Oracle DBMS_XDS Built-In Package
Versions 18.1 - 19.4

Security Advisory
The package is an undocumented package supporting Oracle Advanced Security.

Reference to the package here at in the DBSecWorx code library is intended solely as a warning that there is no known legitimate reason for anyone to have access to this security package.
 
Recommended Security Rules

 NEVER
  • Grant execute on this package to any user or role
 WITH GREAT CARE
  • Check regularly to determine if execute on this package has been granted and if so treat it as highly suspicious: It should raise alarms.
 CAUTIONS
  • N/A
 
How Oracle Works
N/A N/A
 
DBMS_XDS Package Information
AUTHID CURRENT_USER
Constants
Name Data Type Value
General
ENABLE_DYNAMIC BINARY_INTEGER 1
ENABLE_ACLOID_COLUMN BINARY_INTEGER 2
ENABLE_STATIC_IS BINARY_INTEGER 3
Valid values for ACLMV refresh_mode
ACLMV_ON_DEMAND VARCHAR2(9) 'ON_DEMAND
ACLMV_ON_COMMIT VARCHAR2(9) 'ON COMMIT';
Refresh Types for Static ACL MV
XDS_ON_COMMIT_MV BINARY_INTEGER 0
XDS_ON_DEMAND_MV BINARY_INTEGER 1
XDS_SCHEDULED_MV BINARY_INTEGER 2
Static ACL MV Types
XDS_SYSTEM_GENERATED_MV BINARY_INTEGER 0
XDS_USER_SPECIFIED_MV BINARY_INTEGER 1
Dependencies
DBMS_STANDARD DBMS_XDS_INT  
Documented in Types & Packages No
First Available 18.1
Pragmas SUPPLEMENTAL_LOG_DATA(default, AUTO);
Security Model Owned by SYS with EXECUTE granted to the EXECUTE_CATALOG_ROLE and OLAP_XS_ADMIN roles.
Source {ORACLE_HOME}/rdbms/admin/dbmsrlsa.sql
Subprograms
 
ALTER_STATIC_ACL_REFRESH
Alters the refresh mode for a ACLMV for a given table.

Will remove any refresh schedule for this ACLMV.
dbms_xds.alter_static_acl_refresh(
schema_name  IN VARCHAR2 := NULL,
table_name   IN VARCHAR2,
refresh_mode IN VARCHAR2);
TBD
 
DISABLE_OLAP_POLICY
Disables OLAP policy for a table dbms_xds.disable_olap_policy(
schema_nm  IN VARCHAR2 := NULL,
logical_nm IN VARCHAR2);
exec dbms_xds.disable_olap_policy(logical_nm => 'SCOTT');

PL/SQL procedure successfully completed.
 
DISABLE_XDS
Disable an XDS policy for a table dbms_xds.disable_xds(
object_schema IN VARCHAR2 := NULL,
object_name   IN VARCHAR2,
policy_name   IN VARCHAR2 := NULL);
exec dbms_xds.disable_xds('SCOTT', 'EMP');
BEGIN dbms_xds.disable_xds('SCOTT', 'EMP'); END;
*
ERROR at line 1:
ORA-46004: XS Data Security policy is not applied on SCOTT.EMP
ORA-06512: at "SYS.XS_DATA_SECURITY_INT", line 657
ORA-06512: at "SYS.XS_DATA_SECURITY", line 665
ORA-06512: at "SYS.DBMS_XDS_INT", line 63
ORA-06512: at "SYS.DBMS_XDS", line 29
ORA-06512: at line 1
 
DROP_OLAP_POLICY
Drops an OLAP policy from a table dbms_xds.drop_olap_policy(
schema_nm  IN VARCHAR2 := NULL,
logical_nm IN VARCHAR2);
exec dbms_xds.drop_olap_policy(logical_nm => 'SCOTT');

PL/SQL procedure successfully completed.
 
