1 PACKAGE dbms_macadm AS
2
3 /* Global Constants */
4
5 MANDATORY_REALM CONSTANT BINARY_INTEGER := 1;
6 FACTOR_TYPE_CREATION_AUDIT CONSTANT PLS_INTEGER := 20032;
7 FACTOR_TYPE_DELETION_AUDIT CONSTANT PLS_INTEGER := 20033;
8 FACTOR_TYPE_UPDATE_AUDIT CONSTANT PLS_INTEGER := 20034;
9 FACTOR_TYPE_RENAME_AUDIT CONSTANT PLS_INTEGER := 20035;
10
11 FACTOR_CREATION_AUDIT CONSTANT PLS_INTEGER := 20036;
12 FACTOR_DELETION_AUDIT CONSTANT PLS_INTEGER := 20037;
13 FACTOR_UPDATE_AUDIT CONSTANT PLS_INTEGER := 20038;
14 FACTOR_RENAME_AUDIT CONSTANT PLS_INTEGER := 20039;
15
16 ADD_FACTOR_LINK_AUDIT CONSTANT PLS_INTEGER := 20040;
17 DELETE_FACTOR_LINK_AUDIT CONSTANT PLS_INTEGER := 20041;
18 ADD_POLICY_FACTOR_AUDIT CONSTANT PLS_INTEGER := 20042;
19 DELETE_POLICY_FACTOR_AUDIT CONSTANT PLS_INTEGER := 20043;
20
21 IDENTITY_CREATION_AUDIT CONSTANT PLS_INTEGER := 20044;
22 IDENTITY_DELETION_AUDIT CONSTANT PLS_INTEGER := 20045;
23 IDENTITY_UPDATE_AUDIT CONSTANT PLS_INTEGER := 20046;
24 CHANGE_IDENTITY_FACTOR_AUDIT CONSTANT PLS_INTEGER := 20047;
25 CHANGE_IDENTITY_VALUE_AUDIT CONSTANT PLS_INTEGER := 20048;
26
27 IDENTITY_MAP_CREATION_AUDIT CONSTANT PLS_INTEGER := 20049;
28 IDENTITY_MAP_DELETION_AUDIT CONSTANT PLS_INTEGER := 20050;
29
30 POLICY_LABEL_CREATION_AUDIT CONSTANT PLS_INTEGER := 20051;
31 POLICY_LABEL_DELETION_AUDIT CONSTANT PLS_INTEGER := 20052;
32 MAC_POLICY_CREATION_AUDIT CONSTANT PLS_INTEGER := 20053;
33 MAC_POLICY_UPDATE_AUDIT CONSTANT PLS_INTEGER := 20054;
34 MAC_POLICY_DELETION_AUDIT CONSTANT PLS_INTEGER := 20055;
35
36 ROLE_CREATION_AUDIT CONSTANT PLS_INTEGER := 20056;
37 ROLE_DELETION_AUDIT CONSTANT PLS_INTEGER := 20057;
38 ROLE_UPDATE_AUDIT CONSTANT PLS_INTEGER := 20058;
39 ROLE_RENAME_AUDIT CONSTANT PLS_INTEGER := 20059;
40
41 DOMAIN_IDENTITY_CREATION_AUDIT CONSTANT PLS_INTEGER := 20060;
42 DOMAIN_IDENTITY_DROP_AUDIT CONSTANT PLS_INTEGER := 20061;
43 /*****************************/
44 /**Public Administration API */
45 /*****************************/
46
47 /**
48 * Used to enable auditing on activities performed by user with
49 * DV_PATCH_ADMIN role. If DV authorization is successful only because of
50 * a user having dv_patch_admin, we would not normally audit this event. But
51 * if this procedure is executed, we will record the event in the audit trail.
52 */
53 PROCEDURE enable_dv_patch_admin_audit;
54
55 /**
56 * Used to disable auditing on dv_patch_admin bypass of DV protection.
57 */
58 PROCEDURE disable_dv_patch_admin_audit;
59
60
61 /**
62 * Used to do the sanity check before configure DV. Check Items includes:
63 * The total number of dvsys tables, views, packages package bodies
64 * dvf packages, dvf package bodies, dvf functions
65 * dependent lbacsys packages and all the dv roles' existence
66 */
67 PROCEDURE dv_sanity_check;
68
69 /**
70 * Used to allow mixed case identifiers. By default, they are not allowed.
