1 PACKAGE dbms_rls AS
2
3 STATIC CONSTANT BINARY_INTEGER := 1;
4 SHARED_STATIC CONSTANT BINARY_INTEGER := 2;
5 CONTEXT_SENSITIVE CONSTANT BINARY_INTEGER := 3;
6 SHARED_CONTEXT_SENSITIVE CONSTANT BINARY_INTEGER := 4;
7 DYNAMIC CONSTANT BINARY_INTEGER := 5;
8 XDS1 CONSTANT BINARY_INTEGER := 6;
9 XDS2 CONSTANT BINARY_INTEGER := 7;
10 XDS3 CONSTANT BINARY_INTEGER := 8;
11 OLS CONSTANT BINARY_INTEGER := 9;
12
13 -- security relevant columns options, default is null
14 ALL_ROWS CONSTANT BINARY_INTEGER := 1;
15
16 -- Type of refresh on static acl mv
17 XDS_ON_COMMIT_MV CONSTANT BINARY_INTEGER := 0;
18 XDS_ON_DEMAND_MV CONSTANT BINARY_INTEGER := 1;
19 XDS_SCHEDULED_MV CONSTANT BINARY_INTEGER := 2;
20
21 -- Type of static acl mv
22 XDS_SYSTEM_GENERATED_MV CONSTANT BINARY_INTEGER := 0;
23 XDS_USER_SPECIFIED_MV CONSTANT BINARY_INTEGER := 1;
24
25 -- alter options for a row level security policy
26 ADD_ATTRIBUTE_ASSOCIATION CONSTANT BINARY_INTEGER := 1;
27 REMOVE_ATTRIBUTE_ASSOCIATION CONSTANT BINARY_INTEGER := 2;
28
29
30 -- Support log based replication of RLS (proj 17779)
31 PRAGMA SUPPLEMENTAL_LOG_DATA(default, AUTO_WITH_COMMIT);
32
33 -- ------------------------------------------------------------------------
34 -- add_policy - add a row level security policy to a table or view
35 --
36 -- INPUT PARAMETERS
37 -- object_schema - schema owning the table/view, current user if NULL
38 -- object_name - name of table or view
39 -- policy_name - name of policy to be added
40 -- function_schema - schema of the policy function, current user if NULL
41 -- policy_function - function to generate predicates for this policy
42 -- statement_types - statement type that the policy apply, default is any
43 -- update_check - policy checked against updated or inserted value?
44 -- enable - policy is enabled?
45 -- static_policy - policy is static (predicate is always the same)?
46 -- policy_type - policy type - overwrite static_policy if non-null
47 -- long_predicate - max predicate length 4000 bytes (default) or 32K
48 -- sec_relevant_cols - list of security relevant columns
49 -- sec_relevant_cols_opt - security relevant column option
50 -- namespace - name of application context namespace
51 -- attribute - name of application context attribute
52
53 PROCEDURE add_policy(object_schema IN VARCHAR2 := NULL,
54 object_name IN VARCHAR2,
55 policy_name IN VARCHAR2,
56 function_schema IN VARCHAR2 := NULL,
57 policy_function IN VARCHAR2,
58 statement_types IN VARCHAR2 := NULL,
59 update_check IN BOOLEAN := FALSE,
60 enable IN BOOLEAN := TRUE,
61 static_policy IN BOOLEAN := FALSE,
62 policy_type IN BINARY_INTEGER := NULL,
63 long_predicate BOOLEAN := FALSE,
64 sec_relevant_cols IN VARCHAR2 := NULL,
65 sec_relevant_cols_opt IN BINARY_INTEGER := NULL,
66 namespace IN VARCHAR2 := NULL,
67 attribute IN VARCHAR2 := NULL);
68
69 -- alter_policy - alter a row level security policy
70 --
71 -- INPUT PARAMETERS
72 -- object_schema - schema owning the table/view, current user if NULL
73 -- object_name - name of table or view
74 -- policy_name - name of policy to be added
75 -- alter_option - addition/removal of attribute association
76 -- namespace - name of application context namespace
77 -- attribute - name of application context attribute
78
79 PROCEDURE alter_policy(object_schema IN VARCHAR2 := NULL,
80 object_name IN VARCHAR2,
81 policy_name IN VARCHAR2,
82 alter_option IN BINARY_INTEGER := NULL,
83 namespace IN VARCHAR2,
