1. Graph Developer's Guide for RDF Graph
  2. Appendixes
  3. MDSYS-Owned Semantic Network
  4. Reference Information (MDSYS_Owned Semantic Network Only)

D.5 Reference Information (MDSYS_Owned Semantic Network Only)

This section provides reference information about RDF Semantic Graph subprograms that apply only for MDSYS-owned semantic networks.

Parent topic: MDSYS-Owned Semantic Network

D.5.1 SEM_OLS Package Subprograms

The SEM_OLS package contains subprograms (functions and procedures) related to triple-level security to RDF data, using Oracle Label Security (OLS).

To use the subprograms in this chapter, you should understand the conceptual and usage information in RDF Semantic Graph Overview and Fine-Grained Access Control for RDF Data.

This chapter provides reference information about the subprograms, listed in alphabetical order.

Parent topic: Reference Information (MDSYS_Owned Semantic Network Only)

D.5.1.1 SEM_OLS.APPLY_POLICY_TO_APP_TAB

Format

SEM_OLS.APPLY_POLICY_TO_APP_TAB(
     policy_name   IN VARCHAR2, 
     schema_name   IN VARCHAR2, 
     table_name    IN VARCHAR2, 
     predicate     IN VARCHAR2 DEFAULT NULL);

Description

Applies an OLS policy to an application table in the MDSYS-owned network.

Parameters

policy_name

Name of an existing OLS policy.

schema_name

Name of the schema containing the application table.

table_name

Name of the application table.

predicate

An additional predicate to combine with the label-based predicate.

Usage Notes

When you use triple-level security, OLS is applied to each semantic model in the network. That is, label security is applied to the relevant internal tables and to all the application tables; there is no need to manually apply policies to the application tables of existing semantic models. However, if you need to create additional models after applying the OLS policy, you must use the SEM_OLS.APPLY_POLICY_TO_APP_TAB procedure to apply OLS to the application table before creating the model.

You must have the following to execute this procedure: EXECUTE privilege for the SA_POLICY_ADMIN package, and the policy_DBA role.

Before executing this procedure, you must have executed the SEM_RDFSA.APPLY_OLS_POLICY procedure specifying SEM_RDFSA.TRIPLE_LEVEL_ONLY for the rdfsa_options parameter.

To remove the OLS policy from the application table, use the SEM_OLS.REMOVE_POLICY_FROM_APP_TAB procedure.

For information about support for OLS, see Fine-Grained Access Control for RDF Data.

This procedure applies only to the MDSYS-owned network, not to schema-private networks. (If you try to apply this procedure to a schema-private network, the error "ORA-20000: No application tables for schema-private network" is returned.) For information about semantic network types and options, see RDF Networks.

Examples

The following example applies an OLS policy named defense to the MY_SCHEMA.MY_APP_TABLE application table. 

begin
  sem_ols.apply_policy_to_app_table(
        policy_name => 'defense',
        schema_name => 'my_schema',
        table_name  => 'my_app_table');
end;
/

Parent topic: SEM_OLS Package Subprograms

D.5.1.2 SEM_OLS.REMOVE_POLICY_FROM_APP_TAB

Format

SEM_OLS.REMOVE_POLICY_FROM_APP_TAB(
     policy_name   IN VARCHAR2, 
     schema_name   IN VARCHAR2, 
     table_name    IN VARCHAR2,
     check_model   IN BOOLEAN DEFAULT TRUE);

Description

Permanently removes or detaches the OLS policy from an application table associated with a model in the MDSYS-owned network.

Parameters

policy_name

Name of the existing OLS policy.

schema_name

Name of the schema containing the application table.

table_name

Name of the application table.

check_model

TRUE (the default) checks if the model associated with the application table exists (and generates an exception if the model exists); FALSE does not check if the model exists before performing the operation.

Usage Notes

If you have dropped a semantic model and you no longer need to protect the application table, you can use this procedure.

You must have the following to execute this procedure: EXECUTE privilege for the SA_POLICY_ADMIN package, and the policy_DBA role.

Before executing this procedure, you must have executed the SEM_RDFSA.APPLY_OLS_POLICY procedure specifying SEM_RDFSA.TRIPLE_LEVEL_ONLY for the rdfsa_options parameter.

If check_model is TRUE (the default), an exception is generated if the associated model exists. In this case, if you want to execute this procedure, you must first drop the model.

For information about support for OLS, see Fine-Grained Access Control for RDF Data.

