1 PACKAGE dbms_priv_capture AUTHID CURRENT_USER
2 AS
3
4 /**
5 * Procedure to capture a privilege usage, if a privilege capture conditions
6 * are met. This procedure is called when a privilege is used in PL/SQL and JAVA.
7 *
8 * @param userid ID of the user having the privilege
9 * @param syspriv ID of the system privilege used
10 * @param role Name of the role used
11 * @param objpriv ID of the object privilege used
12 * @param obj ID of the object accessed
13 * @param domain List of role IDs used to check privilege use (i.e. domain)
14 * @param domain_str List of role names used to check privilege use
15 */
16 PROCEDURE capture_privilege_use(
17 userid IN NUMBER,
18 syspriv IN NUMBER DEFAULT NULL,
19 role IN VARCHAR2 DEFAULT NULL,
20 objpriv IN NUMBER DEFAULT NULL,
21 obj IN NUMBER DEFAULT NULL,
22 domain IN role_array DEFAULT NULL,
23 domain_str IN rolename_array DEFAULT NULL);
24
25 /**
26 * Procedure to capture a privilege usage, if a privilege capture conditions
27 * are met. This procedure is called when a privilege is used in PL/SQL and JAVA.
28 *
29 * Note: it does the same thing with the above procedure,except the input
30 * parameters are strings for user's convenience.
31 *
32 * @param username Name of the user having the privilege
33 * @param syspriv Name of the system privilege used
34 * @param role Name of the role used
35 * @param objpriv Name of the object privilege used
36 * @param owner Name of the object owner
37 * @param object Name of the object accessed
38 * @param domain Security domain (id) used to check privilege use
39 * @param domain_str Security domain with names
40 */
41 PROCEDURE capture_privilege_use(
42 username IN VARCHAR2,
43 syspriv IN VARCHAR2 DEFAULT NULL,
44 role IN VARCHAR2 DEFAULT NULL,
45 objpriv IN VARCHAR2 DEFAULT NULL,
46 owner IN VARCHAR2 DEFAULT NULL,
47 object IN VARCHAR2 DEFAULT NULL,
48 domain IN role_array DEFAULT NULL,
49 domain_str IN rolename_array DEFAULT NULL);
50
51 /**
52 * Function to check whether the given user has a directly granted system
53 * privilege. If a capture is turned on, capture the privilege usage.
54 *
55 * @param userid ID of the user checked against
56 * @param syspriv ID of the system privilege to check (should be a negative
57 * number from system_privilege_map)
58 *
59 * Return 1 if privielge exists, 0 otherwise.
60 * Note: this function only checks for a direct granted system privilege.
61 */
62 FUNCTION HAS_SYS_PRIV_DIRECT_ID(
63 userid IN NUMBER,
64 syspriv IN NUMBER) RETURN NUMBER;
65
66 /**
67 * Function to check whether the given user has a directly granted system
68 * privilege. If a capture is turned on, capture the privilege usage.
69 *
70 * This function does the same with the above function, except that it accpets
71 * inputs as strings for caller's convenience.
72 *
73 * @param username Name of the user checked against
74 * @param syspriv Name of the system privilege to check
75 *
76 * Return 1 if privielge exists, 0 otherwise.
77 * Note: this function only checks for a direct granted system privilege.
78 */
79 FUNCTION HAS_SYS_PRIV_DIRECT(
80 username IN VARCHAR2,
81 syspriv IN VARCHAR2) RETURN NUMBER;
82
83 /**
84 * Function to check whether the given user has a given system
85 * privilege. If a capture is turned on, capture the privilege usage.
86 *
87 * @param userid ID of the user checked against
88 * @param syspriv ID of the system privilege to check (should be a valid
89 * negative number exisiting in system_privilege_map)
90 * @param usepublic whether privileges granted to public are included
91 *
92 * Return 1 if privielge exists, 0 otherwise.
93 *
94 * Note: this function checks both privileges directly granted to "userid"
95 * and privileges indirectly granted to one of the roles "userid" has.
96 * If usepublic=TRUE, privileges directly and indirectly granted to PUBLIC
97 * will also be checked.
