR2,
p_parameter3   IN VARCHAR2,
p_parameter4   IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(raise_error, NONE);
TBD
Overload 6 dbms_macutl.raise_error(
p_message_code IN NUMBER,
p_parameter1   IN VARCHAR2,
p_parameter2   IN VARCHAR2,
p_parameter3   IN VARCHAR2,
p_parameter4   IN VARCHAR2,
p_parameter5   IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(raise_error, NONE);
TBD
Overload 7 dbms_macutl.raise_error(
p_message_code IN NUMBER,
p_parameter1   IN VARCHAR2,
p_parameter2   IN VARCHAR2,
p_parameter3   IN VARCHAR2,
p_parameter4   IN VARCHAR2,
p_parameter5   IN VARCHAR2,
p_parameter6   IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(raise_error, NONE);
TBD
 
RAISE_UNAUTHORIZED_OPERATION
Generic disallowed operation exception

Looks like a zero-value throw away. If you want to raise an exception use RAISE_APPLICATION_ERROR		 dbms_macutl.raise_unauthorized_operation(p_user IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(raise_unauthorized_operation, NONE);
exec dvsys.dbms_macutl.raise_unauthorized_operation('UWCLASS');
BEGIN dvsys.dbms_macutl.raise_unauthorized_operation('UWCLASS'); END;
*
ERROR at line 1:
ORA-47920: Authorization failed for user UWCLASS to perform this operation
ORA-06512: at "DVSYS.DBMS_MACUTL", line 34
ORA-06512: at "DVSYS.DBMS_MACUTL", line 389
ORA-06512: at "DVSYS.DBMS_MACUTL", line 525
ORA-06512: at line 1
 
ROLE_GRANTED_ENABLED_VARCHAR
Checks whether a user has a role granted directly or indirectly (via another role) with a sufficient scope or the role currently is enabled in the session while the role is not granted dbms_macutl.role_granted_enabled_varchar(
p_role    IN VARCHAR2,
p_user    IN VARCHAR2
  DEFAULT sys.dbms_assert.enquote_name(SYS_CONTEXT('USERENV', 'CURRENT_USER'), FALSE),
p_profile IN INTEGER  DEFAULT 1,
p_scope   IN VARCHAR2 := 'LOCAL')
RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(role_granted_enabled_varchar, NONE);
-- found in $ORACLE_HOME/rdbms/admin/dve20.sql
BEGIN
  SELECT count(bugno) into :bug FROM sys.registry$backports WHERE bugno=31993795;

  IF :bug = 0 THEN
    UPDATE DVSYS.rule$ SET rule_expr =
      'DVSYS.DBMS_MACUTL.ROLE_GRANTED_ENABLED_VARCHAR(''DBA'',''"'' ||
      dvsys.dv_login_user || ''"'') = ''Y''' where id# = 4;
  END IF;
END;
/
 
SESSION_ENABLED_ROLE
Checks whether the given role is enabled in the current session dbms_macutl.session_enabled_role(p_role IN VARCHAR2) RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(session_enabled_role, NONE);
TBD
 
SESSION_ENABLED_ROLE_VARCHAR
Checks whether the given role is enabled in the current session dbms_macutl.session_enabled_role_varchar(p_role IN VARCHAR2) RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(session_enabled_role_varchar, NONE);
SELECT dvsys.dbms_macutl.session_enabled_role_varchar('EXECUTE_CATALOG_ROLE')
FROM dual;

DBMS_MACUTL.SESSION_ENABLED_ROLE_VARCHAR('EXECUTE_CATALOG_ROLE')
----------------------------------------------------------------
N
 
TO_ORACLE_IDENTIFIER
Alters a string to make it a legal Oracle identifier dbms_macutl.to_oracle_identifier(id IN varchar2) RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(to_oracle_identifier, NONE);
SELECT dvsys.dbms_macutl.to_oracle_identifier('A B C D')
FROM dual;

