Oracle XS_ADMIN_UTIL
Version 21c

General Information
Library Note Morgan's Library Page Header
Which has the higher priority in your organization: Deploying a new database or securing the ones you already have? Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Purpose Real Application Security
AUTHID CURRENT_USER
Constants
Name Data Type Value
COMMON_WORKSPACE VARCHAR2(6) 'XS'
SCHEMA_ACL VARCHAR2(13) 'XS$SCHEMA_ACL'
XSCONNECT VARCHAR2(9) 'XSCONNECT'
STRING_MAXLEN PLS_INTEGER 4000
NON_EMPTY_STRING_MINLEN PLS_INTEGER 1
STRING_MINLEN PLS_INTEGER 0
XSNAME_MINLEN PLS_INTEGER 1
XSNAME_MAXLEN PLS_INTEGER 130
PARAMNAME_MINLEN PLS_INTEGER 1
PARAMNAME_MAXLEN PLS_INTEGER 128
XSQNAME_MINLEN PLS_INTEGER 1
XSQNAME_MAXLEN PLS_INTEGER 261
EXTERNAL_NAME_MINLEN PLS_INTEGER 1
EXTERNAL_NAME_MAXLEN PLS_INTEGER 130
WORKSPACE_MINLEN PLS_INTEGER 1
WORKSPACE_MAXLEN PLS_INTEGER 128
DBNAME_MINLEN PLS_INTEGER 1
DBNAME_MAXLEN PLS_INTEGER 130
OBJTYPE_PRINCIPAL PLS_INTEGER 1
OBJTYPE_SECURITY_CLASS PLS_INTEGER 2
OBJTYPE_ACL PLS_INTEGER 3
OBJTYPE_PRIVILEGE PLS_INTEGER 4
OBJTYPE_DATA_SECURITY PLS_INTEGER 5
OBJTYPE_ROLESET PLS_INTEGER 6
OBJTYPE_NSTEMPL PLS_INTEGER 7
OBJTYPE_SYSOP PLS_INTEGER 101
OBJTYPE_ADMOP PLS_INTEGER 102
OBJTYPE_APPLY_POLICY PLS_INTEGER 103
OBJTYPE_GRANTOP PLS_INTEGER 104
OBJTYPE_REVOKEOP PLS_INTEGER 105
OBJTYPE_SET_POLICY PLS_INTEGER 106
Delete Options
DEFAULT_OPTION PLS_INTEGER 1
CASCADE_OPTION PLS_INTEGER 2
ALLOW_INCONSISTENCIES_OPTION PLS_INTEGER 3
Specify if an object exists in the base table or not
STATUS_NOT_EXISTS PLS_INTEGER 0
STATUS_EXISTS PLS_INTEGER 1
Principal Type Definition
PTYPE_XS PLS_INTEGER 1
PTYPE_DB PLS_INTEGER 2
PTYPE_DN PLS_INTEGER 3
PTYPE_EXTERNAL PLS_INTEGER 4
Dependencies
DBMS_NETWORK_ACL_ADMIN XS$OBJ XS_DATA_SECURITY_UTIL_INT
DBMS_RXS_LIB XS$PRIVILEGE XS_DIAG
DBMS_SFW_ACL_ADMIN XS$REALM_CONSTRAINT_TYPE XS_DIAG_INT
DBMS_STANDARD XS$ROLE_GRANT_TYPE XS_NAMESPACE
DBMS_WRR_PROTECTED XS_ACL XS_NAMESPACE_INT
DBMS_XDS_INT XS_ACL_INT XS_PRINCIPAL
DBMS_XSS_LIB XS_ADMIN_INT XS_PRINCIPAL_INT
XS$ACE_TYPE XS_ADMIN_UTIL_INT XS_ROLESET
XS$COLUMN_CONSTRAINT_TYPE XS_DATA_SECURITY XS_ROLESET_INT
XS$KEY_TYPE XS_DATA_SECURITY_INT XS_SECURITY_CLASS
XS$NS_ATTRIBUTE XS_DATA_SECURITY_UTIL XS_SECURITY_CLASS_INT
Documented Yes
Exceptions
Error Code Reason
1031 ERR_INSUFFICIENT_PRIV
28222 ERR_RESERVED_USER
46025 ERR_NO_STATIC_RULE
46055 ERR_ROLE_NOT_GRANTED
46076 ERR_INVALID_LENGTH
46083 ERR_SET_PRIN_GUID
46084 ERR_DROP_SEEDED_OBJ
46085 ERR_NO_PROXY_ROLES
46096 ERR_DEFV_FREVNT_COEXIST
46097 ERR_NO_ROLESET_ROLE
ERR_NO_GRANTEDROLE_PRIN
ERR_NO_SC_PARENTSC
46098 ERR_DUP_PARENT
ERR_DUP_LEAF
ERR_DUP_PRIMARY_KEY
ERR_DUP_ATTR_PRIV_PAIR
ERR_DUP_PROXY
ERR_DUP_ACL_PARAM
ERR_DUP_ROLESET_ROLE
ERR_DUP_POLICY_PARAM
ERR_DUP_NS_ATTR
46099 ERR_FEATURE_NOT_SUPPORTED
46101 ERR_AGGR_CYCLE CONSTANT NUMBER
46103 ERR_SECCLS_CYCLE
46116 ERR_ACL_REFERREDBY_NSTEMPLATE
46117 ERR_ACL_REFERREDBY_PRINCIPLAL
46118 ERR_ACL_SCHEMA_NOT_SYS
46119 ERR_ACL_IS_NULL
46152 ERR_INVALID_VALUE
46202 ERR_NO_HANDLER_FUNC
46211 ERR_INVALID_ENTITY_LENGTH
46212 ERR_DUP_NAME
46214 ERR_OBJ_REFERRED
46215 ERR_INVALID_OBJECT
ERR_NO_OBJ_FOUND
46230 ERR_INTERNAL
46231 ERR_GRANT_ROLE
46232 ERR_ROLE_GRANT_CYCLE
46233 ERR_PARENT_ACL_CYCLE
46235 ERR_NO_POLICY_PARAMETER
46236 ERR_INVALID_POLICY_TYPE
46237 ERR_MIDTIER_CACHE
46238 ERR_NO_DB_USER_ROLE
46240 ERR_PROXY_SCHEMA_EXIST
46241 ERR_PROXY_SCHEMA_NOT_EXIST
46242 ERR_GRANT_ROLE_XSGUEST
First Available 12.1
Security Model Owned by SYS with EXECUTE granted to PUBLIC
Source {ORACLE_HOME}/rdbms/admin/xsutil.sql
Subprograms
CHECK_LENGTH GRANT_SYSTEM_PRIVILEGE SET_DEFAULT_WORKSPACE
CHECK_SEEDED RAISE_ERROR VALIDATE_DB_OBJECT_NAME
DROP_SCHEMA_OBJECTS REMOVE_DBUSER_ACES VALIDATE_DB_USER
GET_DEFAULT_WORKSPACE REVOKE_SYSTEM_PRIVILEGE XSNAME_TO_ID
GET_OBJECT_ID    
 
