This chapter contains:
You can modify your applications to use the procedures within the DBMS_MACSEC_ROLES
package to check the authorization for a user or to set an Oracle Database Vault secure application role. The DBMS_MACSEC_ROLES
package is available to all users.
Chapter 8, "Configuring Secure Application Roles for Oracle Database Vault" describes secure application roles in detail. See also Chapter 14, "Using the DBMS_MACUTL Package" for a set of general-purpose utility procedures that you can use with the secure application role procedures.
Table 13-1 lists the DBMS_MACSEC_ROLES
package function and procedure.
Table 13-1 DBMS_MACSEC_ROLES Oracle Label Security Configuration Procedures
Function or Procedure | Description |
---|---|
Checks whether the user invoking the method is authorized to use the specified Oracle Database Vault secure application role. Returns a |
|
Issues the |
The CAN_SET_ROLE
function checks whether the user invoking the method is authorized to use the specified Oracle Database Vault secure application role.
DBMS_MACSEC_ROLES.CAN_SET_ROLE( p_role IN VARCHAR2) RETURN BOOLEAN;
Table 13-2 CAN_SET_ROLE Parameter
Parameter | Description |
---|---|
|
Role name. To find existing secure application roles in the current database instance, query the |
SET SERVEROUTPUT ON BEGIN IF DBMS_MACSEC_ROLES.CAN_SET_ROLE('SECTOR2_APP_MGR') THEN DBMS_OUTPUT.PUT_LINE('''SECTOR2_APP_MGR'' can be enabled.'); END IF; END; /
The SET_ROLE
procedure issues the SET ROLE
PL/SQL statement for an Oracle Database Vault secure application role. If a rule set that is associated with the role evaluates to false, then the role is not set.
DBMS_MACSEC_ROLES.SET_ROLE( p_role IN VARCHAR2);
Parameter | Description |
---|---|
|
Role name. To find existing secure application roles in the current database instance, query the |
EXEC DBMS_MACSEC_ROLES.SET_ROLE('SECTOR2_APP_MGR');
You can enter the name of the role in any case (for example, Sector2_APP_MGR
).