71 *
72 * @param setting TRUE to allow mixed case
73 */
74 PROCEDURE set_preserve_case(setting IN BOOLEAN);
75
76 /* Factor Type */
77
78 /**
79 * Create a Factor Type
80 *
81 * @param name Factor Type name
82 * @param description Description
83 * @throws ORA 20000 Factor Type already exists
84 * @throws ORA 20002 Error creating Factor Type
85 */
86 PROCEDURE create_factor_type
87 (name IN varchar2,
88 description IN varchar2);
89
90 /**
91 * Delete a Factor Type
92 *
93 * @param name Factor Type name
94 * @throws ORA 20003 Error deleting Factor Type
95 */
96 PROCEDURE delete_factor_type
97 (name IN varchar2);
98
99 /**
100 * Update a Factor Type
101 *
102 * @param name Factor Type name
103 * @param description New Description
104 * @throws ORA 20004 Error updating Factor Type
105 */
106 PROCEDURE update_factor_type
107 (name IN varchar2,
108 description IN varchar2);
109
110 /**
111 * Rename a Factor Type
112 *
113 * @param old_name Previous Factor Type name
114 * @param new_name New Factor Type name
115 * @throws ORA 20005 Error renaming Factor Type
116 */
117 PROCEDURE rename_factor_type
118 (old_name IN varchar2,
119 new_name IN varchar2);
120
121 /* Factor */
122
123 /**
124 * Create a Factor
125 *
126 * @param factor_name Factor Name
127 * @param factor_type_name Factor Type Name
128 * @param description Factor description
129 * @param rule_set_name Rule Set Name (for assignment)
130 * @param get_expr Expression for evaluating Factor
131 * @param validate_expr Name of function to validate Factor
132 * @param identify_by Options for determining the Factor's identity (see dbms_macutl)
133 * @param labeled_by Options for labeling the Factor (see dbms_macutl)
134 * @param eval_options Options for evaluating the Factor (see dbms_macutl)
135 * @param audit_options Options for auditing the Factor (see dbms_macutl)
136 * @param fail_options Options for reporting Factor errors (see dbms_macutl)
137 *
138 * @throws ORA 20020 Factor already defined
139 * @throws ORA 20022 Error creating Factor
140 */
141 PROCEDURE create_factor
142 (factor_name IN varchar2,
143 factor_type_name IN varchar2,
144 description IN varchar2,
145 rule_set_name IN varchar2,
146 get_expr IN varchar2,
147 validate_expr IN varchar2,
148 identify_by IN number,
149 labeled_by IN number,
150 eval_options IN number,
151 audit_options IN number,
152 fail_options IN number,
153 namespace IN varchar2 DEFAULT NULL,
154 namespace_attribute IN varchar2 DEFAULT NULL
155 );
156
157 /**
158 * Update a Factor
159 *
160 * @param factor_name Factor Name
161 * @param factor_type_name Factor Type Name
162 * @param description Factor description
163 * @param rule_set_name Rule Set Name (for assignment)
164 * @param get_expr Expression for evaluating Factor
165 * @param validate_expr Name of function to validate Factor
166 * @param identify_by Options for determining the Factor's identity (see dbms_macutl)
167 * @param labeled_by Options for labeling the Factor (see dbms_macutl)
168 * @param eval_options Options for evaluating the Factor (see dbms_macutl)
169 * @param audit_options Options for auditing the Factor (see dbms_macutl)
170 * @param fail_options Options for reporting Factor errors (see dbms_macutl)
171 *
172 * @throws ORA 20024 Error updating Factor
173 */
174 PROCEDURE update_factor
175 (factor_name IN varchar2,
176 factor_type_name IN varchar2,
177 description IN varchar2,
178 rule_set_name IN varchar2,
179 get_expr IN varchar2,
180 validate_expr IN varchar2,
181 identify_by IN number,
182 labeled_by IN number,
183 eval_options IN number,
184 audit_options IN number,
185 fail_options IN number,
186 namespace IN varchar2 DEFAULT NULL,
187 namespace_attribute IN varchar2 DEFAULT NULL
188 );
189
190 /**
191 * Delete a Factor
192 *
193 * @param factor_name Factor to delete
194 *
195 * @throws ORA 20023 Error deleting Factor
196 */
197 PROCEDURE delete_factor
198 (factor_name IN varchar2);
199
200 /**
201 * Delete a Factor
202 *
203 * @param factor_name Factor to delete
204 *
205 * @throws ORA 20024 Error updating Factor
206 */
207 PROCEDURE rename_factor
208 (factor_name IN varchar2, new_factor_name IN varchar2);
209
210 /**Factor Link **/
211
212 /**
213 * Specify a parent-child relationship for two factors. The relationship may be
214 * used for computing the Factor's identity or label.
215 *
216 * @param parent_factor_name Parent Factor name
217 * @param child_factor_name Child Factor name
218 * @param label_indicator Indication of whether the child contributes to the parent's label
219 * @throws ORA 20025 Link already exists
220 * @throws ORA 20026 Error adding link
221 */
222 PROCEDURE add_factor_link
223 (parent_factor_name IN varchar2,
224 child_factor_name IN varchar2,
225 label_indicator IN varchar2);
226
227 /**
228 * Remove a parent-child relationship for two factors.
229 *
230 * @param parent_factor_name Parent Factor name
231 * @param child_factor_name Child Factor name
232 *
233 * @throws ORA 20027 Link does not exist
234 * @throws ORA 20028 Error removing link
235 */
236 PROCEDURE delete_factor_link
237 (parent_factor_name IN varchar2,
238 child_factor_name IN varchar2);
239
240
241 /* Policy Factor */
242
243 /**
244 * Specify that the label for a Factor contributes to the MAC OLS Label for a
245 * policy.
246 *
247 * @param policy_name OLS Policy Name
248 * @param factor_name Factor Name
249 *
250 * @throws ORA 20200 MAC Policy Factor already defined
251 * @throws ORA 20202 Error adding MAC Policy FACTOR
252 */
253 PROCEDURE add_policy_factor
254 (policy_name IN varchar2,
255 factor_name IN varchar2);
256
257 /**
258 * Remove the Factor from contributing to the MAC OLS Label.
259 *
260 * @param policy_name OLS Policy Name
261 * @param factor_name Factor Name
262 *
263 * @throws ORA 20203 Error deleting MAC Policy FACTOR
264 */
265 PROCEDURE delete_policy_factor
266 (policy_name IN varchar2,
267 factor_name IN varchar2);
268
269
270 /**
271 * Create an Identity. Entities in the environment which will be labeled should be
272 * given an identity (except for users, which are handled by OLS).