CHECK_LENGTH
Returns an exception if the test string's length is not between the min and max boundaries xs_admin_util.check_length(
str        IN VARCHAR2,
min_length IN PLS_INTEGER,
max_length IN PLS_INTEGER);
exec xs_admin_util.check_length('TEST', 1, 10);

PL/SQL procedure successfully completed.

exec xs_admin_util.check_length('TEST', 7, 10);
BEGIN xs_admin_util.check_length('TEST', 7, 10); END;

*
ERROR at line 1:
ORA-46076: The specified name length not within valid range.
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 70
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 54
ORA-06512: at line 1
 
CHECK_SEEDED
Check whether the object is seeded or not, internal use xs_admin_util.check_seeded(obj_id IN NUMBER);
-- appears to do precisely nothing

exec xs_admin_util.check_seeded(18);

exec xs_admin_util.check_seeded(89999);

exec xs_admin_util.check_seeded(-1);
 
DROP_SCHEMA_OBJECTS
Drop schema objects under a schema xs_admin_util.drop_schema_objects(schema_name IN VARCHAR2);
PRAGMA SUPPLEMENTAL_LOG_DATA(drop_schema_objects, MANUAL);
-- appears to do precisely nothing

CREATE USER c##zzyzx;

CREATE TABLE c##zzyzx.test(
testcol date);

exec xs_admin_util.drop_schema_objects('C##ZZYZX');

SELECT username
FROM dba_users
WHERE username LIKE 'C##%';

USERNAME
---------
C##OE
C##SH
C##ZZYZX
 
GET_DEFAULT_WORKSPACE
Returns the name of the default RAS workspace xs_admin_util.get_default_workspace RETURN VARCHAR2;
SELECT xs_admin_util.get_default_workspace
FROM dual;
 
GET_OBJECT_ID
Called by ADMIN APIs for internal use only returns the object ID xs_admin_util.get_object_id(
obj_name    IN VARCHAR2,
obj_type    IN PLS_INTEGER,
workspace   IN VARCHAR2,
status_flag IN PLS_INTEGER := NULL)
RETURN NUMBER;
TBD
 
