Oracle XS_ACL_INT
Version 21c

General Information
Library Note Morgan's Library Page Header
Which has the higher priority in your organization: Deploying a new database or securing the ones you already have? Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Purpose Real Application Security Internal Utilities
AUTHID DEFINER
Dependencies
DBMS_STANDARD XS$ACE_LIST XS$OBJ
DBMS_SYS_ERROR XS$ACE_PRIV XS$POLICY_PARAM
DUAL XS$ACE_TYPE XS$PRIN
PLITBLM XS$ACL XS_ACL
USER$ XS$ACL_PARAM XS_ADMIN_INT
X$KSPPCV XS$INSTSET_ACL XS_ADMIN_UTIL
X$KSPPI XS$NAME_LIST XS_MTCACHE_INT
XS$ACE XS$NSTMPL  
Documented No
First Available Not known
Security Model Owned by SYS with no privileges granted
Source {ORACLE_HOME}/rdbms/admin/prvtacl.plb
Subprograms
 
ADD_ACL_PARAMETER
Add a numeric parameter value

Overload 1
xs_acl_int.add_acl_parameter(acl IN VARCHAR2
acl       IN VARCHAR2,
policy    IN VARCHAR2,
parameter IN VARCHAR2,
value     IN NUMBER);
TBD
Add a string parameter value

Overload 2
xs_acl_int.add_acl_parameter(acl IN VARCHAR2
acl       IN VARCHAR2,
policy    IN VARCHAR2,
parameter IN VARCHAR2,
value     IN VARCHAR2);
exec xs_acl_int.add_acl_parameter('DBSECWORXACL','XPOLICY','GEO', 'EMEA');
 
APPEND_ACES
Append one ACE to the ACL

Overload 1
xs_acl_int.append_aces(
acl IN VARCHAR2,
ace IN sys.xs$ace_type);
DECLARE
 atype xs$ace_type;
BEGIN
  atype := xs$ace_type(privilege_list=>xs$name_list('"SELECT"'),
                       granted=>TRUE,
                       principal_name=>'DBA',
                       principal_type=>xs_acl.ptype_db);
  xs_acl_int.append_aces('DBSECWORXACL', atype);
END;
/
Overload 2 xs_acl_int.append_aces(
acl      IN VARCHAR2,
ace_list IN sys.xs$ace_list);
TBD
 
CREATE_ACL
Create an Access Control List xs_acl_int.create_acl(
name         IN VARCHAR2,
ace_list     IN sys.xs#ace_list,
sec_class    IN VARCHAR2,
parent       IN VARCHAR2,
inherit_mode IN BINARY_INTEGER,
description  IN VARCHAR2);
col acl format a45
col owner format a20
col privilege format a20
col security_class format a20

SELECT acl, owner, privilege, security_class
FROM dba_xs_aces
ORDER BY 1;

DECLARE
 alist xs$ace_list;
BEGIN
  alist := xs$ace_list(
             xs$ace_type(privilege_list=>xs$name_list('"SELECT"','VIEW_SENSITIVE_INFO'),
                         granted=>TRUE,
                         principal_name=>'CSR'),
             xs$ace_type(privilege_list=>xs$name_list('UPDATE_INFO'),
                         granted=>TRUE,
                         principal_name=>'MGR'));
  xs_acl_int.create_acl('DBSECWORXACL', alist, 'SECPRIVS', description=>'Data Access');
END;
/

SELECT acl, owner, privilege, security_class
FROM dba_xs_aces
WHERE acl = 'DBSECWORXACL';

ACL           OWNER  PRIVILEGE            SECURITY_CLASS
------------- ------ -------------------- ---------------
DBSECWORXACL  SYS    SELECT               SECPRIVS
DBSECWORXACL  SYS    VIEW_SENSITIVE_INFO  SECPRIVS
DBSECWORXACL  SYS    UPDATE_INFO          SECPRIVS
 
DELETE_ACL
Drop an Access Control list xs_acl_int.delete_acl(
acl           IN VARCHAR2,
delete_option IN BINARY_INTEGER);
exec xs_acl_int.delete_acl('DBSECWORXACL');
 