273 *
274 * @param factor_name Factor Name
275 * @param value VARCHAR2 value associated with the identity
276 * @param trust_level >0 for trust level, =0 for not trusted, <0 for distrust level
277 *
278 * @throws ORA 20040 Identity already defined
279 * @throws ORA 20042 Error creating identity
280 */
281 PROCEDURE create_identity
282 (factor_name IN varchar2,
283 value IN varchar2,
284 trust_level IN number);
285
286 /**
287 * Update an Identity.
288 *
289 * @param factor_name Factor Name
290 * @param value VARCHAR2 value associated with the identity
291 * @param trust_level >0 for trust level, =0 for not trusted, <0 for distrust level
292 *
293 * @throws ORA 20044 Error updating identity
294 */
295 PROCEDURE update_identity
296 (factor_name IN varchar2,
297 value IN varchar2,
298 trust_level IN number);
299
300 /**
301 * Associate an identity with a different Factor.
302 *
303 * @param factor_name Current Factor Name
304 * @param value Value of the Identity to update
305 * @param new_factor_name Factor Name
306 *
307 * @throws ORA 20044 Error updating identity
308 */
309 PROCEDURE change_identity_factor
310 (factor_name IN varchar2,
311 value IN varchar2,
312 new_factor_name IN varchar2);
313
314 /**
315 * Update the value of an Identity.
316 *
317 * @param factor_name Factor Name
318 * @param value Current value associated with the identity
319 * @param new_value New Identity value
320 *
321 * @throws ORA 20044 Error updating identity
322 */
323 PROCEDURE change_identity_value
324 (factor_name IN varchar2,
325 value IN varchar2,
326 new_value IN varchar2);
327
328 /**
329 * Remove an Identity.
330 *
331 * @param factor_name Factor Name
332 * @param value Value associated with the identity
333 *
334 * @throws ORA 20044 Error deleting identity
335 */
336 PROCEDURE delete_identity
337 (factor_name IN varchar2,
338 value IN varchar2);
339
340 /* Identity Map */
341
342 /*
343 * Define a set of tests that are used to derive the identity of a Factor from
344 * the value of linked child factors (sub-factors).
345 *
346 * @param identity_factor_name Factor the identity map is for
347 * @param identity_factor_value Value the Factor will assume if the Identity Map is TRUE
348 * @param parent_factor_name Identifies the Factor Link the Map is related to
349 * @param child_factor_name Identifies the Factor Link the Map is related to
350 * @param operation Relational operator for the Map (i.e. <, >, =, ...)
351 * @param operand1 Left operand for the relational operator
352 * @param operand1 Right operand for the relational operator
353 *
354 * @throws ORA 20081 Operation not found
355 * @throws ORA 20060 Factor Link not found
356 * @throws ORA 20062 Error creating Identity Map
357 */
358 PROCEDURE create_identity_map
359 (identity_factor_name IN varchar2,
360 identity_factor_value IN varchar2,
361 parent_factor_name IN varchar2,
362 child_factor_name IN varchar2,
363 operation IN varchar2,
364 operand1 IN varchar2,
365 operand2 IN varchar2);
366
367 /*
368 * Remove an Identity Map for a Factor.
369 *
370 * @param identity_factor_name Factor the identity map is for
371 * @param identity_factor_value Value the Factor will assume if the Identity Map is TRUE
372 * @param parent_factor_name Identifies the Factor Link the Map is related to
373 * @param child_factor_name Identifies the Factor Link the Map is related to
374 * @param operation Relational operator for the Map (i.e. <, >, =, ...)
375 * @param operand1 Left operand for the relational operator
376 * @param operand1 Right operand for the relational operator
377 *
378 * @throws ORA 20081 Operation not found
379 * @throws ORA 20063 Error deleting Identity Map
380 */
381 PROCEDURE delete_identity_map
382 (identity_factor_name IN varchar2,
383 identity_factor_value IN varchar2,
384 parent_factor_name IN varchar2,
385 child_factor_name IN varchar2,
386 operation IN varchar2,
387 operand1 IN varchar2,
388 operand2 IN varchar2);
389
390 /**Policy Label */
391
392 /**
393 * Label an Identity within a MAC OLS Policy.
394 *
395 * @param identity_factor_name Name of factor being labeled
399 *
396 * @param identity_factor_value Value of Identity for the Factor being labeled
397 * @param policy_name OLS Policy Name
398 * @param label OLS Label
400 * @throws ORA 20220 Label already defined in policy
401 * @throws ORA 20222 Error creating policy label
402 */
403 PROCEDURE create_policy_label
404 (identity_factor_name IN varchar2,
405 identity_factor_value IN varchar2,
406 policy_name IN varchar2,
407 label IN varchar2);
408 -- algorithm IN varchar2);
409
410 /**
411 * Remove the Label from an Identity within a MAC OLS Policy.
412 *
413 * @param identity_factor_name Name of factor being labeled
414 * @param identity_factor_value Value of Identity for the Factor being labeled
415 * @param policy_name OLS Policy Name
416 * @param label OLS Label
417 *
418 * @throws ORA 20223 Error deleting policy label
419 */
420 PROCEDURE delete_policy_label
421 (identity_factor_name IN varchar2,
422 identity_factor_value IN varchar2,
423 policy_name IN varchar2,
424 label IN varchar2);
425 -- algorithm IN varchar2);
426
427 /* MAC Policy Algorithm */
428
429 /**
430 * Specify the algorithm that is used to merge labels when computing the label for
431 * a Factor, or the MAC OLS Session label. The algorithm is a 3-letter acronym
432 * (e.g. LII, HUU, ...). Consult OLS documentation for details.
