1 PACKAGE dbms_tsdp_protect AUTHID CURRENT_USER AS
2
3 DATATYPE CONSTANT INTEGER := 1 ;
4 LENGTH CONSTANT INTEGER := 2 ;
5 SCHEMA_NAME CONSTANT INTEGER := 3;
6 TABLE_NAME CONSTANT INTEGER := 4 ;
7
8 TSDP_PARAM_MAX CONSTANT INTEGER := 4000;
9
10 type FEATURE_OPTIONS is table of varchar2(4000) index by varchar2(30);
11
12 type POLICY_CONDITIONS is table of varchar2(4000) index by PLS_INTEGER;
13
14 REDACT CONSTANT INTEGER := 1 ;
15 UNIFIED_AUDIT CONSTANT INTEGER := 2 ;
16 VPD CONSTANT INTEGER := 3 ;
17 COLUMN_ENCRYPTION CONSTANT INTEGER := 4 ;
18 FGA CONSTANT INTEGER := 5 ;
19
20 tsdp$default_condition POLICY_CONDITIONS;
21
22 -- ADD_POLICY : This procedure is used to create a Protection Policy.
23 -- Parameters:
24 -- policy_name - Name of the Policy being created. The maximum length for this
25 -- identifier is M_IDEN. This follows the Oracle naming
26 -- convention.
27 -- security_feature - The Oracle Security Feature with which the policy is
28 -- associated. Allowed values:
29 -- DBMS_TSDP_PROTECT.REDACT
30 -- DBMS_TSDP_PROTECT.VPD
31 -- DBMS_TSDP_PROTECT.FGA
32 -- DBMS_TSDP_PROTECT.COLUMN_ENCRYPTION
33 -- policy_enable_options - This parameter should be initialized with the
34 -- parameter-value pairs corresponding to the security
35 -- feature.
36 -- policy_apply_condition - This parameter should be initialized with the
37 -- property-value pairs that must be satisfied in
38 -- order to apply the corresponding
39 -- policy_enable_options.
40 -- This is an associative array with Property as the
41 -- key (PLS_INTEGER).
42 -- Example:
43 -- example_policy_condition(<Property>)= <property_value>.
44 -- Permissible values for Property are:
45 -- DBMS_TSDP_PROPERTY.DATATYPE
46 -- DBMS_TSDP_PROPERTY.LENGTH
47 -- DBMS_TSDP_PROPERTY.PARENT_SCHEMA
48 -- DBMS_TSDP_PROPERTY.PARENT_TABLE
49
50 PROCEDURE ADD_POLICY (
51 policy_name IN VARCHAR2,
52 security_feature IN PLS_INTEGER,
53 policy_enable_options IN FEATURE_OPTIONS,
54 policy_apply_condition IN POLICY_CONDITIONS default tsdp$default_condition);
55
56 -- ALTER_POLICY : This procedure can be used to alter an existing TSDP Policy.
57 -- Parameters:
58 -- policy_name - Name of the Policy to alter.
59 -- policy_enable_options - This parameter should be initialized with the
60 -- parameter-value pairs corresponding to the security
61 -- feature.
62 -- policy_apply_condition - This parameter should be initialized with the
63 -- property-value pairs that must be satisfied in
64 -- order to apply the corresponding
65 -- policy_enable_options.
66
67 PROCEDURE ALTER_POLICY (
68 policy_name IN VARCHAR2,
69 policy_enable_options IN FEATURE_OPTIONS,
70 policy_apply_condition IN POLICY_CONDITIONS default tsdp$default_condition);
71
72 -- DROP_POLICY : The overloaded DBMS_TSDP_PROTECT.DROP_POLICY can be used to
73 -- drop a TSDP Policy or one of its Condition-Enable_Options
74 -- combinations.
75 -- The combination of Policy_Condition and Policy_Enable_Options
76 -- can be dropped from a TSDP Policy by giving the
77 -- policy_apply_condition parameter.
