CODE
Oracle Code Library
JOBS
Find Or Post Oracle Jobs
FORUM
Oracle Discussion & Chat
PSOUG Home Code Snippets Oracle Reference Oracle Functions PSOUG Forum Oracle Blogs Bookmark and Share
 
 Search the Reference Library pages:  

Free
Oracle Magazine
Subscriptions
and Oracle White Papers

Oracle DBMS_RLS (FGAC)
Fine Grained Access Control
Virtual Private Database
Version 11.1
 
General
Note: The functionality supporting FGA is based on dynamic predicates acquired at statement parse time, when the base table or view is referenced in a DML statement.
Source {ORACLE_HOME}/rdbms/admin/dbmsrlsa.sql
First Available 8.1.5

Constants
Name Data Type Value
STATIC BINARY_INTEGER 1
SHARED_STATIC BINARY_INTEGER 2
CONTEXT_SENSITIVE  BINARY_INTEGER 3
SHARED_CONTEXT_SENSITIVE BINARY_INTEGER 4
DYNAMIC BINARY_INTEGER 5
ALL_ROWS BINARY_INTEGER 1
Default Policy Group SYS_DEFAULT

Dependencies
all_policies dbms_xdbz0
all_policy_contexts ltadm
context$ ltutil
dba_contexts rls$
dba_policies user_contexts
dba_policy_contexts user_policies
dba_policy_groups user_policy_contexts
dbms_rls_lib wk_adm

Related System Privileges
create any context
create policy group
drop any context
exempt access policy (not subject to SYS_DEFAULT policies)
GRANT create any context TO uwclass;
GRANT create any policy TO uwclass;
GRANT drop any context TO uwclass;
GRANT execute ON dbms_rls TO uwclass;
Security Model Execute is granted to the EXECUTE_CATALOG_ROLE role.
 
ADD_GROUPED_POLICY

Add a row level security policy to a policy group for a table or view
dbms_rls.add_grouped_policy(
object_schema         IN VARCHAR2 := NULL,
object_name           IN VARCHAR2,
policy_group          IN VARCHAR2 := 'SYS_DEFAULT',
policy_name           IN VARCHAR2,
function_schema       IN VARCHAR2 := NULL,
policy_function       IN VARCHAR2,
statement_types       IN VARCHAR2 := NULL,
update_check          IN BOOLEAN  := FALSE,
enable                IN BOOLEAN  := TRUE,
static_policy         IN BOOLEAN  := FALSE,
policy_type           IN BINARY_INTEGER := NULL,
long_predicate        IN BOOLEAN  := FALSE,
sec_relevant_cols     IN VARCHAR2 := NULL,
sec_relevant_cols_opt IN BINARY_INTEGER := NULL);
See FGAC Demo
 
ADD_POLICY

Add a row level security policy to a table or view
dbms_rls.add_policy(
object_schema         IN VARCHAR2 := NULL,
object_name           IN VARCHAR2,
policy_name           IN VARCHAR2,
function_schema       IN VARCHAR2 := NULL,
policy_function       IN VARCHAR2,
statement_types       IN VARCHAR2 := NULL,
update_check          IN BOOLEAN  := FALSE,
enable                IN BOOLEAN := TRUE,
static_policy         IN BOOLEAN := FALSE,
policy_type           IN BINARY_INTEGER := NULL,
long_predicate        IN BOOLEAN := FALSE,
sec_relevant_cols     IN VARCHAR2 := NULL,
sec_relevant_cols_opt IN BINARY_INTEGER := NULL);
See FGAC Demo
 
ADD_POLICY_CONTEXT
Add a driving context to a table or view dbms_rls.add_policy_context(
object_schema IN VARCHAR2 := NULL,
object_name   IN VARCHAR2,
namespace     IN VARCHAR2,
attribute     IN VARCHAR2);
TBD
 
CREATE_POLICY_GROUP
Create a policy group for a table or view dbms_rls.create_policy_group(
object_schema IN VARCHAR2 := NULL,
object_name   IN VARCHAR2,
policy_group  IN VARCHAR2);
See FGAC Demo
 
DELETE_POLICY_GROUP
Delete a policy group for a table or view dbms_rls.delete_policy_group(
object_schema IN VARCHAR2 := NULL,
object_name   IN VARCHAR2,
policy_group  IN VARCHAR2);
TBD
 
DISABLE_GROUPED_POLICY
Enable or disable a policy for a table or view dbms_rls.disable_grouped_policy(
object_schema IN VARCHAR2 := NULL,
object_name   IN VARCHAR2,
group_name    IN VARCHAR2,
policy_name   IN VARCHAR2);
See FGAC Demo
 
DROP_GROUPED_POLICY
Drop a row level security policy from a policy group of a table or view dbms_rls.drop_grouped_policy(
object_schema IN VARCHAR2 := NULL,
object_name   IN VARCHAR2,
policy_group  IN VARCHAR2 := 'SYS_DEFAULT',
policy_name   IN VARCHAR2);
See FGAC Demo
 
DROP_POLICY
Drop a row level security policy from a table or view dbms_rls.drop_policy(
object_schema IN VARCHAR2 := NULL,
object_name   IN VARCHAR2,
policy_name   IN VARCHAR2);
See FGAC Demo
 
DROP_POLICY_CONTEXT
Drop a driving context from a table or view dbms_rls.drop_policy_context(
object_schema IN VARCHAR2 := NULL,
object_name   IN VARCHAR2,
namespace     IN VARCHAR2,
attribute     IN VARCHAR2);
TBD
 
ENABLE_GROUPED_POLICY
Enable or disable a policy for a table or view dbms_rls.enable_grouped_policy(
object_schema IN VARCHAR2 := NULL,
object_name   IN VARCHAR2,
group_name    IN VARCHAR2,
policy_name   IN VARCHAR2,
enable        IN BOOLEAN  := TRUE);
See FGAC Demo
 
ENABLE_POLICY
Enable or disable a security policy for a table or view dbms_rls.enable_policy(
object_schema IN VARCHAR2 := NULL,
object_name   IN VARCHAR2,
policy_name   IN VARCHAR2,
enable        IN BOOLEAN  := TRUE);
See FGAC Demo
 
REFRESH_GROUPED_POLICY
Invalidate all cursors associated with the policy if no argument provides, all cursors with policies involved will be invalidated dbms_rls.refresh_grouped_policy(
object_schema IN VARCHAR2 := NULL,
object_name   IN VARCHAR2 := NULL,
group_name    IN VARCHAR2 := NULL,
policy_name   IN VARCHAR2 := NULL);
TBD
 
REFRESH_POLICY
Invalidate all cursors associated with the policy. If no argument provides, all cursors with policies involved will be invalidated dbms_rls.refresh_policy(
object_schema IN VARCHAR2 := NULL,
object_name   IN VARCHAR2 := NULL,
policy_name   IN VARCHAR2 := NULL);
TBD
 
Related Topics
Fine Grained Access Control Demo
Object Privileges
Roles
System Privileges
 
Home      :      Code Library      :      Sponsors      :      Privacy      :      Terms of Use      :      Contact Us [180 users online]    © 2010 psoug.org