General Information
Library Note
Morgan's Library Page Header
Which has the higher priority in your organization: Deploying a new database or securing the ones you already have?
Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx .
Purpose
Real Application Security Policy Administrative Interface
AUTHID
CURRENT_USER
Constants
Name
Data Type
Value
Apply Policy Options
APPLY_DYNAMIC_IS
PLS_INTEGER
1
APPLY_ACLOID_COLUMN
PLS_INTEGER
2
APPLY_STATIC_IS
PLS_INTEGER
3
Dependencies
DBMS_ASSERT
XS$COLUMN_CONSTRAINT_TYPE
XS$REALM_CONSTRAINT_LIST
DBMS_UTILITY
XS$KEY_LIST
XS$REALM_CONSTRAINT_TYPE
DBMS_XDS_INT
XS$KEY_TYPE
XS_ADMIN_INT
PLITBLM
XS$LIST
XS_ADMIN_UTIL
XS$COLUMN_CONSTRAINT_LIST
XS$NAME_LIST
XS_DATA_SECURITY_INT
Documented
Yes
First Available
Not known
Pragma
PRAGMA SUPPLEMENTAL_LOG_DATA(default, AUTO);
Security Model
Owned by SYS with EXECUTE granted to PUBLIC
Source
{ORACLE_HOME}/rdbms/admin/xsds.sql
Subprograms
ADD_COLUMN_CONSTRAINTS
Add a column constraint to data security
Overload 1
xs_data_security.add_column_constraints(
policy IN VARCHAR2,
column_constraint IN xs$column_constraint_type);
TBD
Add a list of column constraints to data security
Overload 2
xs_data_security.add_column_constraints(
policy IN VARCHAR2,
column_constraint_list IN xs$column_constraint_list);
TBD
APPEND_REALM_CONSTRAINTS
Add a realm constraint to data security
Overload 1
xs_data_security.append_realm_constraints(
policy IN VARCHAR2,
realm_constraint IN xs$realm_constraint_type);
TBD
Add a list of realm constraints to data security
Overload 2
xs_data_security.append_realm_constraints(
policy IN VARCHAR2,
realm_constraint_list IN xs$realm_constraint_list);
TBD
APPLY_OBJECT_POLICY
Apply an XDS policy on a table
xs_data_security.apply_object_policy(
policy IN VARCHAR2,
schema IN VARCHAR2,
object IN VARCHAR2,
row_acl IN BOOLEAN := FALSE,
owner_bypass IN BOOLEAN := FALSE,
statement_types IN VARCHAR2 := NULL,
aclmv IN VARCHAR2 := NULL);
exec xs_data_security.apply_object_policy ('UWDSPOL', 'C##UWCLASS', 'SERVERS');
CREATE_ACL_PARAMETER
Create an ACL parameter
xs_data_security.create_acl_parameter(
policy IN VARCHAR2,
parameter IN VARCHAR2,
param_type IN NUMBER);
exec xs_data_security.create_acl_parameter ('UWDSPOL', 'SERVER_POLICY', xs_admin_util.default_option);
CREATE_POLICY
Create a data security policy
xs_data_security.create_policy(
name IN VARCHAR2,
realm_constraint_list IN xs$realm_constraint_list,
column_constraint_list IN xs$column_constraint_list := NULL,
description IN VARCHAR2 := NULL);
TBD
DELETE_ACL_PARAMETER
Delete an ACL parameter
xs_data_security.delete_acl_parameter(
policy IN VARCHAR2,
parameter IN VARCHAR2,
delete_option IN PLS_INTEGER := XS_ADMIN_UTIL.DEFAULT_OPTION);
exec xs_data_security.delete_acl_parameter ('UWDSPOL', 'SERVER_POLICY', xs_admin_util.default_option);
DELETE_POLICY
Delete a data security policy
xs_data_security.delete_policy(
policy IN VARCHAR2,
delete_option IN PLS_INTEGER := XS_ADMIN_UTIL.DEFAULT_OPTION);
exec xs_data_security.delete_policy ('UWDSPOL');
DISABLE_OBJECT_POLICY
Disable a table XDS policy
xs_data_security.disable_object_policy(
policy IN VARCHAR2,
schema IN VARCHAR2,
object IN VARCHAR2);
exec xs_data_security.disable_object_policy ('UWDSPOL', 'C##UWCLASS', 'SERVERS');
ENABLE_OBJECT_POLICY
Enable a table XDS policy
xs_data_security.enable_object_policy(
policy IN VARCHAR2,
schema IN VARCHAR2,
object IN VARCHAR2);
exec xs_data_security.enable_object_policy ('UWDSPOL', 'C##UWCLASS', 'SERVERS');
REMOVE_COLUMN_CONSTRAINTS
Remove all data security column constraints
xs_data_security.remove_column_constraints(policy IN VARCHAR2);
exec xs_data_security.remove_column_constraints ('UWDSPOL');
REMOVE_OBJECT_POLICY
Remove an XDS policy from a table
xs_data_security.remove_object_policy(
policy IN VARCHAR2,
schema IN VARCHAR2,
object IN VARCHAR2);
exec xs_data_security.remove_object_policy ('UWDSPOL', 'C##UWCLASS', 'SERVERS');
REMOVE_REALM_CONSTRAINTS
Remove all realm constraints
xs_data_security.remove_realm_constraints(policy IN VARCHAR2);
exec xs_data_security.remove_realm_constraints ('UWDSPOL');
SET_DESCRIPTION
Set a data security policy description
xs_data_security.set_description(
policy IN VARCHAR2,
description IN VARCHAR2);
exec xs_data_security.set_description ('UWDSPOL', 'UW Test Policy');