13 Using the DVSYS.DBMS_MACSEC_ROLES Package

About the DVSYS.DBMS_MACSEC_ROLES Package

You can modify your applications to use the procedures within the DVSYS.DBMS_MACSEC_ROLES package to check the authorization for a user or to set an Oracle Database Vault secure application role. The DVSYS.DBMS_MACSEC_ROLES package is available to all users.

Chapter 8, "Configuring Secure Application Roles for Oracle Database Vault" describes secure application roles in detail. See also Chapter 14, "Using the DVSYS.DBMS_MACUTL Package" for a set of general-purpose utility procedures that you can use with the secure application role procedures.

Table 13-1 lists the DVSYS.DBMS_MACSEC_ROLES package function and procedure.

CAN_SET_ROLE Function

The CAN_SET_ROLE function checks whether the user invoking the method is authorized to use the specified Oracle Database Vault secure application role.

Syntax

DVSYS.DBMS_MACSEC_ROLES.CAN_SET_ROLE(
  p_role IN VARCHAR2)
RETURN BOOLEAN;

Parameters

Example

SET SERVEROUTPUT ON
BEGIN
 IF DVSYS.DBMS_MACSEC_ROLES.SET_ROLE('SECTOR2_APP_MGR')
  THEN DBMS_OUTPUT.PUT_LINE('SECTOR2_APP_MGR' is enabled.')
 END IF;
END;
/

SET_ROLE Procedure

The SET_ROLE procedure the SET ROLE statement for an Oracle Database Vault secure application role. If a rule set that is associated with the role evaluates to false, then the role is not set.

Syntax

DVSYS.DBMS_MACSEC_ROLES.SET_ROLE(
  p_role IN VARCHAR2);

Parameters

Example

EXEC DVSYS.DBMS_MACSEC_ROLES.SET_ROLE('SECTOR2_APP_MGR');

You can enter the name of the role in any case (for example, Sector2_APP_MGR).