433 *
434 * @param policy_name OLS Policy Name
435 * @param algorithm Merge algorithm
436 *
437 * @throws ORA 20180 MAC Policy already defined
438 * @throws ORA 20182 Algorithm not found
439 * @throws ORA 20381 Policy not found
440 */
441 PROCEDURE create_mac_policy
442 (policy_name IN varchar2,
443 algorithm IN varchar2,
444 error_label IN varchar2 DEFAULT NULL);
445
446 /**
447 * Specify the algorithm that is used to merge labels when computing the label for
448 * a Factor, or the MAC OLS Session label. The algorithm is a 3-letter acronym
449 * (e.g. LII, HUU, ...). Consult OLS documentation for details.
450 *
451 * @param policy_name OLS Policy Name
452 * @param algorithm Merge algorithm
453 *
454 * @throws ORA 20182 Algorithm not found
455 * @throws ORA 20184 Error updating MAC Policy
456 * @throws ORA 20381 Policy not found
457 */
458 PROCEDURE update_mac_policy
459 (policy_name IN varchar2,
460 algorithm IN varchar2,
461 error_label IN varchar2 DEFAULT NULL);
462
463 /**
464 * Deletes all DV objects related to an OLS policy. This method should be called
465 * after an OLS policy has been deleted to ensure that there are not any broken
466 * references between DV and OLS. Note that there is not any referential integrity
467 * constraints between DV and OLS. The affected objects are in the mac_policy$,
468 * mac_policy_factor$, and policy_label$ tables.
469 *
470 * @param policy_name OLS Policy Name
471 *
472 * @throws ORA 20185 Error deleting MAC Policy
473 * @throws ORA 20381 Policy not found
474 */
475 PROCEDURE delete_mac_policy_cascade(policy_name IN varchar2);
476
477 /* Realm */
478
479 /**
480 * Create a Realm
481 *
482 * @param realm_name Realm name
483 * @param description Realm description
484 * @param enabled Indication of whether the realm checking is on or off (g_yes/g_no)
485 * @param audit_options How to audit realm (described in dbms_macutl)
486 * @param realm_type Realm type
487 *
488 * @throws ORA 20240 Realm already defined
489 * @throws ORA 20242 Error creating realm
490 */
491 PROCEDURE create_realm
492 (realm_name IN varchar2,
493 description IN varchar2,
494 enabled IN varchar2,
495 audit_options IN number,
496 realm_type IN number default NULL) ;
497
498 /**
499 * Update a Realm
500 *
501 * @param realm_name Realm name
502 * @param description Realm description
503 * @param enabled Indication of whether the realm checking is on or off (g_yes/g_no)
504 * @param audit_options How to audit realm (described in dbms_macutl)
505 * @param realm_type Realm type
506 *
507 * @throws ORA 20244 Error updating realm
508 */
509 PROCEDURE update_realm
510 (realm_name IN varchar2,
511 description IN varchar2,
512 enabled IN varchar2,
513 audit_options IN number default NULL,
514 realm_type IN number default NULL) ;
515
516 /**
517 * Rename a Realm
518 *
519 * @param realm_name Realm name
520 * @param new_name New Realm name
521 *
522 * @throws ORA 20245 Error renaming realm
523 */
524 PROCEDURE rename_realm
525 (realm_name IN varchar2,
526 new_name IN varchar2);
527
528 /**
529 * Drop a Realm
530 *
531 * @param realm_name Realm name
535 PROCEDURE delete_realm
532 *
533 * @throws ORA 20243 Error deleting realm
534 */
536 (realm_name IN varchar2);
537
538 /**
539 * Deletes a DV realm, including the related Realm objects (realm_object$),
540 * and authorizations (realm_auth$).
541 *
542 * @param realm_name Realm name
543 *
544 * @throws ORA 20241 Realm not found
545 * @throws ORA 20243 Error deleting realm
546 */
547 PROCEDURE delete_realm_cascade
548 (realm_name IN varchar2);
549
550 /**
551 * Authorize a user or role to access a realm as a participant or owner. The
552 * authorization can be made conditional based on a Rule Set (i.e. only authorized
553 * if the Rule Set evaluates to TRUE).
554 *
555 * @param realm_name Realm name
556 * @param grantee User or role name
557 * @param rule_set_name Rule Set to check before authorizing (optional)
558 * @param auth_options Authorization level (participant or owner - see dbms_macutl)
559 *
560 * @throws ORA 20260 Realm Authorization already defined
561 * @throws ORA 20262 Error adding Realm Authorization
562 */
563 PROCEDURE add_auth_to_realm
564 (realm_name IN varchar2,
565 grantee IN varchar2,
566 rule_set_name IN varchar2,
567 auth_options IN number);
568
569 /**
570 * Authorize a user or role to access a realm as a participant.
571 *
572 * @param realm_name Realm name
573 * @param grantee User or role name
574 *
575 * @throws ORA 20260 Realm Authorization already defined
576 * @throws ORA 20262 Error adding Realm Authorization
577 */
578 PROCEDURE add_auth_to_realm
579 (realm_name IN varchar2,
580 grantee IN varchar2);
581
582 /**
583 * Authorize a user or role to access a realm as an owner or participant (no Rule Set).
584 *
585 * @param realm_name Realm name
586 * @param grantee User or role name
587 * @param auth_options Authorization level (participant or owner - see dbms_macutl)
588 *
589 * @throws ORA 20260 Realm Authorization already defined
590 * @throws ORA 20262 Error adding Realm Authorization
591 */
592 PROCEDURE add_auth_to_realm
593 (realm_name IN varchar2,
594 grantee IN varchar2,
595 auth_options IN number);
596
597 /**
598 * Authorize a user or role to access a realm as a participant (optional).
