This chapter contains:
You can modify your applications to use the procedures within the DBMS_MACSEC_ROLES
package to check the authorization for a user or to set an Oracle Database Vault secure application role. The DBMS_MACSEC_ROLES
package is available to all users.
Chapter 8, "Configuring Secure Application Roles for Oracle Database Vault," describes secure application roles in detail. See also Chapter 14, "Using the DBMS_MACUTL Package," for a set of general-purpose utility procedures that you can use with the secure application role procedures.
Table 13-1 lists the DBMS_MACSEC_ROLES
package function and procedure.
Table 13-1 DBMS_MACSEC_ROLES Oracle Label Security Configuration Procedures
Function or Procedure | Description |
---|---|
Checks whether the user invoking the method is authorized to use the specified Oracle Database Vault secure application role. Returns a |
|
Issues the |
The CAN_SET_ROLE
function checks whether the user invoking the method is authorized to use the specified Oracle Database Vault secure application role.
DBMS_MACSEC_ROLES.CAN_SET_ROLE( p_role IN VARCHAR2) RETURN BOOLEAN;
Table 13-2 CAN_SET_ROLE Parameter
Parameter | Description |
---|---|
|
Role name. To find existing secure application roles in the current database instance, query the |
SET SERVEROUTPUT ON BEGIN IF DBMS_MACSEC_ROLES.CAN_SET_ROLE('SECTOR2_APP_MGR') THEN DBMS_OUTPUT.PUT_LINE('''SECTOR2_APP_MGR'' can be enabled.'); END IF; END; /
The SET_ROLE
procedure issues the SET ROLE
PL/SQL statement for specified roles, including both Oracle Database Vault secure application roles and regular Oracle Database roles. This procedure sets an Oracle Database Vault secure application role only if the rule set that is associated with the role evaluates to true.
DBMS_MACSEC_ROLES.SET_ROLE( p_role IN VARCHAR2);
Parameter | Description |
---|---|
|
Role names. You can enter multiple roles, including secure application roles and regular roles. To find existing secure application roles in the current database instance, query the To find all of the existing roles in the database, query the |
EXEC DBMS_MACSEC_ROLES.SET_ROLE('SECTOR2_APP_MGR, APPS_MGR');
You can enter the name of the role in any case (for example, Sector2_APP_MGR
).