DVSYS.DBMS_MACUTL.TO_ORACLE_IDENTIFIER('ABCD')
-----------------------------------------------
A_B_C_D
 
UNIQUE_USER
Returns unique user ID whether user is from OID or standard database accounts, else returns NULL dbms_macutl.unique_user(RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(unique_user, NONE);
SELECT dvsys.dbms_macutl.unique_user
FROM dual;

UNIQUE_USER
------------
 
 
USER_HAS_OBJECT_PRIVILEGE
Checks whether a user or role may access an object via a object privilege grant dbms_macutl.user_has_object_privilege(
p_user         IN VARCHAR2,
p_object_owner IN VARCHAR2,
p_object_name  IN VARCHAR2,
p_privilege    IN VARCHAR2,
p_profile      IN BOOLEAN DEFAULT TRUE)
RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(user_has_object_privilege, NONE);
TBD
 
USER_HAS_ROLE
Checks whether a user has a role granted directly or indirectly (via another role) dbms_macutl.user_has_role(
p_role    IN VARCHAR2,
p_user    IN VARCHAR2
  DEFAULT sys.dbms_assert.enquote_name(SYS_CONTEXT('USERENV', 'CURRENT_USER'), FALSE),
p_profile IN BOOLEAN  DEFAULT TRUE,
p_scope   IN VARCHAR2 := 'LOCAL')
RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(user_has_role, NONE);
TBD
 
USER_HAS_ROLE_VARCHAR
Checks whether a user has a role granted directly or indirectly (via another role) dbms_macutl.user_has_role_varchar(
p_role    IN VARCHAR2,
p_user    IN VARCHAR2
  DEFAULT sys.dbms_assert.enquote_name(SYS_CONTEXT('USERENV', 'CURRENT_USER'), FALSE),
p_profile IN INTEGER  DEFAULT 1,
p_scope   IN VARCHAR2 := 'LOCAL')
RETURN VARCHAR2;
PRAGMA SUPPLEMENTAL_LOG_DATA(user_has_role_varchar, NONE);
TBD
 
USER_HAS_SYSTEM_PRIVILEGE
Checks whether a user has a system privilege, directly or indirectly (via a role) dbms_macutl.user_has_system_privilege(
p_privilege IN VARCHAR2,
p_user      IN VARCHAR2
  DEFAULT sys.dbms_assert.enquote_name(SYS_CONTEXT('USERENV', 'CURRENT_USER'), FALSE),
p_profile   IN BOOLEAN DEFAULT TRUE)
RETURN BOOLEAN;
PRAGMA SUPPLEMENTAL_LOG_DATA(user_has_system_privilege, NONE);
TBD
 
USER_HAS_SYSTEM_PRIV_VARCHAR
Undocumented dbms_macutl.user_has_system_priv_varchar(
TBD
 
VALIDATE_NAME
Validates and canonicalizes the given user/role name

Our preference would be to make a direct call to the appropriate subprogram in DBMS_ASSERT		 dbms_macutl.validate_name(name IN varchar2) RETURN DBMS_ID;
PRAGMA SUPPLEMENTAL_LOG_DATA(validate_name, NONE);
SELECT dvsys.dbms_macutl.validate_name('C##UWCLASS')
FROM dual;

DBMS_MACUTL.VALIDATE_NAME('C##UWCLASS')
----------------------------------------
C##UWCLASS

SELECT dvsys.dbms_macutl.validate_name('C## UWCLASS')
FROM dual;
SELECT dvsys.dbms_macutl.validate_name('C## UWCLASS')
*
ERROR at line 1:
ORA-44003: invalid SQL name
ORA-06512: at "SYS.DBMS_ASSERT", line 215
ORA-06512: at "DVSYS.DBMS_MACUTL", line 781

Related Topics
Built-in Functions
Built-in Packages
Database Security
DBMS_ASSERT
DBMS_MACADM
DBMS_MACOLS
DBMS_MACOLS_SESSION
DBMS_MACOUT
DBMS_MACSEC
DBMS_MACSEC_FUNCTION
DBMS_MACSEC_ROLES
DBMS_MACSEC_RULES
What's New In 21c
What's New In 23c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2023 Daniel A. Morgan All Rights Reserved
  DBSecWorx