98 */
99 FUNCTION HAS_SYS_PRIV_ID(
100 userid IN NUMBER,
101 syspriv IN NUMBER,
102 usepublic IN BOOLEAN DEFAULT TRUE) RETURN NUMBER;
103
104 /**
105 * Function to check whether the given user has a given system
106 * privilege. If a capture is turned on, capture the privilege usage.
107 *
108 * This function does the same with the above function, except that it accpets
109 * inputs as strings for caller's convenience.
110 *
111 * @param username Name of the user checked against
112 * @param syspriv Name of the system privilege to check
113 * @param usepublic whether privileges granted to public are included
114 *
115 * Return 1 if privielge exists, 0 otherwise.
116 * Note: this function checks both privileges directly granted to "username"
117 * and privileges indirectly granted to one of the roles "username" has.
118 * If usepublic=TRUE, privileges directly and indirectly granted to PUBLIC
119 * will also be checked.
120 */
121 FUNCTION HAS_SYS_PRIV(
122 username IN VARCHAR2,
123 syspriv IN VARCHAR2,
124 usepublic IN BOOLEAN DEFAULT TRUE) RETURN NUMBER;
125
126 /**
127 * Function to check whether the given user has a given object privilege
128 * If a capture is turned on, capture the privilege usage.
129 *
130 * @param l_user ID of the user checked against
131 * @param l_priv ID of the object privilege to check
132 * @param l_obj ID of the object
133 * @param usepublic whether privileges granted to public are included
134 *
135 * Return 1 if privielge exists, 0 otherwise.
136 * Note: this function checks both privileges directly granted to "l_user"
137 * and privileges indirectly granted to one of the roles "l_user" has.
138 * If usepublic=TRUE, privileges directly and indirectly granted to PUBLIC
139 * will also be checked.
140 */
141 FUNCTION HAS_OBJ_PRIV_ID(
142 l_user IN NUMBER,
143 l_priv IN NUMBER,
144 l_obj IN NUMBER,
145 usepublic IN BOOLEAN DEFAULT TRUE) RETURN NUMBER;
146
147 /**
148 * Function to check whether the given user has a given object privilege
149 * If a capture is turned on, capture the privilege usage.
150 *
151 * This function does the same with the above function, except that it accpets
152 * inputs as strings for caller's convenience.
153 *
154 * @param username Name of the user checked against
155 * @param objpriv Name of the object privilege to check
156 * @param objowner Name of the object owner
157 * @param objname Name of the object
158 * @param usepublic whether privileges granted to public are included
159 * @param nmspace Namespace of the object (default is 1 TABLE namespace)
160 *
161 * Note: caller of this function must have SELECT access on sys.obj$, sys.user$
162 *
163 * Return 1 if privielge exists, 0 otherwise.
164 * Note: this function checks both privileges directly granted to "username"
165 * and privileges indirectly granted to one of the roles "username" has.
166 * If usepublic=TRUE, privileges directly and indirectly granted to PUBLIC
167 * will also be checked.
168 */
169 FUNCTION HAS_OBJ_PRIV(
170 username IN VARCHAR2,
171 objpriv IN VARCHAR2,
172 objowner IN VARCHAR2,
173 objname IN VARCHAR2,
174 usepublic IN BOOLEAN DEFAULT TRUE,
175 nmspace IN NUMBER DEFAULT 1) RETURN NUMBER;
176
177 /**
178 * Function to check whether the given user has a directly granted object
179 * privilege. If a capture is turned on, capture the privilege usage.
180 *
181 * @param l_user ID of the user checked against
182 * @param l_priv ID of the object privilege to check
183 * @param l_obj ID of the object
184 *
185 * Return 1 if privielge exists, 0 otherwise.
186 * Note: this function only checks privileges directly granted to "l_user"
187 */
188 FUNCTION HAS_OBJ_PRIV_DIRECT_ID(
189 l_user IN NUMBER,
190 l_priv IN NUMBER,
191 l_obj IN NUMBER) RETURN NUMBER;
192
193
194 /**
195 * Function to check whether the given user has a directly granted object
196 * privilege. If a capture is turned on, capture the privilege usage.
197 *
198 * This function does the same with the above function, except that it accpets
199 * inputs as strings for caller's convenience.
