1 PACKAGE XS_PRINCIPAL AUTHID CURRENT_USER AS
2
3 -- Public constants
4 -- The following constants define the user's status.
5 ACTIVE CONSTANT PLS_INTEGER := 1;
6 INACTIVE CONSTANT PLS_INTEGER := 2;
7 UNLOCK CONSTANT PLS_INTEGER := 3;
8 EXPIRED CONSTANT PLS_INTEGER := 4;
9 LOCKED CONSTANT PLS_INTEGER := 5;
10
11 -- The following constants define dynamic role scope.
12 SESSION_SCOPE CONSTANT PLS_INTEGER := 0;
13 REQUEST_SCOPE CONSTANT PLS_INTEGER := 1;
14
15 -- The following constants define the Verifier type.
16 XS_SHA512 CONSTANT PLS_INTEGER := 2 ;
17 XS_SALTED_SHA1 CONSTANT PLS_INTEGER := 1 ;
18
19 -- Enable log based replication for this package
20 PRAGMA SUPPLEMENTAL_LOG_DATA(default, AUTO);
21
22 -- Principal creation APIs.
23 PROCEDURE create_user (
24 name IN VARCHAR2,
25 schema IN VARCHAR2 := NULL,
26 status IN PLS_INTEGER := ACTIVE,
27 start_date IN TIMESTAMP WITH TIME ZONE := NULL,
28 end_date IN TIMESTAMP WITH TIME ZONE := NULL,
29 guid IN RAW := NULL,
30 external_source IN VARCHAR2 := NULL,
31 description IN VARCHAR2 := NULL );
32
33 PROCEDURE create_role (
34 name IN VARCHAR2,
35 enabled IN BOOLEAN := FALSE,
36 start_date IN TIMESTAMP WITH TIME ZONE:= NULL,
37 end_date IN TIMESTAMP WITH TIME ZONE:= NULL,
38 guid IN RAW := NULL,
39 external_source IN VARCHAR2 := NULL,
40 description IN VARCHAR2 := NULL);
41
42 PROCEDURE create_dynamic_role (
43 name IN VARCHAR2,
44 duration IN PLS_INTEGER := NULL,
45 scope IN PLS_INTEGER := SESSION_SCOPE,
46 description IN VARCHAR2 := NULL);
47
48 -- Grant a role to a principal
49 PROCEDURE grant_roles (
50 grantee IN VARCHAR2,
51 role IN VARCHAR2,
52 start_date IN TIMESTAMP WITH TIME ZONE:= NULL,
53 end_date IN TIMESTAMP WITH TIME ZONE:= NULL);
54
55 -- Grant a list of roles to a principal
56 PROCEDURE grant_roles (
57 grantee IN VARCHAR2,
58 role_list IN XS$ROLE_GRANT_LIST);
59
60 -- Revoke all roles from a principal.
61 PROCEDURE revoke_roles (
62 grantee IN VARCHAR2);
63
64 -- Revoke a role from a principal
65 PROCEDURE revoke_roles (
66 grantee IN VARCHAR2,
67 role IN VARCHAR2);
68
69 -- Revoke a list of roles from a principal
70 PROCEDURE revoke_roles (
71 grantee IN VARCHAR2,
72 role_list IN XS$NAME_LIST);
73
74 -- Add a proxy user to a lightweight user.
75 -- proxy_user will proxy to and act on behalf of target_user.
76 -- If the target_roles is null, only xspublic and xsswitch
77 -- default roles will be enable for proxy user.
78 PROCEDURE add_proxy_user (
79 target_user IN VARCHAR2,
80 proxy_user IN VARCHAR2,
81 target_roles IN XS$NAME_LIST);
82
83 -- Add proxy user to a target user with all with all default enabled
84 -- roles of target user.
85 PROCEDURE add_proxy_user (
86 target_user IN VARCHAR2,
87 proxy_user IN VARCHAR2);
88
89 -- Add a proxy user to db user
90 PROCEDURE add_proxy_to_dbuser (
91 database_user IN VARCHAR2,
92 proxy_user IN VARCHAR2,
93 is_external IN BOOLEAN := FALSE);
94
95 -- Remove a proxy user from db user
96 PROCEDURE remove_proxy_from_dbuser (
97 database_user IN VARCHAR2,
98 proxy_user IN VARCHAR2);
99
100 -- Remove all existing proxy users from a target user.
101 PROCEDURE remove_proxy_users (
102 target_user IN VARCHAR2);
103
104 -- Remove a proxy user from a target user.
105 PROCEDURE remove_proxy_users (
106 target_user IN VARCHAR2,
107 proxy_user IN VARCHAR2);
108
109 -- Update effective date of a user/role.
110 PROCEDURE set_effective_dates (
111 principal IN VARCHAR2,
112 start_date IN TIMESTAMP WITH TIME ZONE:= NULL,
113 end_date IN TIMESTAMP WITH TIME ZONE:= NULL);
114
115 -- Update the duration of a dynamic role.
116 PROCEDURE set_dynamic_role_duration (
117 role IN VARCHAR2,
118 duration IN PLS_INTEGER);
119
120 -- Update the scope attribute of a dynamic role
121 PROCEDURE set_dynamic_role_scope (
122 role IN VARCHAR2,
123 scope IN PLS_INTEGER);
124
125 -- Enables/disables the role by default. This API only works on regular roles.
126 PROCEDURE enable_by_default (
127 role IN VARCHAR2,
128 enabled IN BOOLEAN := TRUE);
129
130 -- Enables/disables all directly granted roles for a user by default.
131 -- This API only works on users.
132 PROCEDURE enable_roles_by_default (
133 user IN VARCHAR2,
134 enabled IN BOOLEAN := TRUE);
135
136 -- Update the schema that a lightweight user owns. Only apply for LW user.
137 PROCEDURE set_user_schema (
138 user IN VARCHAR2,
139 schema IN VARCHAR2);
140
141 -- Set GUID. The guid only can be set if the principal is from an external
142 -- source and the previous guid is null.
143 PROCEDURE set_guid (
144 principal IN VARCHAR2,
145 guid IN RAW);
146
147 -- Set/modify the user status that a lightweight user owns.
148 PROCEDURE set_user_status (
149 user IN VARCHAR2,
150 status IN PLS_INTEGER);
151
152 -- Set the description of a principal.
153 PROCEDURE set_description (
154 principal IN VARCHAR2,
155 description IN VARCHAR2);
156
157 -- Set profile
158 PROCEDURE set_profile(
159 user IN VARCHAR2,
160 profile IN VARCHAR2);
161
162 -- Set password.
163 PROCEDURE set_password (
164 user IN VARCHAR2,
165 password IN VARCHAR2,
166 type IN PLS_INTEGER := XS_SHA512,
167 opassword IN VARCHAR2 := NULL);
168 PRAGMA SUPPLEMENTAL_LOG_DATA(set_password, NONE);
169
170 -- set_verifier Wrapper.
171 PROCEDURE set_verifier (
172 user IN VARCHAR2,
173 verifier IN VARCHAR2,
174 type IN PLS_INTEGER := XS_SHA512);
175 PRAGMA SUPPLEMENTAL_LOG_DATA(set_verifier, NONE);
176
177 -- Delete the principal.
178 PROCEDURE delete_principal (
179 principal IN VARCHAR2,
180 delete_option IN PLS_INTEGER:=XS_ADMIN_UTIL.DEFAULT_OPTION);
181
182 END XS_PRINCIPAL;