More Related Content
Similar to Sample_Rule_Ruleset.docx (20)
Sample_Rule_Ruleset.docx
- 1. EXEC dvsys.dbms_macadm.CREATE_RULE(rule_name => 'BI Processes' ,rule_expr =>
'UPPER(SYS_CONTEXT(''USERENV'',''SESSION_USER'')) in ( ''BIVIMSDBA'', ''EDERODB'',
''OFFLOADDB1'', ''TRAVELDB_DR'', ''VIMS_PAYMENT'', ''BI_ESERVICES'', ''BI_PORTAL'', ''BI_VAIS_2'',
''BI_ECC'')');
EXEC dvsys.dbms_macadm.CREATE_RULE( rule_name => 'BI SUPER USER' ,rule_expr =>
'UPPER(SYS_CONTEXT(''USERENV'',''SESSION_USER'')) in (''BIVIMSDBA'', ''EDERODB'')');
EXEC dvsys.dbms_macadm.CREATE_RULE( rule_name => 'DBV SUPER USER' ,rule_expr =>
'UPPER(SYS_CONTEXT(''USERENV'',''SESSION_USER'')) in (''DV'',''DVSYS'',''DVMGR'')' );
EXEC dvsys.dbms_macadm.CREATE_RULE( rule_name => 'SYSTEM SUPER USER' ,rule_expr =>
'UPPER(SYS_CONTEXT(''USERENV'',''SESSION_USER'')) in (''SYS'',''SYSTEM'')' );
EXEC dvsys.dbms_macadm.CREATE_RULE( rule_name => 'BI OBJECT OWNER' ,rule_expr =>
'UPPER(SYS_CONTEXT(''USERENV'',''SESSION_USER'')) in ( ''BIVIMSDBA'', ''EDERODB'',
''OFFLOADDB1'', ''TRAVELDB_DR'', ''VIMS_PAYMENT'', ''BI_ESERVICES'', ''BI_PORTAL'',)');
EXEC dvsys.dbms_macadm.ADD_RULE_TO_RULE_SET( rule_set_name => 'BI Access' ,rule_name
=> 'BI SUPER USER' ,rule_order => 1 ,enabled => dbms_macutl.G_YES );
commit;#
EXEC dvsys.dbms_macadm.ADD_RULE_TO_RULE_SET( rule_set_name => 'Disabled_by_BI'
,rule_name => 'DBV SUPER USER' ,rule_order => 3 ,enabled => dbms_macutl.G_YES ); commit;
EXEC dvsys.dbms_macadm.ADD_RULE_TO_RULE_SET( rule_set_name => 'Disabled_by_BI'
,rule_name => 'SYSTEM SUPER USER' ,rule_order => 4 ,enabled => dbms_macutl.G_YES );
commit;
EXEC dvsys.dbms_macadm.ADD_RULE_TO_RULE_SET( rule_set_name => 'Disabled_by_BI'
,rule_name => 'BI OBJECT OWNER' ,rule_order => 5 ,enabled => dbms_macutl.G_YES
);commit;
EXEC dvsys.dbms_macadm.ADD_RULE_TO_RULE_SET( rule_set_name => 'Disabled_by_BI'
,rule_name => 'BI USER' ,rule_order => 6 ,enabled => dbms_macutl.G_YES );commit
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE(command => 'CONNECT',rule_set_name =>
'Disabled_by_BI' ,object_owner => dbms_macutl.G_ALL_OBJECT ,object_name =>
dbms_macutl.G_ALL_OBJECT ,enabled => dbms_macutl.G_YES); commit;
- 2. EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'NOAUDIT', rule_set_name
=> 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled => DBMS_MACUTL.G_YES);
COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER FUNCTION',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER JAVA', rule_set_name
=> 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled => DBMS_MACUTL.G_YES);
COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER OPERATOR',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER PACKAGE',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER PROCEDURE',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER ROLE',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER SYNONYM',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER TRIGGER',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER TYPE', rule_set_name
=> 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled => DBMS_MACUTL.G_YES);
COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER USER',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER VIEW',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'CREATE DATABASE LINK',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
- 3. EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'CREATE DIRECTORY',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'CREATE FUNCTION',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.dbms_macadm.CREATE_REALM(realm_name => 'BI Realm' ,description => 'This realm
protects against unauthorized access by privileged users to business data.' ,enabled=>
dbms_macutl.G_YES ,audit_options => dbms_macutl.G_REALM_AUDIT_FAIL); commit;
EXEC dvsys.dbms_macadm.add_object_to_realm(realm_name=> 'BI Realm' ,object_owner =>
'BIVIMSDBA',object_name => dbms_macutl.G_ALL_OBJECT ,object_type=>
dbms_macutl.G_ALL_OBJECT); commit;
EXEC dvsys.dbms_macadm.add_auth_to_realm(realm_name=> 'BI Realm' ,grantee =>
'BIVIMSDBA'); commit;
EXEC dvsys.dbms_macadm.add_object_to_realm( realm_name => 'BI Realm',object_owner=>
'EDERODB', object_name => dbms_macutl.G_ALL_OBJECT ,object_type=>
dbms_macutl.G_ALL_OBJECT); commit;
EXEC dvsys.dbms_macadm.add_auth_to_realm(realm_name => 'BI Realm' ,grantee => 'EDERODB');
commit;
EXEC dvsys.dbms_macadm.add_object_to_realm( realm_name => 'BI Realm'
,object_owner => 'TRAVELDB_DR', object_name => dbms_macutl.G_ALL_OBJECT, object_type =>
dbms_macutl.G_ALL_OBJECT); commit;
EXEC dvsys.dbms_macadm.add_auth_to_realm(realm_name => 'BI Realm',grantee => 'BI_FSU');
commit;
EXEC dvsys.dbms_macadm.add_auth_to_realm(realm_name => 'BI Realm',grantee=>
'BI_SYSTEM'); commit;
EXEC dvsys.dbms_macadm.add_auth_to_realm(realm_name => 'BI Realm',grantee=>
'BI_TICKET'); commit;
EXEC dvsys.dbms_macadm.add_auth_to_realm(realm_name => 'BI Realm',grantee=>
'BI_TRAVEL_REPORTS'); commit;