Oracle DBMS_MACSEC
Version 26ai

General Information
Library Note Morgan's Library Page Header
The best Oracle News for FY2026

Oracle Database 26ai is now availble. If you haven't you downloaded already: Why?
Purpose Contains functions that retrieve factor identities. After Oracle Database Vault installation, the install process locks the DVF account to enhance security.

When creating a new factor, Database Vault creates a new retrieval function for the factor owned by the DVF schema.
AUTHID DEFINER
Constants
Name Data Type Value
 General
G_SECURE_ROLE_AUDIT_CODE PLS_INTEGER 10006
Dependencies
DBMS_MACAUD FACTOR$ KZV$FAC_LIBT
DBMS_MACOLS GET_FACTOR OLS$POL
DBMS_MACSEC_RULES GET_FACTOR_LABEL ROLE$
DBMS_MACUTL GET_TRUST_LEVEL ROLE_IS_ENABLED
DBMS_STANDARD GET_TRUST_LEVEL_FOR_IDENTITY SESSION_CONTEXT
DV$RULE IDENTITY$ SET_FACTOR
DV$RULE_SET IS_SECURE_APPLICATION_ROLE  
Documented Yes
Exceptions
Error Code Reason
ORA-47301 Secure application role <role_name> is not found.
First Available Not Known
Security Model Owned by DVSYS with EXECUTE with no privileges granted
Source {ORACLE_HOME}/rdbms/admin/catmacp.sql
Subprograms
GET_FACTOR GET_TRUST_LEVEL ROLE_IS_ENABLED
GET_FACTOR_LABEL IS_SECURE_APPLICATION_ROLE SET_FACTOR
 
GET_FACTOR
Using the SYS_CONTEXT function, returns the value of a factor. Will return the value cached in the context if the eval_option is set for evaluate on session. dbms_macsec.get_factor(p_factor IN VARCHAR2) RETURN VARCHAR2;
col get_expr format a60

SELECT name, get_expr
FROM dvsys.factor$
ORDER BY 1;

SELECT dvsys.dbms_macsec.get_factor('Database_IP');

DVSYS.DBMS_MACSEC.GET_FACTOR('DATABASE_IP')
--------------------------------------------
FE80::C905:8BD8:A1EC:ECB9%2

SELECT dvsys.dbms_macsec.get_factor('Machine');

DVSYS.DBMS_MACSEC.GET_FACTOR('MACHINE')
----------------------------------------
localhost.localdomain
 
GET_FACTOR_LABEL
Returns the Factor label dbms_macsec.get_factor_label(
p_factor      IN VARCHAR2,
p_policy_name IN VARCHAR2)
RETURN VARCHAR2;
TBD
 
GET_TRUST_LEVEL
Returns the Trust Level of a Factor

Overload 1		 dbms_macsec.get_trust_level(p_factor IN VARCHAR2) RETURN NUMBER;
SELECT dvsys.dbms_macsec.get_trust_level('Authentication_Method');

DVSYS.DBMS_MACSEC.GET_TRUST_LEVEL('AUTHENTICATION_METHOD')
----------------------------------------------------------
                                                         1
Returns the Trust Level of a Factor Identity

Overload 2		 dbms_macsec.get_trust_level(
p_factor   IN VARCHAR2,
p_identity IN VARCHAR2)
RETURN NUMBER;
TBD
 
IS_SECURE_APPLICATION_ROLE
Returns TRUE if given role is a secure application role dbms_macsec.is_secure_application_role(p_role VARCHAR2) RETURN BOOLEAN;
BEGIN
  IF dvsys.dbms_macsec.is_secure_application_role('DBA') THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
F
 
ROLE_IS_ENABLED
Returns TRUE if a Secure Application Role is enabled for use, else FALSE

Note, in the demo at right, you must create a DVSYS role to use this. Standard Oracle Database roles are not the focus of this package.		 dbms_macsec.role_is_enabled(p_role IN VARCHAR2) RETURN BOOLEAN;
SELECT role FROM dvsys.role$;

no rows selected

BEGIN
  IF dvsys.dbms_macsec.role_is_enabled('DBA') THEN
    dbms_output.put_line('F');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
*
ORA-47301: Secure application role DBA is not found.
 
SET_FACTOR
 Sets the value of a Factor (if allowed by the assignment Rule Set) dbms_macsec.set_factor(
p_factor IN VARCHAR2,
p_value  IN VARCHAR2);
TBD

Related Topics
Built-in Functions
Built-in Packages
CONFIGURE_DV_INTERNAL
DBMS_MACAUD
DBMS_MACOLS_SESSION
DBMS_MACOUT
DBMS_MACSEC_FUNCTION
DBMS_MACSEC_ROLES
DBMS_MACSEC_RULES
EVENT
OLS_ENFORCEMENT
OLS$DATAPUMP
What's New In 21c
What's New In 26ai

Morgan's Library Page Footer
This site is maintained by Daniel Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2026 Daniel A. Morgan All Rights Reserved