599 *
600 * @param realm_name Realm name
601 * @param grantee User or role name
602 * @param rule_set_name Rule Set to check before authorizing (optional)
603 *
604 * @throws ORA 20260 Realm Authorization already defined
605 * @throws ORA 20262 Error adding Realm Authorization
606 */
607 PROCEDURE add_auth_to_realm
608 (realm_name IN varchar2,
609 grantee IN varchar2,
610 rule_set_name IN varchar2);
611
612 /**
613 * Remove the authorization of a user or role to access a realm.
614 *
615 * @param realm_name Realm name
616 * @param grantee User or role name
617 *
618 * @throws ORA 20263 Error deleting Realm Authorization
619 */
620 PROCEDURE delete_auth_from_realm
621 (realm_name IN varchar2,
622 grantee IN varchar2);
623 -- rule_set_name IN varchar2);
624
625 /**
626 * Update the authorization of a user or role to access a realm.
627 *
628 * @param realm_name Realm name
629 * @param grantee User or role name
630 * @param rule_set_name Rule Set to check before authorizing (optional)
631 * @param auth_options Authorization level (participant or owner - see dbms_macutl)
632 *
633 * @throws ORA 20264 Error updating Realm Authorization
634 */
635 PROCEDURE update_realm_auth
636 (realm_name IN varchar2,
637 grantee IN varchar2,
638 rule_set_name IN varchar2,
639 auth_options IN number);
640
641 /**
642 * Register a set of objects for Realm protection.
643 *
644 * @param realm_name Realm name
645 * @param object_owner Object owner
646 * @param object_name Object name (Wild card % is allowed)
647 * @param object_type Object type (Wild card % is allowed)
648 *
649 * @throws ORA 20280 Object already in Realm
650 * @throws ORA 20282 Error adding object to Realm
651 */
652 PROCEDURE add_object_to_realm
653 (realm_name IN varchar2,
654 object_owner IN varchar2,
655 object_name IN varchar2,
656 object_type IN varchar2);
657
658 /**
659 * Remove a set of objects from Realm protection.
660 *
661 * @param realm_name Realm name
662 * @param object_owner Object owner
663 * @param object_name Object name (Wild card % is allowed)
664 * @param object_type Object type (Wild card % is allowed)
665 *
666 * @throws ORA 20283 Error deleting object to Realm
667 */
668 PROCEDURE delete_object_from_realm
669 (realm_name IN varchar2,
670 object_owner IN varchar2,
671 object_name IN varchar2,
675 * Enable/disable Event
672 object_type IN varchar2);
673
674 /**
676 *
677 * @param enable
678 *
679 */
680 PROCEDURE enable_event(event IN number);
681 PROCEDURE disable_event(event IN number);
682
683 /* Rule Set */
684
685 /**
686 * Create a Rule Set.
687 *
688 * @param rule_set_name Rule Set name
689 * @param description Description
690 * @param enabled Whether to evaluate Rule Set or ignore it
691 * @param eval_options Evaluation options (see dbms_macutl)
692 * @param audit_options Audit options (see dbms_macutl)
693 * @param fail_options Fail options (see dbms_macutl)
694 * @param fail_message Error message for failure
695 * @param fail_code Error code to return on failure
696 * @param handler_options Handler options (see dbms_macutl)
697 * @param handler Handler method
698 *
699 * @throws ORA 20340 Rule Set already defined
700 * @throws ORA 20342 Error creating Rule Set
701 */
702 PROCEDURE create_rule_set
703 (rule_set_name IN varchar2,
704 description IN varchar2,
705 enabled IN varchar2,
706 eval_options IN number,
707 audit_options IN number,
708 fail_options IN number,
709 fail_message IN varchar2,
710 fail_code IN number,
711 handler_options IN number,
712 handler IN varchar2,
713 is_static IN boolean default false);
714
715 /**
716 * Update a Rule Set.
717 *
718 * @param rule_set_name Rule Set name
719 * @param description Description
720 * @param enabled Whether to evaluate Rule Set or ignore it
721 * @param eval_options Evaluation options (see dbms_macutl)
722 * @param audit_options Audit options (see dbms_macutl)
723 * @param fail_options Fail options (see dbms_macutl)
724 * @param fail_message Error message for failure
725 * @param fail_code Error code to return on failure
726 * @param handler_options Handler options (see dbms_macutl)
727 * @param handler Handler method
728 *
729 * @throws ORA 20344 Error updating Rule Set
730 */
731 PROCEDURE update_rule_set
732 (rule_set_name IN varchar2,
733 description IN varchar2,
734 enabled IN varchar2,
735 eval_options IN number,
736 audit_options IN number,
737 fail_options IN number,
738 fail_message IN varchar2,
739 fail_code IN number,
740 handler_options IN number,
741 handler IN varchar2,
742 is_static IN boolean default false);
743
744 /**
745 * Rename a Rule Set.
746 *
747 * @param rule_set_name Rule Set name
748 * @param new_name New rule set name
749 *
750 * @throws ORA 20344 Error updating Rule Set
751 */
752 PROCEDURE rename_rule_set
753 (rule_set_name IN varchar2,
754 new_name IN varchar2);
755
756 /**
757 * Delete a Rule Set.
758 *
759 * @param rule_set_name Rule Set name
760 *
761 * @throws ORA 20343 Error deleting Rule Set
762 */
763 PROCEDURE delete_rule_set
764 (rule_set_name IN varchar2);
765
766 /**
767 * Add a Rule to a Rule Set.
