Hi Lothar,
Please detail your setup and oracle version you're working on.
Script To List The Database Vault Realms, Command Rules And Rule Sets ( Doc
ID 1352556.1
<https://support.oracle.com/epmos/faces/DocumentDisplay?parent=SrDetailText&sourceId=3-17119640681&id=1352556.1>
)
If you're working with mandatory realms, You could achieve this by listing
an authorized user within realm protection.
I could suggest the following setup (Please consider authorized user with
the role dv_owner to perform the following procedure):
Create a FACTOR:
BEGIN
DVSYS.DBMS_MACADM.CREATE_FACTOR(factor_name => 'USER_NAME', description =>
' Returns the username for the current session ', factor_type_name =>
'User', rule_set_name => NULL, get_expr =>
'DVSYS.DBMS_MACADM.GET_SESSION_INFO(''USERNAME'')', validate_expr => NULL,
identify_by => '1', labeled_by => '0', eval_options => '0', audit_options
=> '16',fail_options => '1');
END;
/
Create a Rule called TRUSTED_USER
begin DVSYS.DBMS_MACADM.CREATE_RULE(rule_name => 'TRUSTED_USER', rule_expr
=> 'DVF.F$USER_NAME= 'USERNAME''); end;
Create a RULE SET:
begin
DECLARE x VARCHAR2(40);
static_option BOOLEAN := FALSE; BEGIN x:='Y';
IF x = 'Y' THEN static_option := TRUE; ELSE static_option := FALSE;
END IF;
DVSYS.DBMS_MACADM.CREATE_RULE_SET(rule_set_name => 'TRUSTED_ACCESS',
description => ' Trusted users and applications',
enabled => 'Y',
eval_options => 2,
audit_options => 1,
fail_options => 1,
fail_message => '',
fail_code => '',
handler_options => 0,
handler => '',
is_static => static_option);
END;
DVSYS.DBMS_MACADM.ADD_RULE_TO_RULE_SET(rule_set_name => 'TRUSTED_ACCESS',
rule_name => 'TRUSTED_USER',
rule_order => '1',
enabled => 'Y');
end;
/
Grant this RULE SET on your app realm protection
begin
DVSYS.DBMS_MACADM.ADD_AUTH_TO_REALM(realm_name => 'APP - REALM',
grantee => DBMS_ASSERT.ENQUOTE_NAME('USERNAME',FALSE),
rule_set_name => 'TRUSTED_ACCESS',
auth_options => '0' );
end;
The user should be able to login and run your procedures.
You can play more options on this setup with the rule set TRUSTED_ACCESS...
Best Regards,
Ricardo Arnoud
On Wed, Jun 27, 2018 at 9:44 AM, l.flatz@xxxxxxxxxx <l.flatz@xxxxxxxxxx>
wrote:
Hi,
we have Database vault implemented and protect on schema level.
We want to define a prackage that will be stored in a protected schema.
That way we want to do some maintenance jobs.
We are not sure if that is possible or the schema protection will also
prohibit execute access.
I did not find something usefull in the documentation, but I also do not
know database vault.
If a direct execute is not possible, is somebody aware of a work around
(e.g. by a database job)?
Regards
Lothar
