Oracle Real Application Security

Application

To associate an Application with something in the Database there are three main parts:

Application Privilege: An Application Privilege describes Privileges like SELECT, INSERT, UPDATE, DELETE, ... Application Privileges can be summarized as an Aggregate Privilege.

XS$PRIVILEGE(
 name=>'privilege_name'
 [, implied_priv_list=>XS$NAME_LIST('"SELECT"', '"INSERT"', '"UPDATE"', '"DELETE"')]
)
XS$PRIVILEGE_LIST(
 XS$PRIVILEGE(...),
 XS$PRIVILEGE(...),
 ...
);

Application User:

Simple Application User:

BEGIN
 SYS.XS_PRINCIPAL.CREATE_USER('user_name');
END;

Direct Login Application User:

BEGIN
 SYS.XS_PRINCIPAL.CREATE_USER(name => 'user_name', schema => 'schema_name');
END;
BEGIN
 SYS.XS_PRINCIPAL.SET_PASSWORD('user_name', 'password');
END;
CREATE PROFILE prof LIMIT
 PASSWORD_REUSE_TIME 1/4440
 PASSWORD_REUSE_MAX 3
 PASSWORD_VERIFY_FUNCTION Verify_Pass;
BEGIN
 SYS.XS_PRINCIPAL.SET_PROFILE('user_name', 'prof');
END;
BEGIN
 SYS.XS_PRINCIPAL.GRANT_ROLES('user_name', 'XSONNCENT');
END;

(optional:)

BEGIN
 SYS.XS_PRINCIPAL.SET_VERIFIER('user_name', '6DFF060084ECE67F', XS_PRINCIPAL.XS_SHA512“);
END;

Application Role:

Regular Application Role:

DECLARE
 st_date TIMESTAMP WITH TIME ZONE;
 ed_date TIMESTAMP WITH TIME ZONE;
BEGIN
 st_date := SYSTIMESTAMP;
 ed_date := TO_TIMESTAMP_TZ('2013-06-18 11:00:00 -5:00','YYYY-MM-DD HH:MI:SS');
 SYS.XS_PRINCIPAL.CREATE_ROLE
 (name => 'app_regular_role',
 enabled => TRUE,
 start_date => st_date,
 end_date => ed_date);
END;

Dynamic Application Role: (gets enabled dynamical based on the authenatication state)

BEGIN
 SYS.XS_PRINCIPAL.CREATE_DYNAMIC_ROLE
 (name => 'app_dynamic_role',
 duration => 40,
 scope => XS_PRINCIPAL.SESSION_SCOPE);
END;

Predefined Application Roles:

Regular:

.XSPUBLIC

.XSBYPASS

.XSSESSIONADMIN

.XSNAMESPACEADMIN

.XSPROVISIONER

.XSCACHEADMIN

.XSDISPATCHER

Dynamic: (depended on the authentication state of application user)

.DBMS_AUTH: (direct-logon or other database authentication method)

.EXTERNAL_DBMS_AUTH: (direct-logon or other database authentication method and user is external)

.DBMS_PASSWD: (direct-logon with password)

.MIDTIER_AUTH: (authentication through middle tier application)

.XSAUTHENTICATED: (direct or middle tier application)

.XSSWITCH: (user switched from proxy user to application user)

Conclusion

In this page (written and validated by A. Gawali) you learned about Oracle Real Application Security . What's Next? If you are interested in completing Oracle tutorial, your next topic will be learning about: Oracle Assignments model and language.

Incorrect info or code snippet? We take very seriously the accuracy of the information provided on our website. We also make sure to test all snippets and examples provided for each section. If you find any incorrect information, please send us an email about the issue: mockstacks@gmail.com.

Share On:

Mockstacks was launched to help beginners learn programming languages; the site is optimized with no Ads as, Ads might slow down the performance. We also don't track any personal information; we also don't collect any kind of data unless the user provided us a corrected information. Almost all examples have been tested. Tutorials, references, and examples are constantly reviewed to avoid errors, but we cannot warrant full correctness of all content. By using Mockstacks.com, you agree to have read and accepted our terms of use, cookies and privacy policy.