768 *
769 * @param rule_set_name Rule Set name
770 * @param rule_name Rule name
771 * @param rule_order Order of evaluation for Rule in Rule Set
772 * @param enabled Whether or not the Rule is enabled
773 *
774 * @throws ORA 20360 Rule already added to Rule Set
775 * @throws ORA 20362 Error adding Rule to Rule Set
776 */
777 PROCEDURE add_rule_to_rule_set
778 (rule_set_name IN varchar2,
779 rule_name IN varchar2,
780 rule_order IN number,
781 enabled IN varchar2) ;
782
783 /**
784 * Add an enabled Rule to a Rule Set.
785 *
786 * @param rule_set_name Rule Set name
787 * @param rule_name Rule name
788 * @param rule_order Order of evaluation for Rule in Rule Set
789 *
790 * @throws ORA 20360 Rule already added to Rule Set
791 * @throws ORA 20362 Error adding Rule to Rule Set
792 */
793 PROCEDURE add_rule_to_rule_set
794 (rule_set_name IN varchar2,
795 rule_name IN varchar2,
796 rule_order IN number);
797
798 /**
799 * Add an enabled Rule to the end of Rule Set (i.e. evaluated last).
800 *
801 * @param rule_set_name Rule Set name
802 * @param rule_name Rule name
803 *
804 * @throws ORA 20360 Rule already added to Rule Set
805 * @throws ORA 20362 Error adding Rule to Rule Set
806 */
807 PROCEDURE add_rule_to_rule_set
808 (rule_set_name IN varchar2,
809 rule_name IN varchar2);
810
811 /**
812 * Delete a Rule from a Rule Set.
813 *
814 * @param rule_set_name Rule Set name
815 * @param rule_name Rule name
816 *
817 * @throws ORA 20363 Error deleting Rule to Rule Set
821 rule_name IN varchar2);
818 */
819 PROCEDURE delete_rule_from_rule_set
820 (rule_set_name IN varchar2,
822
823 /* Rule */
824
825 /**
826 * Create a Rule
827 *
828 * @param rule_name Rule name
829 * @param rule_expr PL/SQL Boolean expression
830 *
831 * @throws ORA 20320 Rule already defined
832 * @throws ORA 20322 Error creating Rule
833 */
834 PROCEDURE create_rule
835 (rule_name IN varchar2,
836 rule_expr IN varchar2);
837 /**
838 * Update a Rule
839 *
840 * @param rule_name Rule name
841 * @param rule_expr PL/SQL Boolean expression
842 *
843 * @throws ORA 20324 Error updating Rule
844 */
845 PROCEDURE update_rule
846 (rule_name IN varchar2,
847 rule_expr IN varchar2);
848
849 /**
850 * Rename a Rule
851 *
852 * @param rule_name Rule name
853 * @param new_name New Rule name
854 *
855 * @throws ORA 20324 Error updating Rule
856 */
857 PROCEDURE rename_rule
858 (rule_name IN varchar2,
859 new_name IN varchar2);
860
861 /**
862 * Delete a Rule
863 *
864 * @param rule_name Rule name
865 *
866 * @throws ORA 20323 Error deleting Rule
867 */
868 PROCEDURE delete_rule
869 (rule_name IN varchar2);
870
871
872 /* Role */
873
874 /**
875 * Create a DV Secure Application Role. Access to the role is protected
876 * by a Rule Set.
877 *
878 * @param role_name Role name
879 * @param enabled Whether the role is enabled or diabled
880 * @param rule_set_name Rule Set to determine whether a user can set the role
881 *
882 * @throws ORA 20300 Role already defined
883 * @throws ORA 20302 Error creating role
884 *
885 */
886 PROCEDURE create_role
887 (role_name IN varchar2,
888 enabled IN varchar2,
889 rule_set_name IN varchar2);
890
891 /**
892 * Delete a DV Secure Application Role.
893 *
894 * @param role_name Role name
895 *
896 * @throws ORA 20303 Error deleting role
897 *
898 */
899 PROCEDURE delete_role
900 (role_name IN varchar2);
901
902 /**
903 * Update a DV Secure Application Role. Access to the role is protected
904 * by a Rule Set.
905 *
906 * @param role_name Role name
907 * @param enabled Whether the role is enabled or diabled
908 * @param rule_set_name Rule Set to determine whether a user can set the role
909 *
910 * @throws ORA 20304 Error updating role
911 *
912 */
913 PROCEDURE update_role
914 (role_name IN varchar2,
915 enabled IN varchar2,
916 rule_set_name IN varchar2);
917
918 /**
919 * Rename a DV Secure Application Role.
920 *
921 * @param role_name Role name
922 * @param new_role_name Role name
923 *
924 * @throws ORA 20304 Error updating role
925 *
926 */
927 PROCEDURE rename_role
928 (role_name IN varchar2,
929 new_role_name IN varchar2);
930
931 /* Command Rule */
932
933 /**
934 * Protect a database command by associating it with a Rule Set. The
935 * command can only be executed if the Rule Set evaluates to TRUE.
936 *
937 * @param command SQL command to protect
938 * @param rule_set_name Rule Set to protect command
939 * @param object_owner Related database object schema
940 * @param object_name Related database object name
941 * @param enabled Whether the command rule is enabled or disabled
942 *
943 * @throws ORA 20081 Command not found
944 * @throws ORA 20100 Command rule already defined
945 * @throws ORA 20102 Error creating Command Rule
946 */
947 PROCEDURE create_command_rule
948 (command IN varchar2,
949 rule_set_name IN varchar2,
950 object_owner IN varchar2,
951 object_name IN varchar2,
952 enabled IN varchar2,
953 privilege_scope IN NUMBER DEFAULT NULL);
954
955 /**
956 * Drop a Command Rule declaration.
