207 DBMS_XDBZ
The DBMS_XDBZ package controls the Oracle XML DB repository security, which is based on Access Control Lists (ACLs).
This chapter contains the following topics:
See Also:
207.1 DBMS_XDBZ Security Model
Owned by XDB
, the DBMS_XDBZ
package must be created by SYS
or XDB
. The EXECUTE
privilege is granted to PUBLIC
. Subprograms in this package are executed using the privileges of the current user.
207.2 DBMS_XDBZ Constants
The DBMS_XDBZ
package defines several constants that can be used for specifying parameter values.
The package uses the constants shown in following tables.
Table 207-1 DBMS_XDBZ Constants - Name Format
Constant | Type | Value | Description |
---|---|---|---|
|
|
|
DB user name or LDAP nickname |
|
|
|
LDAP distinguished name |
Table 207-2 DBMS_XDBZ Constants - Enable Option
Constant | Type | Value | Description |
---|---|---|---|
|
|
|
Enables hierarchy for contents and is used by users when calling the ENABLE_HIERARCHY Procedure |
|
|
|
Enables hierarchy for resource metadata, that is, this table will store schema based custom metadata for resources |
Table 207-3 DBMS_XDBZ Constants - Enable Option Exercised
Constant | Type | Value | Description |
---|---|---|---|
|
|
|
If hierarchy was enabled for contents, that is, the ENABLE_HIERARCHY Procedure was called with |
|
|
|
If hierarchy was enabled for resource metadata, that is, the ENABLE_HIERARCHY Procedure was called with |
207.3 Summary of DBMS_XDBZ Subprograms
This table lists the DBMS_XDBZ
subprograms and briefly describes them.
Table 207-4 DBMS_XDBZ Package Subprograms
Method | Description |
---|---|
Disables repository support for the specified |
|
Enables repository support for the specified |
|
Retrieves the ACL Object ID for the specified resource |
|
Retrieves the user ID for the specified user |
|
Determines if repository support for the specified |
|
Purges the LDAP nickname cache |
207.3.1 CREATENONCEKEY Procedure
This procedure generates a nonce value for use in digest authentication.
Syntax
DBMS_XDBZ.CREATENONCEKEY;
207.3.2 DISABLE_HIERARCHY Procedure
This procedure disables repository support for a particular XMLType
table or view.
Syntax
DBMS_XDBZ.DISABLE_HIERARCHY( object_schema IN VARCHAR2, object_name IN VARCHAR2);
Parameters
Table 207-5 DISABLE_HIERARCHY Procedure Parameters
Parameter | Description |
---|---|
|
Schema name of the |
|
Name of the |
207.3.3 ENABLE_HIERARCHY Procedure
This procedure enables repository support for a particular XMLType
table or view. This allows the use of a uniform ACL-based security model across all documents in the repository.
See Also:
Oracle XML DB Developer's Guide for more information about
Syntax
DBMS_XDBZ.ENABLE_HIERARCHY( object_schema IN VARCHAR2, object_name IN VARCHAR2, hierarchy_type IN PLS_INTEGER := DBMS_XDBZ.ENABLE_CONTENTS);
Parameters
Table 207-6 ENABLE_HIERARCHY Procedure Parameters
Parameter | Description |
---|---|
|
Schema name of the |
|
Name of the |
|
How to enable the hierarchy.
If this subprogram is called on a table, another call will have no effect. Note that you cannot enable hierarchy for both contents and resource metadata. |
207.3.4 GET_ACLOID Function
This function retrieves the ACL Object ID for the specified resource, if the repository path is known.
Syntax
DBMS_XDBZ.GET_ACLOID( aclpath IN VARCHAR2, acloid OUT RAW) RETURN BOOLEAN;
Parameters
Table 207-7 GET_ACLOID Function Parameters
Parameter | Description |
---|---|
|
ACL resource path for the repository |
|
Returned Object ID |
Return Values
Returns TRUE
if successful.
207.3.5 GET_USERID Function
This function retrieves the user ID for the specified user name. The local database is searched first, and if found, the USERID
is returned in 4-byte database format. Otherwise, the LDAP directory is searched, if available, and if found, the USERID
is returned in 4-byte database format.
Syntax
DBMS_XDBZ.GET_USERID( username IN VARCHAR2, userid OUT RAW, format IN BINARY_INTEGER := NAME_FORMAT_SHORT) RETURN BOOLEAN;
Parameters
Table 207-8 GET_USERID Function Parameters
Parameter | Description |
---|---|
|
Name of the database or LDAP user. |
|
Return parameter for the matching user id. |
|
Format of the specified user name; valid options are:
|
Return Values
Returns TRUE
if successful.
207.3.6 IS_HIERARCHY_ENABLED Function
This function determines if repository support for the specified XMLType
table or view is enabled.
Syntax
DBMS_XDBZ.IS_HIERARCHY_ENABLED( object_schema IN VARCHAR2, object_name IN VARCHAR2, hierarchy_type IN PLS_INTEGER := IS_ENABLED_CONTENTS) RETURN BOOLEAN;
Parameters
Table 207-9 IS_HIERARCHY_ENABLED Function Parameters
Parameter | Description |
---|---|
|
Schema name of the |
|
Name of the |
|
Type of hierarchy to check for:
|
Return Values
Returns TRUE
if the given XMLTYPE table or view has the XDB Hierarchy enabled with the specified type.