GRANT_SYSTEM_PRIVILEGE
Grant system privilege to a user/role xs_admin_util.grant_system_privilege(
priv_name IN VARCHAR2,
user_name IN VARCHAR2,
user_type IN PLS_INTEGER := xs_admin_util.ptype_db,
schema    IN VARCHAR2    := NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(grant_system_privilege, AUTO);
conn sys@pdbdev as sysdba

exec xs_admin_util.grant_system_privilege('ADMINISTER_SESSION', 'UWCLASS');
 
RAISE_ERROR
Raises a RAS application error xs_admin_util.raise_error(
error_number IN PLS_INTEGER,
error_str1   IN VARCHAR2 DEFAULT NULL,
error_str2   IN VARCHAR2 DEFAULT NULL,
keep_stack   IN BOOLEAN  DEFAULT TRUE);
exec xs_admin_util.raise_error(-600, 'Just What We Need');
BEGIN xs_admin_util.raise_error(-600, 'Just What We Need'); END;
*
ERROR at line 1:
ORA-46095: Invalid error code supplied
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 70
ORA-06512: at line 1

SQL> exec xs_admin_util.raise_error(46084, 'Just What We Need');
BEGIN xs_admin_util.raise_error(46084, 'Just What We Need'); END;
*
ERROR at line 1:
ORA-46084: cannot update or delete system-seeded XS objects.
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 70
ORA-06512: at line 1
 
REMOVE_DBUSER_ACES
Revoke system privilege from a user/role with RAS privs xs_admin_util.remove_dbuser_aces(user_name IN VARCHAR2);
exec xs_admin_util.remove_dbuser_aces('UWCLASS');
 
REVOKE_SYSTEM_PRIVILEGE
Revoke System privilege from a user/role xs_admin_util.revoke_system_privilege(
priv_name IN VARCHAR2,
user_name IN VARCHAR2,
user_type IN PLS_INTEGER := xs_admin_util.ptype_db,
schema    IN VARCHAR2    := NULL);
PRAGMA SUPPLEMENTAL_LOG_DATA(revoke_system_privilege, AUTO);
conn sys@pdbdev as sysdba

exec xs_admin_util.revoke_system_privilege('ADMINISTER_SESSION', 'UWCLASS');
 
SET_DEFAULT_WORKSPACE
Sets the default workspace name xs_admin_util.set_default_workspace(workspace IN VARCHAR2);
exec xs_admin_util.set_default_workspace('XS');
 
VALIDATE_DB_OBJECT_NAME
Validate DB object name. Internal use only. xs_admin_util.validate_db_object_name(
input_name  IN  VARCHAR2,
object_name OUT VARCHAR2,
error_msg   IN  VARCHAR2 DEFAULT NULL);
DECLARE
 outVal VARCHAR2(30);
BEGIN
  xs_admin_util.validate_db_object_name('N0n Sense', outVal, 'ReadTheDocs');
  dbms_output.put_line(outVal);
END;
/
DECLARE
*
ERROR at line 1:
ORA-28104: input value for ReadTheDocs is not valid
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 163
ORA-06512: at line 4

DECLARE
 outVal VARCHAR2(30);
BEGIN
  xs_admin_util.validate_db_object_name('N0nSense', outVal);
  dbms_output.put_line(outVal);
END;
/
N0NSENSE
 
VALIDATE_DB_USER
Validate DB user/schema. Internal use xs_admin_util.validate_db_user(
input_name IN VARCHAR2,
error_msg  IN VARCHAR2 DEFAULT NULL);
exec xs_admin_util.validate_db_user('N0nSense', 'Bad Choice')
BEGIN xs_admin_util.validate_db_user('N0nSense', 'Bad Choice'); END;
*
ERROR at line 1:
ORA-28104: input value for Bad Choice is not valid
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 185
ORA-06512: at line 1
 
XSNAME_TO_ID
Utility Function: XS name to ID xs_admin_util.xsname_to_id(
obj_name IN VARCHAR2,
obj_type IN PLS_INTEGER)
RETURN NUMBER;
SELECT owner, name
FROM dba_xs_objects
WHERE rownum = 1;

OWNER  NAME
------ -------------------
SYS    ADMINISTER_SESSION

SELECT xs_admin_util.xsname_to_id('ADMINISTER_SESSION', 1)
FROM dual;

Related Topics
Built-in Functions
Built-in Packages
DBMS_XS_PRINCIPALS
DBMS_XS_SESSIONS
DBMS_XS_SESSIONS_FFI
DBMS_XS_SIDP
DBMS_XS_SYSTEM
DBMS_XS_SYSTEM_FFI
XS_ACL
XS_ADMIN_UTIL
XS_DATA_SECURITY
XS_DATA_SECURITY_UTIL
XS_DIAG
XS_DIAG_INT
XS_NAMESPACE
XS_PRINCIPAL
XS_SECURITY_CLASS
What's New In 19c
What's New In 20c-21c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2019 Daniel A. Morgan All Rights Reserved
  DBSecWorx