84 attribute IN VARCHAR2);
85
86 -- alter_grouped_policy - alter a row level security policy of a
87 -- policy group
88 --
89 -- INPUT PARAMETERS
90 -- object_schema - schema owning the table/view, current user if NULL
91 -- object_name - name of table or view
92 -- policy_name - name of policy to be added
93 -- alter_option - addition/removal of attribute association
94 -- namespace - name of application context namespace
95 -- attribute - name of application context attribute
96
97 PROCEDURE alter_grouped_policy(object_schema IN VARCHAR2 := NULL,
98 object_name IN VARCHAR2,
99 policy_group IN VARCHAR2 := 'SYS_DEFAULT',
100 policy_name IN VARCHAR2,
101 alter_option IN BINARY_INTEGER := NULL,
102 namespace IN VARCHAR2,
103 attribute IN VARCHAR2);
104
105 -- drop_policy - drop a row level security policy from a table or view
106 --
107 -- INPUT PARAMETERS
108 -- object_schema - schema owning the table/view, current user if NULL
109 -- object_name - name of table or view
110 -- policy_name - name of policy to be dropped
111
112 PROCEDURE drop_policy(object_schema IN VARCHAR2 := NULL,
113 object_name IN VARCHAR2,
114 policy_name IN VARCHAR2);
115
116 -- refresh_policy - invalidate all cursors associated with the policy
117 -- if no argument provides, all cursors with
118 -- policies involved will be invalidated
119 --
120 -- INPUT PARAMETERS
121 -- object_schema - schema owning the table/view, current user if NULL
122 -- object_name - name of table or view
123 -- policy_name - name of policy to be refreshed
124
125 PROCEDURE refresh_policy(object_schema IN VARCHAR2 := NULL,
126 object_name IN VARCHAR2 := NULL,
127 policy_name IN VARCHAR2 := NULL);
128
129 -- enable_policy - enable or disable a security policy for a table or view
130 --
131 -- INPUT PARAMETERS
132 -- object_schema - schema owning the table/view, current user if NULL
133 -- object_name - name of table or view
134 -- policy_name - name of policy to be enabled or disabled
135 -- enable - TRUE to enable the policy, FALSE to disable the policy
136
137 PROCEDURE enable_policy(object_schema IN VARCHAR2 := NULL,
138 object_name IN VARCHAR2,
139 policy_name IN VARCHAR2,
140 enable IN BOOLEAN := TRUE );
141
142 -- create_policy_group - create a policy group for a table or view
143 --
144 -- INPUT PARAMETERS
145 -- object_schema - schema owning the table/view, current user if NULL
146 -- object_name - name of table or view
147 -- policy_group - name of policy to be created
148
149 PROCEDURE create_policy_group(object_schema IN VARCHAR2 := NULL,
150 object_name IN VARCHAR2,
151 policy_group IN VARCHAR2);
152
153
154 -- ------------------------------------------------------------------------
155 -- add_grouped_policy - add a row level security policy to a policy group
156 -- for a table or view
157 --
158 -- INPUT PARAMETERS
159 -- object_schema - schema owning the table/view, current user if NULL
160 -- object_name - name of table or view
161 -- policy_group - name of policy group to be added
162 -- policy_name - name of policy to be added
163 -- function_schema - schema of the policy function, current user if NULL
164 -- policy_function - function to generate predicates for this policy
165 -- statement_types - statement type that the policy apply, default is any
166 -- update_check - policy checked against updated or inserted value?
167 -- enable - policy is enabled?
168 -- static_policy - policy is static (predicate is always the same)?