GRANT_PRIVILEGE
Undocumented xs_acl_int.grant_privilege(
acl            IN VARCHAR2,
privilege      IN VARCHAR2,
principal      IN VARCHAR2,
principal_type IN BINARY_INTEGER);
TBD
 
REMOVE_ACES
Not sure if this removes an ACE or an ACL. Name and parameter do not agree xs_acl_int.remove_aces(acl IN VARCHAR2);
exec xs_acl_int.remove_aces('DBSECWORXACL');
 
REMOVE_ACL_PARAMETERS
Undocumented

Overload 1
xs_acl_int.remove_acl_parameters(acl IN VARCHAR2);
exec xs_acl_int.remove_acl_parameters('DBSECWORXACL');
Overload 2 xs_acl_int.remove_acl_parameters(
acl       IN VARCHAR2,
parameter IN VARCHAR2);
exec xs_acl_int.remove_acl_parameters('DBSECWORXACL', 'XPOLICY', 'GEO');
Overload 3 xs_acl_int.remove_acl_parameters(
acl       IN VARCHAR2,
policy    IN VARCHAR2,
parameter IN VARCHAR2);
exec xs_acl_int.remove_acl_parameters('DBSECWORXACL', 'XPOLICY', 'GEO');
 
REVOKE_PRIVILEGE
Undocumented xs_acl_int.revoke_privilege(
acl            IN VARCHAR2,
privilege      IN VARCHAR2,
principal      IN VARCHAR2,
principal_type IN BINARY_INTEGER);
TBD
 
SET_DESCRIPTION
Sets or updates the description of an ACL in the data dictionary xs_acl_int.set_description(
acl         IN VARCHAR2,
description IN VARCHAR2);
exec xs_acl_int.set_description('DBSECWORXACL', 'DBSecWorx Secure ACL');
 
SET_PARENT_ACL
Sets the parent ACL xs_acl_int.set_parent_acl(
acl          IN VARCHAR2,
parent       IN VARCHAR2,
inherit_mode IN BINARY_INTEGER);
exec xs_acl_int.set_parent_acl('DSECWORX','SYSTEMACL', xs_acl_int.extended);
 
SET_SECURITY_CLASS
Sets the security class xs_acl_int.set_security_class(
acl       IN VARCHAR2,
sec_class IN VARCHAR2);
col acl format a45
col owner format a20
col privilege format a20
col security_class format a20

SELECT acl, owner, privilege, security_class
FROM dba_xs_aces
WHERE acl = 'DBSECWORXACL';

ACL           OWNER  PRIVILEGE            SECURITY_CLASS
------------- ------ -------------------- ---------------
DBSECWORXACL  SYS    SELECT               SECPRIVS
DBSECWORXACL  SYS    VIEW_SENSITIVE_INFO  SECPRIVS
DBSECWORXACL  SYS    UPDATE_INFO          SECPRIVS


exec xs_acl_int.set_security_class('DBSECWORXACL', 'SYSTEM');

SELECT acl, owner, privilege, security_class
FROM dba_xs_aces
WHERE acl = 'DBSECWORXACL';

ACL           OWNER  PRIVILEGE            SECURITY_CLASS
------------- ------ -------------------- ---------------
DBSECWORXACL  SYS    SELECT               SYSTEM
DBSECWORXACL  SYS    VIEW_SENSITIVE_INFO  SYSTEM
DBSECWORXACL  SYS    UPDATE_INFO          SYSTEM

Related Topics
Built-in Functions
Built-in Packages
Database Security
DBMS_NETWORK_ACL_ADMIN
DBMS_NETWORK_ACL_UTILITY
XS_ACL
XS_ADMIN_INT
XS_ADMIN_UTIL
XS_ADMIN_UTIL_INT
XS_DATA_SECURITY
XS_DATA_SECURITY_UTIL
XS_DIAG
XS_DIAG_INT
XS_NAMESPACE
XS_PRINCIPAL
XS_SECURITY_CLASS
What's New In 19c
What's New In 20c-21c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2021 Daniel A. Morgan All Rights Reserved
  DBSecWorx