200 *
201 * @param username Name of the user checked against
202 * @param objpriv Name of the object privilege to check
203 * @param objowner Name of the object owner
204 * @param objname Name of the object
205 * @param nmspace Namespace of the object (default is 1 TABLE namespace)
206 *
207 * Note: caller of this function must have SELECT access on sys.obj$, sys.user$
208 *
209 * Return 1 if privielge exists, 0 otherwise.
210 * Note: this function check only privileges directly granted to "username".
211 */
212 FUNCTION HAS_OBJ_PRIV_DIRECT(
213 username IN VARCHAR2,
214 objpriv IN VARCHAR2,
215 objowner IN VARCHAR2,
216 objname IN VARCHAR2,
217 nmspace IN NUMBER DEFAULT 1) RETURN NUMBER;
218
219 /**
220 * Function to check whether the given user has a given role.
221 * If a capture is turned on, capture the role usage.
222 *
223 * @param userid ID of the user checked against
224 * @param roleid ID of the role to check
225 * @param usepublic whether roles granted to public are included
226 *
227 * Return 1 if role exists, 0 otherwise.
228 *
229 * Note: this function checks both roles directly granted to "userid"
230 * and roles indirectly granted to one of the roles "userid" has.
231 * If usepublic=TRUE, roles directly and indirectly granted to PUBLIC
232 * will also be checked.
233 */
234 FUNCTION HAS_ROLE_PRIV_ID(
235 userid IN NUMBER,
236 roleid IN NUMBER,
237 usepublic IN BOOLEAN DEFAULT TRUE) RETURN NUMBER;
238
239 /**
240 * Function to check whether the specified role is granted to the
241 * given user either directly or recursively.
242 * If a capture is turned on, capture the role usage.
243 *
244 * @param username Name of the user checked against
245 * @param rolename Name of the role to check
246 * @param usepublic whether roles granted to public are included
247 *
248 * Return 1 if role exists, 0 otherwise.
249 *
250 * Note: this function performs the same check with HAS_ROLE_PRIV_ID, except
251 * it accepts username and rolename as strings.
252 */
253 FUNCTION HAS_ROLE_PRIV(
254 username IN VARCHAR2,
255 rolename IN VARCHAR2,
256 usepublic IN BOOLEAN DEFAULT TRUE) RETURN NUMBER;
257
258 /**
259 * Function to check whether the given user has a directly granted role.
260 * If a capture is turned on, capture the privilege usage.
261 *
262 * @param userid ID of the user checked against
263 * @param roleid ID of the role to check
264 *
265 * Return 1 if role is granted to user, 0 otherwise.
266 * Note: this function only checks for a direct granted role to user.
267 */
268 FUNCTION HAS_ROLE_PRIV_DIRECT_ID(
269 userid IN NUMBER,
270 roleid IN NUMBER) RETURN NUMBER;
271
272 /**
273 * Function to check whether the given user has a directly granted role.
274 * If a capture is turned on, capture the privilege usage.
275 * This funcation does the same with HAS_ROLE_PRIV_DIRECT_ID, except it
276 * accepts username and rolename as strings.
277 *
278 * @param username Name of the user checked against
279 * @param rolename Name of the role to check
280 *
281 * Return 1 if role is granted to user, 0 otherwise.
282 * Note: this function only checks for a direct granted role to user.
283 */
284 FUNCTION HAS_ROLE_PRIV_DIRECT(
285 username IN VARCHAR2,
286 rolename IN VARCHAR2) RETURN NUMBER;
287
288 /**
289 * Function to check whether the session user has s given system privilege.
290 * If a capture is turned on, capture the privilege usage.
291 *
292 * @param syspriv Name of the system privilege to check
293 *
294 * Return 1 if privielge exists, 0 otherwise.
295 * Note: this function is a wrapper for "SELECT from session_privs".
296 */
297 FUNCTION SES_HAS_SYS_PRIV(systempriv IN VARCHAR2) RETURN NUMBER;
298
299 /**
300 * Function to check whether the session user has s given role.
301 * If a capture is turned on, capture the privilege usage.
302 *
303 * @param role Name of the role to check
304 *
305 * Return 1 if privielge exists, 0 otherwise.
306 * Note: this function is a wrapper for "SELECT from session_roles".
307 */
308 FUNCTION SES_HAS_ROLE_PRIV(rolename IN VARCHAR2) RETURN NUMBER;
309 END;