DROP_XDS
Drop an XDS policy from a table dbms_xds.drop_xds(
object_schema IN VARCHAR2 := NULL,
object_name   IN VARCHAR2,
policy_name   IN VARCHAR2 := NULL);
exec dbms_xds.drop_xds('SCOTT', 'EMP');
BEGIN dbms_xds.drop_xds('SCOTT', 'EMP'); END;
*
ERROR at line 1:
ORA-46007: no XS Data Security policy associated with SCOTT.EMP
ORA-06512: at "SYS.XS_DATA_SECURITY_INT", line 674
ORA-06512: at "SYS.XS_DATA_SECURITY", line 682
ORA-06512: at "SYS.DBMS_XDS_INT", line 79
ORA-06512: at "SYS.DBMS_XDS", line 45
ORA-06512: at line 1
<
 
ENABLE_OLAP_POLICY
Enable_olap_policy - enable OLAP policy for a table dbms_xds.enable_olap_policy(
schema_nm  IN VARCHAR2 := NULL,
logical_nm IN VARCHAR2,
policy_nm  IN VARCHAR2,
overwrite  IN BOOLEAN  := NULL);
TBD
 
ENABLE_XDS
Enable an XDS policy for a table dbms_xds.enable_xds(
object_schema IN VARCHAR2       := NULL,
object_name   IN VARCHAR2,
enable_option IN BINARY_INTEGER := NULL,
policy_name   IN VARCHAR2,
usermv_name   IN VARCHAR2       := NULL);
TBD
 
PURGE_ACL_REFRESH_HISTORY
Purges ACL refresh history in XDS_ACL_REFRESH_STATUS for the table's ACLMV dbms_xds.purge_acl_refresh_history(
object_schema IN VARCHAR2 := NULL,
object_name   IN VARCHAR2,
purge_date    IN DATE     := NULL);
sys@pdbdev as sysdba

exec dbms_xds.purge_acl_refresh_history('SCOTT', 'EMPCOPY', SYSDATE+1/60);
SCOTT,EMPCOPY

PL/SQL procedure successfully completed.
 
SCHEDULE_STATIC_ACL_REFRESH
Schedules automatic refresh of an ACLMV for a given table.

Will change the refresh mode of the
corresponding ACLMV to "ON DEMAND"
dbms_xds.schedule_static_acl_refresh(
schema_name     IN VARCHAR2                 := NULL,
table_name      IN VARCHAR2,
start_date      IN TIMESTAMP WITH TIME ZONE := NULL,
repeat_interval IN VARCHAR2                 := NULL,
comments        IN VARCHAR2                 := NULL);
exec dbms_xds.schedule_static_acl_refresh('SCOTT', 'EMP', SYSDATE+1/60);

PL/SQL procedure successfully completed.
 
SET_TRACE_LEVEL
Sets the trace level. The tracing info of the scheduled mv refresh is logged in aclmv$_reflog table, and is useful for debugging. dbms_xds.set_trace_level(
schema_name IN VARCHAR2,
table_name  IN VARCHAR2,
level       IN NUMBER);
exec dbms_xds.set_trace_level('SCOTT', 'EMP', 12);
BEGIN dbms_xds.set_trace_level('SCOTT', 'EMP', 12); END;
*
ERROR at line 1:
ORA-46025: no static rule specified in applied policy
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 53
ORA-06512: at "SYS.XS_DATA_SECURITY_UTIL_INT", line 673
ORA-06512: at "SYS.XS_DATA_SECURITY_UTIL_INT", line 663
ORA-06512: at "SYS.XS_DATA_SECURITY_UTIL", line 277
ORA-06512: at "SYS.DBMS_XDS_INT", line 383
ORA-06512: at "SYS.DBMS_XDS", line 213
ORA-06512: at line 1
 
XDS$REFRESH_STATIC_ACL
Scheduler callback procedure to refresh the acl-mv on a table dbms_xds.xds$refresh_static_acl(
schema_name IN VARCHAR2,
table_name  IN VARCHAR2,
mview_name  IN VARCHAR2,
job_name    IN VARCHAR2);
TBD

Related Topics
DBMS_XDS_INT