| Security Advisory |
The package is an undocumented package supporting Oracle Advanced Security.
Reference to the package here at in the DBSecWorx code library is intended solely as a warning that there is no known legitimate reason for anyone to have access to this security package. |
| |
| Recommended Security Rules |
NEVER
- Grant execute on this package to any user or role
WITH GREAT CARE
- Check regularly to determine if execute on this package has been granted and if so treat it as highly suspicious: It should raise alarms.
CAUTIONS
|
| |
| How Oracle Works |
| N/A |
N/A |
| |
| DBMS_XDS Package Information |
| AUTHID |
CURRENT_USER |
| Constants |
| Name |
Data Type |
Value |
|
General |
| ENABLE_DYNAMIC |
BINARY_INTEGER |
1 |
| ENABLE_ACLOID_COLUMN |
BINARY_INTEGER |
2 |
| ENABLE_STATIC_IS |
BINARY_INTEGER |
3 |
|
Valid values for ACLMV
refresh_mode |
| ACLMV_ON_DEMAND |
VARCHAR2(9) |
'ON_DEMAND |
| ACLMV_ON_COMMIT |
VARCHAR2(9) |
'ON COMMIT'; |
|
Refresh Types for
Static ACL MV |
| XDS_ON_COMMIT_MV |
BINARY_INTEGER |
0 |
| XDS_ON_DEMAND_MV |
BINARY_INTEGER |
1 |
| XDS_SCHEDULED_MV |
BINARY_INTEGER |
2 |
|
Static ACL MV Types |
| XDS_SYSTEM_GENERATED_MV |
BINARY_INTEGER |
0 |
| XDS_USER_SPECIFIED_MV |
BINARY_INTEGER |
1 |
|
| Dependencies |
| DBMS_STANDARD |
DBMS_XDS_INT |
|
|
| Documented in Types & Packages |
No |
| First Available |
18.1 |
| Pragmas |
SUPPLEMENTAL_LOG_DATA(default, AUTO); |
| Security Model |
Owned by SYS with EXECUTE granted to the
EXECUTE_CATALOG_ROLE and OLAP_XS_ADMIN roles. |
| Source |
{ORACLE_HOME}/rdbms/admin/dbmsrlsa.sql |
| Subprograms |
|
| |
| ALTER_STATIC_ACL_REFRESH |
Alters the refresh mode for a ACLMV
for a given table.
Will remove any refresh schedule for this ACLMV. |
dbms_xds.alter_static_acl_refresh(
schema_name IN VARCHAR2 := NULL,
table_name IN VARCHAR2,
refresh_mode IN VARCHAR2); |
| TBD |
| |
| DISABLE_OLAP_POLICY |
| Disables OLAP policy for a table |
dbms_xds.disable_olap_policy(
schema_nm IN VARCHAR2 := NULL,
logical_nm IN VARCHAR2); |
exec dbms_xds.disable_olap_policy(logical_nm => 'SCOTT');
PL/SQL procedure successfully completed. |
| |
| DISABLE_XDS |
| Disable an XDS policy for a table |
dbms_xds.disable_xds(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
policy_name IN VARCHAR2 := NULL); |
exec dbms_xds.disable_xds('SCOTT', 'EMP');
BEGIN dbms_xds.disable_xds('SCOTT', 'EMP'); END;
*
ERROR at line 1:
ORA-46004: XS Data Security policy is not applied on SCOTT.EMP
ORA-06512: at "SYS.XS_DATA_SECURITY_INT", line 657
ORA-06512: at "SYS.XS_DATA_SECURITY", line 665
ORA-06512: at "SYS.DBMS_XDS_INT", line 63
ORA-06512: at "SYS.DBMS_XDS", line 29
ORA-06512: at line 1 |
| |
| DROP_OLAP_POLICY |
| Drops an OLAP policy from a table |
dbms_xds.drop_olap_policy(
schema_nm IN VARCHAR2 := NULL,
logical_nm IN VARCHAR2); |
exec dbms_xds.drop_olap_policy(logical_nm => 'SCOTT');
