General |
Note: The functionality
supporting FGA is based on dynamic predicates acquired at statement parse
time, when the base table or view is referenced in a DML statement. |
Source |
{ORACLE_HOME}/rdbms/admin/dbmsrlsa.sql |
First Available |
8.1.5 |
Constants |
Name |
Data Type |
Value |
STATIC |
BINARY_INTEGER |
1 |
SHARED_STATIC |
BINARY_INTEGER |
2 |
CONTEXT_SENSITIVE |
BINARY_INTEGER |
3 |
SHARED_CONTEXT_SENSITIVE |
BINARY_INTEGER |
4 |
DYNAMIC |
BINARY_INTEGER |
5 |
ALL_ROWS |
BINARY_INTEGER |
1 |
|
Default Policy Group |
SYS_DEFAULT |
Dependencies |
all_policies |
dbms_xdbz0 |
all_policy_contexts |
ltadm |
context$ |
ltutil |
dba_contexts |
rls$
|
dba_policies |
user_contexts |
dba_policy_contexts |
user_policies |
dba_policy_groups |
user_policy_contexts |
dbms_rls_lib |
wk_adm |
|
Related System Privileges |
create any context
create policy group
drop any context
exempt access policy (not subject to SYS_DEFAULT policies) |
GRANT create any context TO uwclass;
GRANT create any policy TO uwclass;
GRANT drop any context TO uwclass;
GRANT execute ON dbms_rls TO uwclass; |
Security Model |
Execute is granted to the
EXECUTE_CATALOG_ROLE role. |
|
ADD_GROUPED_POLICY |
Add a row level security policy to a policy group for a table or view |
dbms_rls.add_grouped_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
policy_group IN VARCHAR2 := 'SYS_DEFAULT',
policy_name IN VARCHAR2,
function_schema IN VARCHAR2 := NULL,
policy_function IN VARCHAR2,
statement_types IN VARCHAR2 := NULL,
update_check IN BOOLEAN := FALSE,
enable IN BOOLEAN := TRUE,
static_policy IN BOOLEAN := FALSE,
policy_type IN BINARY_INTEGER := NULL,
long_predicate IN BOOLEAN := FALSE,
sec_relevant_cols IN VARCHAR2 := NULL,
sec_relevant_cols_opt IN BINARY_INTEGER := NULL); |
See FGAC Demo |
|
ADD_POLICY |
Add a row level security policy to a table or view |
dbms_rls.add_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
policy_name IN VARCHAR2,
function_schema IN VARCHAR2 := NULL,
policy_function IN VARCHAR2,
statement_types IN VARCHAR2 := NULL,
update_check IN BOOLEAN := FALSE,
enable IN BOOLEAN := TRUE,
static_policy IN BOOLEAN := FALSE,
policy_type IN BINARY_INTEGER := NULL,
long_predicate IN BOOLEAN := FALSE,
sec_relevant_cols IN VARCHAR2 := NULL,
sec_relevant_cols_opt IN BINARY_INTEGER := NULL); |
See FGAC Demo |
|
ADD_POLICY_CONTEXT |
Add a driving context to a table or view |
dbms_rls.add_policy_context(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
namespace IN VARCHAR2,
attribute IN VARCHAR2); |
TBD |
|
CREATE_POLICY_GROUP |
Create a policy group for a table or view |
dbms_rls.create_policy_group(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
policy_group IN VARCHAR2); |
See FGAC Demo |
|
DELETE_POLICY_GROUP |
Delete a policy group for a table or view |
dbms_rls.delete_policy_group(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
policy_group IN VARCHAR2); |
TBD |
|
DISABLE_GROUPED_POLICY |
Enable or disable a policy for a table or view |
dbms_rls.disable_grouped_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
group_name IN VARCHAR2,
policy_name IN VARCHAR2); |
See FGAC Demo |
|
DROP_GROUPED_POLICY |
Drop a row level security policy from a policy group of a table or view |
dbms_rls.drop_grouped_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
policy_group IN VARCHAR2 := 'SYS_DEFAULT',
policy_name IN VARCHAR2); |
See FGAC Demo |
|
DROP_POLICY |
Drop a row level security policy from a table or view |
dbms_rls.drop_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
policy_name IN VARCHAR2); |
See FGAC Demo |
|
DROP_POLICY_CONTEXT |
Drop a driving context from a table or view |
dbms_rls.drop_policy_context(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
namespace IN VARCHAR2,
attribute IN VARCHAR2); |
TBD |
|
ENABLE_GROUPED_POLICY |
Enable or disable a policy for a table or view |
dbms_rls.enable_grouped_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
group_name IN VARCHAR2,
policy_name IN VARCHAR2,
enable IN BOOLEAN := TRUE); |
See FGAC Demo |
|
ENABLE_POLICY |
Enable or disable a security policy for a table or view |
dbms_rls.enable_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2,
policy_name IN VARCHAR2,
enable IN BOOLEAN := TRUE); |
See FGAC Demo |
|
REFRESH_GROUPED_POLICY |
Invalidate all cursors associated with the policy if no argument provides, all cursors with policies involved will be invalidated |
dbms_rls.refresh_grouped_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2 := NULL,
group_name IN VARCHAR2 := NULL,
policy_name IN VARCHAR2 := NULL); |
TBD |
|
REFRESH_POLICY |
Invalidate all cursors associated with the policy.
If no argument provides, all cursors with policies involved will be invalidated |
dbms_rls.refresh_policy(
object_schema IN VARCHAR2 := NULL,
object_name IN VARCHAR2 := NULL,
policy_name IN VARCHAR2 := NULL); |
TBD |