78 -- The Default Condition-Default Options combination can also be
79 -- dropped (if it exists for The Policy) by passing an empty
80 -- associative array of type DBMS_TSDP_PROTECT.POLICY_CONDITION.
81 -- Parameters:
82 -- policy_name - Name of the TSDP Policy that is to be dropped.
83 -- Policy_enable_condition - This parameter should be initialized with the
84 -- property-value pairs.
85
86 PROCEDURE DROP_POLICY (
87 policy_name IN VARCHAR2,
88 policy_apply_condition IN POLICY_CONDITIONS);
89
90 PROCEDURE DROP_POLICY (
91 policy_name IN VARCHAR2);
92
93 -- ASSOCIATE_POLICY : This procedure can be used to associate/dis-associate a
94 -- TSDP Policy with a Sensitive Column Type.
95 -- Parameters:
96 -- Policy_name - Name of the TSDP Policy.
97 -- Sensitive_type - Name of the Sensitive Column Type.
98 -- Associate - Associate or Dis-associate. TRUE implies Associate.
99
100 PROCEDURE ASSOCIATE_POLICY (
101 policy_name IN VARCHAR2,
102 sensitive_type IN VARCHAR2,
103 associate IN BOOLEAN DEFAULT TRUE);
104
105 -- ENABLE_PROTECTION_SOURCE : This procedure can be used to enable protection
106 -- based on the source of truth for the sensitive
107 -- columns.
108 -- Parameters:
109 -- discovery_sourcename - Name of the discovery source. This could be the ADM
110 -- name or the database user.
111
112 PROCEDURE ENABLE_PROTECTION_SOURCE (
113 discovery_source IN VARCHAR2);
114
115 -- DISABLE_PROTECTION_SOURCE : This procedure can be used to disable protection
116 -- based on the source of truth for the sensitive
117 -- columns.
118 -- Parameters:
119 -- discovery_sourcename - Name of the discovery source. This could be the ADM
120 -- name or the database user.
121
122 PROCEDURE DISABLE_PROTECTION_SOURCE (
123 discovery_source IN VARCHAR2);
124
125 -- ENABLE_PROTECTION_COLUMN : This procedure can be used to enable protection
126 -- for columns.
127 -- Parameters:
128 -- Schema_name - The name of the schema containing the column.
129 -- Table_name - The table containing the column.
130 -- column_name - The column name.
131 -- policy - Optional policy name. If given, only this policy is enabled.
132
133 PROCEDURE ENABLE_PROTECTION_COLUMN (
134 schema_name IN VARCHAR2 default '%',
135 table_name IN VARCHAR2 default '%',
136 column_name IN VARCHAR2 default '%',
137 policy IN VARCHAR2 DEFAULT NULL);
138
139 -- DISABLE_PROTECTION_COLUMN : This procedure can be used to disable protection
140 -- for columns.
141 -- Parameters:
142 -- Schema_name - The name of the schema containing the column.
143 -- Table_name - The table containing the column.
144 -- column_name - The column name.
145 -- policy - Optional policy name. If given, only this policy is disabled.
146
147 PROCEDURE DISABLE_PROTECTION_COLUMN (
148 schema_name IN VARCHAR2 default '%',
149 table_name IN VARCHAR2 default '%',
150 column_name IN VARCHAR2 default '%',
151 policy IN VARCHAR2 DEFAULT NULL);
152
153 -- ENABLE_PROTECTION_TYPE : This procedure can be used to enable protection
154 -- for a Sensitive Column Type.
155 -- Parameters:
156 -- sensitive_type - Name of the Sensitive Column Type.
157
158 PROCEDURE ENABLE_PROTECTION_TYPE (
159 sensitive_type IN VARCHAR2);
160
161 -- DISABLE_PROTECTION_TYPE : This procedure can be used to disable protection
162 -- for a Sensitive Column Type.
163 -- Parameters:
164 -- sensitive_type - Name of the Sensitive Column Type.
165
166 PROCEDURE DISABLE_PROTECTION_TYPE (
167 sensitive_type IN VARCHAR2);
168
169 END dbms_tsdp_protect;