957 *
958 * @param command SQL command to protect
959 * @param object_owner Related database object schema
960 * @param object_name Related database object name
961 *
962 * @throws ORA 20081 Command not found
963 * @throws ORA 20103 Error deleting Command Rule
964 */
965 PROCEDURE delete_command_rule
966 (command IN varchar2,
967 object_owner IN varchar2,
968 object_name IN varchar2);
969
970 /**
971 * Update a Command Rule declaration.
972 *
973 * @param command SQL command to protect
974 * @param rule_set_name Rule Set to protect command
975 * @param object_owner Related database object schema
976 * @param object_name Related database object name
977 * @param enabled Whether the command rule is enabled or disabled
978 *
982 PROCEDURE update_command_rule
979 * @throws ORA 20081 Command not found
980 * @throws ORA 20104 Error updating Command Rule
981 */
983 (command IN varchar2,
984 rule_set_name IN varchar2,
985 object_owner IN varchar2,
986 object_name IN varchar2,
987 enabled IN varchar2,
988 privilege_scope IN NUMBER DEFAULT NULL);
989
990 /**
991 * Returns information from the sys.v_$instance view.
992 *
993 * @param p_parameter Column name in sys.v_$instance
994 * @return Value of column p_parameter in sys.v_$instance
995 */
996 FUNCTION get_instance_info(p_parameter IN VARCHAR2) RETURN VARCHAR2;
997
998 /**
999 * Returns information from the sys.v_$session view for the current session
1000 *
1001 * @param p_parameter Column name in sys.v_$session
1002 * @return Value of column p_parameter in sys.v_$session
1003 */
1004 FUNCTION get_session_info(p_parameter IN VARCHAR2) RETURN VARCHAR2;
1005
1006 /**
1007 * Add a RAC database node to a domain. If the identity for the domain does
1008 * not exist the identity will be added.
1009 * Creates the required identity map information for the database hostname provided.
1010 * If the OLS policy is provided, domain will be added as a policy factor
1011 * if it is not already associated. If the label for the identity of this domain
1012 * does not exist the label will be added.
1013 * This call must be made with the instance running on the host specified.
1014 *
1015 * @param domain_name Name of the domain to add the host to
1016 * @param domain_host RAC host name being added to the domain
1017 * @param policy_name OLS Policy Name to label the domain for
1018 * @param label OLS Label to label the domain within this policy
1019 *
1020 * @throws ORA 20921 Error adding host to domain
1021 */
1022
1023 PROCEDURE create_domain_identity
1024 (domain_name IN varchar2,
1025 domain_host IN varchar2,
1026 policy_name IN varchar2 DEFAULT NULL,
1027 domain_label IN varchar2 DEFAULT NULL
1028 );
1029
1030 /**
1031 * Remove a RAC database node from a domain.
1032 * Creates the required identity map information for the database hostname provided.
1033 *
1034 * @param domain_name Name of the domain to add the host to
1035 * @param domain_host RAC host name being added to the domain
1036 *
1037 * @throws ORA 20922 Error removing host to domain
1038 */
1039 PROCEDURE drop_domain_identity
1040 (domain_name IN varchar2,
1041 domain_host IN varchar2);
1042
1043 /**
1044 * Returns the character set for the database
1045 *
1046 * @return character set for the database
1047 */
1048 FUNCTION get_db_charset RETURN VARCHAR2;
1049
1050 /**
1051 * Returns the 3 character Oracle language for the current administration session
1052 * Based on set_ora_lang_from_java
1053 *
1054 * @return 3 character oracle language identifier for the administration current session
1055 */
1056 FUNCTION get_ora_lang RETURN VARCHAR2;
1057
1058 /**
1059 * Sets the 3 character Oracle language for the current session
1060 * based on the Java language parameter passed in, converting as required
1061 *
1062 * @param p_lang Java language to set
1063 */
1064 PROCEDURE set_ora_lang_from_java(p_lang IN VARCHAR2);
1065
1066 /**
1067 * check to see if alter system set system_trig_enabled
1068 *
1069 * return 'Y' or 'N'
1070 */
1071 FUNCTION check_trig_parm_varchar RETURN VARCHAR2;
1072
1073 /**
1074 * check to see if following O7_DICTIONARY_ACCESSIBILITY
1075 * is allowed:
1076 *
1077 * return 'Y' or 'N'
1078 */
1079 FUNCTION check_o7_parm_varchar RETURN VARCHAR2;
1080
1081 /**
1082 * check to see if alter system set _dynamic_rls_policies
1083 * are allowed
1084 *
1085 * return 'Y' or 'N'
1086 */
1087 FUNCTION check_dynrls_parm_varchar RETURN VARCHAR2;
1088
1089 /**
1090 * check to see if following ALTER SYSTEM security system parameters