169 -- policy_type - policy type - overwrite static_policy if non-null
170 -- long_predicate - max predicate length 4000 bytes (default) or 32K
171 -- sec_relevant_cols - list of security relevant columns
172 -- sec_relevant_cols_opt - security relevant columns option
173 -- namespace - name of application context namespace
174 -- attribute - name of application context attribute
175
176 PROCEDURE add_grouped_policy(object_schema IN VARCHAR2 := NULL,
177 object_name IN VARCHAR2,
178 policy_group IN VARCHAR2 := 'SYS_DEFAULT',
179 policy_name IN VARCHAR2,
180 function_schema IN VARCHAR2 := NULL,
181 policy_function IN VARCHAR2,
182 statement_types IN VARCHAR2 := NULL,
183 update_check IN BOOLEAN := FALSE,
184 enable IN BOOLEAN := TRUE,
185 static_policy IN BOOLEAN := FALSE,
186 policy_type IN BINARY_INTEGER := NULL,
187 long_predicate BOOLEAN := FALSE,
188 sec_relevant_cols IN VARCHAR2 := NULL,
189 sec_relevant_cols_opt IN BINARY_INTEGER := NULL,
190 namespace IN VARCHAR2 := NULL,
191 attribute IN VARCHAR2 := NULL);
192
193
194 -- ------------------------------------------------------------------------
195 -- add_policy_context - add a driving context to a table or view
196 --
197 -- INPUT PARAMETERS
198 -- object_schema - schema owning the table/view, current user if NULL
199 -- object_name - name of table or view
200 -- namespace - namespace of driving context
201 -- attribute - attribute of driving context
202
203 PROCEDURE add_policy_context(object_schema IN VARCHAR2 := NULL,
204 object_name IN VARCHAR2,
205 namespace IN VARCHAR2,
206 attribute IN VARCHAR2);
207
208 -- delete_policy_group - drop a policy group for a table or view
209 --
210 -- INPUT PARAMETERS
211 -- object_schema - schema owning the table/view, current user if NULL
212 -- object_name - name of table or view
213 -- policy_group - name of policy to be dropped
214
215 PROCEDURE delete_policy_group(object_schema IN VARCHAR2 := NULL,
216 object_name IN VARCHAR2,
217 policy_group IN VARCHAR2);
218
219
220 -- drop_grouped_policy - drop a row level security policy from a policy
221 -- group of a table or view
222 --
223 -- INPUT PARAMETERS
224 -- object_schema - schema owning the table/view, current user if NULL
225 -- object_name - name of table or view
226 -- policy_group - name of policy to be dropped
227 -- policy_name - name of policy to be dropped
228
229 PROCEDURE drop_grouped_policy(object_schema IN VARCHAR2 := NULL,
230 object_name IN VARCHAR2,
231 policy_group IN VARCHAR2 := 'SYS_DEFAULT',
232 policy_name IN VARCHAR2);
233
234 -- ------------------------------------------------------------------------
235 -- drop_policy_context - drop a driving context from a table or view
236 --
237 -- INPUT PARAMETERS
238 -- object_schema - schema owning the table/view, current user if NULL
239 -- object_name - name of table or view
240 -- namespace - namespace of driving context
241 -- attribute - attribute of driving context
242
243 PROCEDURE drop_policy_context(object_schema IN VARCHAR2 := NULL,
244 object_name IN VARCHAR2,
245 namespace IN VARCHAR2,
246 attribute IN VARCHAR2);
247
248 -- refresh_grouped_policy - invalidate all cursors associated with the policy
249 -- if no argument provides, all cursors with
250 -- policies involved will be invalidated
251 --
252 -- INPUT PARAMETERS
253 -- object_schema - schema owning the table/view, current user if NULL
254 -- object_name - name of table or view
255 -- policy_group - name of group of the policy to be refreshed
256 -- policy_name - name of policy to be refreshed
257
258 PROCEDURE refresh_grouped_policy(object_schema IN VARCHAR2 := NULL,
259 object_name IN VARCHAR2 := NULL,
260 group_name IN VARCHAR2 := NULL,
261 policy_name IN VARCHAR2 := NULL);
262
263 -- enable_grouped_policy - enable or disable a policy for a table or view
264 --
265 -- INPUT PARAMETERS
266 -- object_schema - schema owning the table/view, current user if NULL
267 -- object_name - name of table or view
268 -- policy_name - name of policy to be enabled or disabled
269 -- enable - TRUE to enable the policy, FALSE to disable the policy
270
271 PROCEDURE enable_grouped_policy(object_schema IN VARCHAR2 := NULL,
272 object_name IN VARCHAR2,
273 group_name IN VARCHAR2,
274 policy_name IN VARCHAR2,
275 enable IN BOOLEAN := TRUE);
276
277 -- disable_grouped_policy - enable or disable a policy for a table or view
278 --
279 -- INPUT PARAMETERS
280 -- object_schema - schema owning the table/view, current user if NULL
281 -- object_name - name of table or view
282 -- policy_name - name of policy to be enabled or disabled
283 -- enable - TRUE to enable the policy, FALSE to disable the policy
284
285 PROCEDURE disable_grouped_policy(object_schema IN VARCHAR2 := NULL,
286 object_name IN VARCHAR2,
287 group_name IN VARCHAR2,
288 policy_name IN VARCHAR2);
289
290 END dbms_rls;