This chapter contains:
You can modify your applications to use the procedures within the DBMS_MACSEC_ROLES package to check the authorization for a user or to set an Oracle Database Vault secure application role. The DBMS_MACSEC_ROLES package is available to all users.
Chapter 8, "Configuring Secure Application Roles for Oracle Database Vault" describes secure application roles in detail. See also Chapter 14, "Using the DBMS_MACUTL Package" for a set of general-purpose utility procedures that you can use with the secure application role procedures.
Table 13-1 lists the DBMS_MACSEC_ROLES package function and procedure.
Table 13-1 DBMS_MACSEC_ROLES Oracle Label Security Configuration Procedures
| Function or Procedure | Description |
|---|---|
|
Checks whether the user invoking the method is authorized to use the specified Oracle Database Vault secure application role. Returns a |
|
|
Issues the |
The CAN_SET_ROLE function checks whether the user invoking the method is authorized to use the specified Oracle Database Vault secure application role.
DBMS_MACSEC_ROLES.CAN_SET_ROLE( p_role IN VARCHAR2) RETURN BOOLEAN;
Table 13-2 CAN_SET_ROLE Parameter
| Parameter | Description |
|---|---|
|
|
Role name. To find existing secure application roles in the current database instance, query the |
SET SERVEROUTPUT ON
BEGIN
IF DBMS_MACSEC_ROLES.SET_ROLE('SECTOR2_APP_MGR')
THEN DBMS_OUTPUT.PUT_LINE('SECTOR2_APP_MGR' is enabled.')
END IF;
END;
/
The SET_ROLE procedure the SET ROLE statement for an Oracle Database Vault secure application role. If a rule set that is associated with the role evaluates to false, then the role is not set.
DBMS_MACSEC_ROLES.SET_ROLE( p_role IN VARCHAR2);
| Parameter | Description |
|---|---|
|
|
Role name. To find existing secure application roles in the current database instance, query the |
EXEC DBMS_MACSEC_ROLES.SET_ROLE('SECTOR2_APP_MGR');
You can enter the name of the role in any case (for example, Sector2_APP_MGR).