1091 * are allowed :
1092 * _SYSTEM_TRIG_ENABLED POLICIES
1093 * O7_DICTIONARY_ACCESSIBILITY
1094 * _DYNAMIC_RLS_POLICIES
1095 *
1096 * return 'Y' or 'N'
1097 */
1098 FUNCTION check_sys_sec_parm_varchar RETURN VARCHAR2;
1099
1100 /**
1101 * check to see if following ALTER SYSTEM dump or dest parameters
1102 * are allowed :
1103 * MAX_DUMP_FILE_SIZE
1104 * %DUMP%
1105 * %_DEST%
1106 * LOG_ARCHIVE%
1107 * STANDBY_ARCHIVE%
1108 * DB_RECOVERY_FILE_DEST_SIZE
1109 *
1110 * return 'Y' or 'N'
1111 */
1112 FUNCTION check_dump_dest_parm_varchar RETURN VARCHAR2;
1113
1114 /**
1115 * check to see if following ALTER SYSTEM backup restore parameters
1116 * are allowed :
1117 * RECYCLEBIN
1118 *
1119 * return 'Y' or 'N'
1120 */
1121 FUNCTION check_backup_parm_varchar RETURN VARCHAR2;
1122
1123 /**
1124 * check to see if following ALTER SYSTEM database file parameters
1125 * are allowed :
1126 * CONTROL_FILES
1127 *
1128 * return 'Y' or 'N'
1129 */
1130 FUNCTION check_db_file_parm_varchar RETURN VARCHAR2;
1131
1132 /**
1133 * check to see if following ALTER SYSTEM optimizer parameters
1137 * return 'Y' or 'N'
1134 * are allowed :
1135 * OPTIMIZER_SECURE_VIEW_MERGING
1136 *
1138 */
1139 FUNCTION check_optimizer_parm_varchar RETURN VARCHAR2;
1140
1141 /**
1142 * check to see if following ALTER SYSTEM plsql parameters
1143 * are allowed :
1144 * UTL_FILE_DIR
1145 * PLSQL_DEBUG
1146 *
1147 * return 'Y' or 'N'
1148 */
1149 FUNCTION check_plsql_parm_varchar RETURN VARCHAR2;
1150
1151 /**
1152 * check to see if following ALTER SYSTEM security parameters
1153 * are allowed :
1154 * AUDIT_SYS_OPERATIONS
1155 * AUDIT_TRAIL
1156 * AUDIT_SYSLOG_LEVEL
1157 * REMOTE_OS_ROLES
1158 * OS_ROLES
1159 * SQL92_SECURITY
1160 *
1161 * return 'Y' or 'N'
1162 */
1163 FUNCTION check_security_parm_varchar RETURN VARCHAR2;
1164
1165 /**
1166 * check to see if alter dvsys
1167 *
1168 * return 'Y' or 'N'
1169 */
1170 FUNCTION is_alter_user_allow_varchar(login_user VARCHAR2) RETURN VARCHAR2;
1171
1172 FUNCTION is_drop_user_allow_varchar(login_user VARCHAR2) RETURN VARCHAR2;
1173
1174 PROCEDURE authorize_datapump_user(
1175 uname IN VARCHAR2,
1176 sname IN VARCHAR2 DEFAULT NULL,
1177 objname IN VARCHAR2 DEFAULT NULL
1178 );
1179
1180 PROCEDURE unauthorize_datapump_user(
1181 uname IN VARCHAR2,
1182 sname IN VARCHAR2 DEFAULT NULL,
1183 objname IN VARCHAR2 DEFAULT NULL
1184 );
1185
1186 PROCEDURE authorize_tts_user(
1187 uname IN VARCHAR2,
1188 tsname IN VARCHAR2
1189 );
1190
1191 PROCEDURE unauthorize_tts_user(
1192 uname IN VARCHAR2,
1193 tsname IN VARCHAR2
1194 );
1195
1196 /* API to authorize a user to run jobs in the schema of other users. */
1197 PROCEDURE authorize_scheduler_user(
1198 uname IN VARCHAR2,
1199 sname IN VARCHAR2 DEFAULT NULL
1200 );
1201
1202 PROCEDURE unauthorize_scheduler_user(
1203 uname IN VARCHAR2,
1204 sname IN VARCHAR2 DEFAULT NULL
1205 );
1206
1207 /* APIs to authorize a user to proxy as another user. */
1208 PROCEDURE authorize_proxy_user
1209 ( uname IN VARCHAR2 ,
1210 sname IN VARCHAR2 DEFAULT NULL
1211 );
1212
1213 PROCEDURE unauthorize_proxy_user
1214 ( uname IN VARCHAR2 ,
1215 sname IN VARCHAR2 DEFAULT NULL
1216 );
1217
1218 /* APIs to authorize a user to execute DDLs on another user's schema. */
1219 PROCEDURE authorize_ddl
1220 ( uname IN VARCHAR2 ,
1221 sname IN VARCHAR2 DEFAULT NULL
1222 );
1223
1224 PROCEDURE unauthorize_ddl
1225 ( uname IN VARCHAR2 ,
1226 sname IN VARCHAR2 DEFAULT NULL
1227 );
1228
1229 /* APIs to authorize a user to execute PREPROCESSOR directive in external
1230 * tables.
1231 */
1232 PROCEDURE authorize_preprocessor
1233 ( uname IN VARCHAR2
1234 );
1235
1236 PROCEDURE unauthorize_preprocessor
1237 ( uname IN VARCHAR2
1238 );
1239
1240 /* BUG FIX 10225918 - Procedure to insert DV metadata in supported languages.
1241 Supported input Language values are :
1242 ENGLISH
1243 GERMAN
1244 SPANISH
1245 FRENCH
1246 ITALIAN
1247 JAPANESE
1248 KOREAN
1249 BRAZILIAN PORTUGUESE
1250 SIMPLIFIED CHINESE
1251 TRADITIONAL CHINESE
1252 */
1253 PROCEDURE add_nls_data(
1254 lang IN VARCHAR2
1255 );
1256
1257 /*
1258 * Enable/disable DV enforcement
1259 */
1260
1261 PROCEDURE enable_dv;
1262 PROCEDURE disable_dv;
1263
1264 -- Control ORADEBUG in Database Vault environment
1265 PROCEDURE enable_oradebug;
1266 PROCEDURE disable_oradebug;
1267
1268 -- Control whether user can log into DVSYS and DVF accounts
1269 PROCEDURE enable_dv_dictionary_accts;
1270 PROCEDURE disable_dv_dictionary_accts;
1271
1272 END;