The DBMS_MACADM PL/SQL package provides a set of command rule procedures.
Topics:
Table 15-1 lists procedures within the DBMS_MACADM package that you can use to configure command rules. Only users who have been granted the DV_OWNER or DV_ADMIN role can use these procedures.
Table 15-1 DBMS_MACADM Command Rule Configuration Procedures
| Procedure | Description |
|---|---|
|
Creates a command rule, associates it with a rule set, and lets you enable the command rule for rule checking with a rule set |
|
|
Drops a command rule declaration |
|
|
Updates a command rule declaration |
See Also:
Chapter 7, "Configuring Command Rules," for detailed information about realms
Chapter 19, "Oracle Database Vault Utility APIs," for a set of general-purpose utility procedures that you can use with the command rule procedures
The CREATE_COMMAND_RULE procedure creates a command rule, associates it with a rule set, and lets you enable the command rule for rule checking with a rule set.
DBMS_MACADM.CREATE_COMMAND_RULE( command IN VARCHAR2, rule_set_name IN VARCHAR2, object_owner IN VARCHAR2, object_name IN VARCHAR2, enabled IN VARCHAR2);
Table 15-2 CREATE_COMMAND_RULE Parameters
| Parameter | Description |
|---|---|
|
|
SQL statement to protect. See also the following:
|
|
|
Name of rule set to associate with this command rule. To find existing rule sets in the current database instance, query the |
|
|
Database schema to which this command rule will apply. The wildcard To find the available users, query the See also "Object Owner" in "Creating or Editing a Command Rule" for more information. |
|
|
Object name. (The wildcard % is allowed. See "Object Name" in "Creating or Editing a Command Rule" for more information about objects protected by command rules.) To find the available objects, query the |
|
|
|
BEGIN DBMS_MACADM.CREATE_COMMAND_RULE( command => 'SELECT', rule_set_name => 'Limit Sector 2 Access', object_owner => 'SYSADM', object_name => 'EMP_DATA', enabled => DBMS_MACUTL.G_YES); END; /
The DELETE_COMMAND_RULE procedure drops a command rule declaration.
DBMS_MACADM.DELETE_COMMAND_RULE( command IN VARCHAR2, object_owner IN VARCHAR2, object_name IN VARCHAR2);
Table 15-3 DELETE_COMMAND_RULE Parameters
| Parameter | Description |
|---|---|
|
|
SQL statement the command rule protects. To find available command rules, query the |
|
|
Database schema to which this command rule applies. To find the available users in the current database instance, query the See also "Object Owner" in "Creating or Editing a Command Rule" for more information. |
|
|
Object name. (The wildcard % is allowed. See "Object Name" in "Creating or Editing a Command Rule" for more information about objects protected by command rules.) To find the available objects, query the |
BEGIN DBMS_MACADM.DELETE_COMMAND_RULE( command => 'SELECT', object_owner => 'SYSADM', object_name => 'EMP_DATA'); END; /
The UPDATE_COMMAND_RULE procedure updates a command rule declaration.
DBMS_MACADM.UPDATE_COMMAND_RULE( command IN VARCHAR2, rule_set_name IN VARCHAR2, object_owner IN VARCHAR2, object_name IN VARCHAR2, enabled IN VARCHAR2);
Table 15-4 UPDATE_COMMAND_RULE Parameters
| Parameter | Description |
|---|---|
|
|
SQL statement to protect. See also the following:
|
|
|
Name of rule set to associate with this command rule. To find existing rule sets in the current database instance, query the |
|
|
Database schema to which this command rule applies. To find the available users, query the |
|
|
Object name. (The wildcard % is allowed. See "Object Name" in "Creating or Editing a Command Rule" for more information about objects protected by command rules.) To find the available objects, query the |
|
|
The default for |
BEGIN DBMS_MACADM.UPDATE_COMMAND_RULE( command => 'SELECT', rule_set_name => 'Limit Sector 2 Access', object_owner => 'SYSADM', object_name => '%', enabled => DBMS_MACUTL.G_NO); END; /