This procedure applies only to the MDSYS-owned network, not to schema-private networks. (If you try to apply this procedure to a schema-private network, the error "ORA-20000: No application tables for schema-private network" is returned.) For information about semantic network types and options, see RDF Networks.

Examples

The following example removes the OLS policy named defense from the MY_SCHEMA.MY_APP_TABLE application table. 

begin
  sem_ols.remove_policy_from_app_table(
        policy_name => 'defense',
        schema_name => 'my_schema',
        table_name  => 'my_app_table');
end;
/

Parent topic: SEM_OLS Package Subprograms

D.5.2 SEM_APIS.PRIVILEGE_ON_APP_TABLES

Format

SEM_APIS.PRIVILEGE_ON_APP_TABLES(
     command       IN VARCHAR2 DEFAULT 'GRANT',
     privilege     IN VARCHAR2 DEFAULT 'SELECT',
     network_owner IN VARCHAR2 DEFAULT NULL,
     network_name  IN VARCHAR2 DEFAULT NULL);

Description

Grants (or revokes) SELECT or INSERT privilege to (or from) MDSYS on application tables corresponding to all the RDF models owned by the invoker.

Parameters

command

SQL statement, with possible values GRANT (the default) or REVOKE (case insensitive).

privilege

Privilege name, with possible values SELECT (the default) or INSERT (case insensitive).

network_owner

Owner of the semantic network. (See Table 1-2.)

network_name

Name of the semantic network. (See Table 1-2.)

Usage Notes

For information about semantic network types and options, see RDF Networks.

Examples

The following example grants SELECT privilege to MDSYS on application tables corresponding to all the RDF models owned by the invoker.

EXECUTE SEM_APIS.PRIVILEGE_ON_APP_TABLES('grant', 'select');

Parent topic: Reference Information (MDSYS_Owned Semantic Network Only)

D.5.3 SEM_APIS.REMOVE_DUPLICATES

Format

SEM_APIS.REMOVE_DUPLICATES(
     model_name           IN VARCHAR2, 
     threshold            IN FLOAT DEFAULT 0.3, 
     rebuild_apptab_index IN BOOLEAN DEFAULT TRUE,
     options              IN VARCHAR2 DEFAULT NULL,
     network_owner        IN VARCHAR2 DEFAULT NULL,
     network_name         IN VARCHAR2 DEFAULT NULL);

Description

Removes duplicate triples from a model.

Parameters

model_name

Name of the model.

threshold

A value to determine how numerous triples must be in order for the removal operation to be performed. This procedure removes triples only if the number of triples in the model exceeds the following formula: (total-triples - total-unique-triples + 0.01) / (total-unique-triples + 0.01). For the default value of 0.3 and a model containing 1000 total triples (including duplicates), duplicate triples would be removed only if the number of duplicates exceeds approximately 230.

The lower the threshold value, the fewer duplicates are needed for the procedure to remove duplicates; the higher the threshold value, the more duplicates are needed for the procedure to remove duplicates.

rebuild_apptab_index

TRUE (the default) causes all usable indexes on tables that were affected by this operation to be rebuilt after the duplicate triples are removed; FALSE does not rebuild any indexes.

options

(Reserved for future use.)

network_owner

Owner of the semantic network. (See Table 1-2.)

network_name

Name of the semantic network. (See Table 1-2.)

Usage Notes

When duplicate triples are removed, all information in the removed rows is lost, including information in columns other than the triple column.

This procedure is not supported on virtual models (explained in Virtual Models).

If the model is empty, or if it contains no duplicate triples or not enough duplicate triples (as computed using the threshold value), this procedure does not perform any removal operations.

If there are not enough duplicates (as computed using the threshold value) to perform the operation, an informational message is displayed.

If unusable indexes are involved, be sure that the SKIP_UNUSABLE_INDEXES system parameter is set to TRUE. Although TRUE is the default value for this parameter, some production databases may use the value FALSE; therefore, if you need to change it, enter the following: 

SQL> alter session set skip_unusable_indexes=true;

To use this procedure on an application table with one or more user-defined triggers, you must connect as a DBA user and grant the ALTER ANY TRIGGER privilege to the MDSYS user, as follows:

SQL> grant alter any trigger to MDSYS;

For information about semantic network types and options, see RDF Networks.

Examples

The following example removes duplicate triples in the model named family. It accepts the default threshold value of 0.3 and (by default) rebuilds indexes after the duplicates are removed. 

EXECUTE SEM_APIS.REMOVE_DUPLICATES('family');

Parent topic: Reference Information (MDSYS_Owned Semantic Network Only)