12 Using the DVSYS.DBMS_MACSEC_ROLES Package

12.1 About the DVSYS.DBMS_MACSEC_ROLES Package

You can modify your applications to use the procedures within the DVSYS.DBMS_MACSEC_ROLES package to check the authorization for a user or to set an Oracle Database Vault secure application role. The DVSYS.DBMS_MACSEC_ROLES package is available to all users.

Chapter 8, "Configuring Secure Application Roles for Oracle Database Vault" describes secure application roles in detail. See also Chapter 13, "Using the DVSYS.DBMS_MACUTL Package" for a set of general-purpose utility procedures that you can use with the secure application role procedures.

Table 12-1 lists the DVSYS.DBMS_MACSEC_ROLES package function and procedure.

12.2 CAN_SET_ROLE Function

This function checks whether the user invoking the method is authorized to use the specified Oracle Database Vault secure application role.

Syntax

CAN_SET_ROLE(
  p_role VARCHAR2)
RETURNS BOOLEAN;;

Parameters

Example

SET SERVEROUTPUT ON
BEGIN
 IF DVSYS.DBMS_MACSEC_ROLES.SET_ROLE('SECTOR2_APP_MGR')
  THEN DBMS_OUTPUT.PUT_LINE('SECTOR2_APP_MGR' is enabled.')
 END IF;
END;

12.3 SET_ROLE Procedure

This procedure issues the SET ROLE statement for an Oracle Database Vault secure application role. If a rule set that is associated with the role evaluates to false, then the role is not set.

Syntax

SET_ROLE(
  p_role VARCHAR2);

Parameters

Example

EXEC DVSYS.DBMS_MACSEC_ROLES.SET_ROLE('SECTOR2_APP_MGR');

You can enter the name of the role in any case, for example, Sector2_APP_MGR.