| General |
| Note: The functionality
supporting FGA is based on dynamic predicates acquired at statement parse
time, when the base table or view is referenced in a DML statement. |
| Source |
{ORACLE_HOME}/rdbms/admin/dbmsrlsa.sql |
| First Available |
8.1.5 |
Constants |
| Name |
Data Type |
Value |
| STATIC |
BINARY_INTEGER |
1 |
| SHARED_STATIC |
BINARY_INTEGER |
2 |
| CONTEXT_SENSITIVE |
BINARY_INTEGER |
3 |
| SHARED_CONTEXT_SENSITIVE |
BINARY_INTEGER |
4 |
| DYNAMIC |
BINARY_INTEGER |
5 |
| ALL_ROWS |
BINARY_INTEGER |
1 |
|
| Default Policy Group |
SYS_DEFAULT |
Dependencies |
| all_policies |
dbms_xdbz0 |
| all_policy_contexts |
ltadm |
| context$ |
ltutil |
| dba_contexts |
rls$
|
| dba_policies |
user_contexts |
| dba_policy_contexts |
user_policies |
| dba_policy_groups |
user_policy_contexts |
| dbms_rls_lib |
wk_adm |
|
Related System Privileges |
create any context
create policy group
drop any context
exempt access policy (not subject to SYS_DEFAULT policies) |
GRANT create any context TO uwclass;
GRANT create any policy TO uwclass;
GRANT drop any context TO uwclass;
GRANT execute ON dbms_rls TO uwclass; |
| Security Model |
Execute is granted to the
EXECUTE_CATALOG_ROLE role. |
| |
| ADD_GROUPED_POLICY |
Add a row level security policy to a policy group for a table or view |
dbms_rls.add_grouped_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
policy_group IN VARCHAR2 := 'SYS_DEFAULT',
policy_name IN VARCHAR2,
function_schema IN VARCHAR2 := NULL,
policy_function IN VARCHAR2,
statement_types IN VARCHAR2 := NULL,
update_check IN BOOLEAN := FALSE,
enable IN BOOLEAN := TRUE,
static_policy IN BOOLEAN := FALSE,
policy_type IN BINARY_INTEGER := NULL,
long_predicate IN BOOLEAN := FALSE,
sec_relevant_cols IN VARCHAR2 := NULL,
sec_relevant_cols_opt IN BINARY_INTEGER := NULL); |
| See FGAC Demo |
| |
| ADD_POLICY |
Add a row level security policy to a table or view |
dbms_rls.add_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
policy_name IN VARCHAR2,
function_schema IN VARCHAR2 := NULL,
policy_function IN VARCHAR2,
statement_types IN VARCHAR2 := NULL,
update_check IN BOOLEAN := FALSE,
enable IN BOOLEAN := TRUE,
static_policy IN BOOLEAN := FALSE,
policy_type IN BINARY_INTEGER := NULL,
long_predicate IN BOOLEAN := FALSE,
sec_relevant_cols IN VARCHAR2 := NULL,
sec_relevant_cols_opt IN BINARY_INTEGER := NULL); |
| See FGAC Demo |
| |
| ADD_POLICY_CONTEXT |
| Add a driving context to a table or view |
dbms_rls.add_policy_context(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
namespace IN VARCHAR2,
attribute IN VARCHAR2); |
| TBD |
| |
| CREATE_POLICY_GROUP |
| Create a policy group for a table or view |
dbms_rls.create_policy_group(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
policy_group IN VARCHAR2); |
| See FGAC Demo |
| |
| DELETE_POLICY_GROUP |
| Delete a policy group for a table or view |
dbms_rls.delete_policy_group(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
policy_group IN VARCHAR2); |
| TBD |
| |
| DISABLE_GROUPED_POLICY |
| Enable or disable a policy for a table or view |
dbms_rls.disable_grouped_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
group_name IN VARCHAR2,
policy_name IN VARCHAR2); |
| See FGAC Demo |
| |
| DROP_GROUPED_POLICY |
| Drop a row level security policy from a policy group of a table or view |
dbms_rls.drop_grouped_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
policy_group IN VARCHAR2 := 'SYS_DEFAULT',
policy_name IN VARCHAR2); |
| See FGAC Demo |
| |
| DROP_POLICY |
| Drop a row level security policy from a table or view |
dbms_rls.drop_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
policy_name IN VARCHAR2); |
| See FGAC Demo |
| |
| DROP_POLICY_CONTEXT |
| Drop a driving context from a table or view |
dbms_rls.drop_policy_context(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
namespace IN VARCHAR2,
attribute IN VARCHAR2); |
| TBD |
| |
| ENABLE_GROUPED_POLICY |
| Enable or disable a policy for a table or view |
dbms_rls.enable_grouped_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
group_name IN VARCHAR2,
policy_name IN VARCHAR2,
enable IN BOOLEAN := TRUE); |
| See FGAC Demo |
| |
| ENABLE_POLICY |
| Enable or disable a security policy for a table or view |
dbms_rls.enable_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
policy_name IN VARCHAR2,
enable IN BOOLEAN := TRUE); |
| See FGAC Demo |
| |
| REFRESH_GROUPED_POLICY |
|
Invalidate all cursors associated with the policy if no argument provides, all cursors with policies involved will be invalidated |
dbms_rls.refresh_grouped_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2 := NULL,
group_name IN VARCHAR2 := NULL,
policy_name IN VARCHAR2 := NULL); |
| TBD |
| |
| REFRESH_POLICY |
| Invalidate all cursors associated with the policy.
If no argument provides, all cursors with policies involved will be invalidated |
dbms_rls.refresh_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2 := NULL,
policy_name IN VARCHAR2 := NULL); |
| TBD |