PL/SQL procedure successfully completed. |
| |
| DROP_XDS |
| Drop an XDS policy from a table |
dbms_xds.drop_xds(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
policy_name IN VARCHAR2 := NULL); |
exec dbms_xds.drop_xds('SCOTT', 'EMP');
BEGIN dbms_xds.drop_xds('SCOTT', 'EMP'); END;
*
ERROR at line 1:
ORA-46007: no XS Data Security policy associated with SCOTT.EMP
ORA-06512: at "SYS.XS_DATA_SECURITY_INT", line 674
ORA-06512: at "SYS.XS_DATA_SECURITY", line 682
ORA-06512: at "SYS.DBMS_XDS_INT", line 79
ORA-06512: at "SYS.DBMS_XDS", line 45
ORA-06512: at line 1< |
| |
| ENABLE_OLAP_POLICY |
| Enable_olap_policy - enable OLAP
policy for a table |
dbms_xds.enable_olap_policy(
schema_nm IN VARCHAR2 := NULL,
logical_nm IN VARCHAR2,
policy_nm IN VARCHAR2,
overwrite IN BOOLEAN := NULL); |
| TBD |
| |
| ENABLE_XDS |
| Enable an XDS policy for a table |
dbms_xds.enable_xds(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
enable_option IN BINARY_INTEGER := NULL,
policy_name IN VARCHAR2,
usermv_name IN VARCHAR2 := NULL); |
| TBD |
| |
| PURGE_ACL_REFRESH_HISTORY |
| Purges ACL refresh history in XDS_ACL_REFRESH_STATUS for the table's ACLMV |
dbms_xds.purge_acl_refresh_history(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
purge_date IN DATE := NULL); |
sys@pdbdev as sysdba
exec dbms_xds.purge_acl_refresh_history('SCOTT', 'EMPCOPY', SYSDATE+1/60);
SCOTT,EMPCOPY
PL/SQL procedure successfully completed. |
| |
| SCHEDULE_STATIC_ACL_REFRESH |
Schedules automatic refresh of an ACLMV for a given table.
Will change the refresh mode of the
corresponding ACLMV to "ON DEMAND" |
dbms_xds.schedule_static_acl_refresh(
schema_name IN VARCHAR2 := NULL,
table_name IN VARCHAR2,
start_date IN TIMESTAMP WITH TIME ZONE := NULL,
repeat_interval IN VARCHAR2 := NULL,
comments IN VARCHAR2 := NULL); |
exec dbms_xds.schedule_static_acl_refresh('SCOTT', 'EMP', SYSDATE+1/60);
PL/SQL procedure successfully completed. |
| |
| SET_TRACE_LEVEL |
| Sets the trace level. The tracing
info of the scheduled mv refresh is logged in aclmv$_reflog table, and is
useful for debugging. |
dbms_xds.set_trace_level(
schema_name IN VARCHAR2,
table_name IN VARCHAR2,
level IN NUMBER); |
exec dbms_xds.set_trace_level('SCOTT', 'EMP', 12);
BEGIN dbms_xds.set_trace_level('SCOTT', 'EMP', 12); END;
*
ERROR at line 1:
ORA-46025: no static rule specified in applied policy
ORA-06512: at "SYS.XS_ADMIN_UTIL", line 53
ORA-06512: at "SYS.XS_DATA_SECURITY_UTIL_INT", line 673
ORA-06512: at "SYS.XS_DATA_SECURITY_UTIL_INT", line 663
ORA-06512: at "SYS.XS_DATA_SECURITY_UTIL", line 277
ORA-06512: at "SYS.DBMS_XDS_INT", line 383
ORA-06512: at "SYS.DBMS_XDS", line 213
ORA-06512: at line 1 |
| |
| XDS$REFRESH_STATIC_ACL |
| Scheduler callback procedure to refresh the acl-mv on a table |
dbms_xds.xds$refresh_static_acl(
schema_name IN VARCHAR2,
table_name IN VARCHAR2,
mview_name IN VARCHAR2,
job_name IN VARCHAR2); |
| TBD |