The document creates several rules, rule sets, and a realm to control access to BI (Business Intelligence) objects and processes in the database. It defines rules for BI users and processes, privileged database users, and BI data owners. It then adds these rules to rule sets to restrict or allow certain commands. Finally, it creates a realm to protect BI data and grants access to the realm to specific BI administrative users and schemas.

1. EXEC dvsys.dbms_macadm.CREATE_RULE(rule_name => 'BI Processes' ,rule_expr =>
'UPPER(SYS_CONTEXT(''USERENV'',''SESSION_USER'')) in ( ''BIVIMSDBA'', ''EDERODB'',
''OFFLOADDB1'', ''TRAVELDB_DR'', ''VIMS_PAYMENT'', ''BI_ESERVICES'', ''BI_PORTAL'', ''BI_VAIS_2'',
''BI_ECC'')');
EXEC dvsys.dbms_macadm.CREATE_RULE( rule_name => 'BI SUPER USER' ,rule_expr =>
'UPPER(SYS_CONTEXT(''USERENV'',''SESSION_USER'')) in (''BIVIMSDBA'', ''EDERODB'')');
EXEC dvsys.dbms_macadm.CREATE_RULE( rule_name => 'DBV SUPER USER' ,rule_expr =>
'UPPER(SYS_CONTEXT(''USERENV'',''SESSION_USER'')) in (''DV'',''DVSYS'',''DVMGR'')' );
EXEC dvsys.dbms_macadm.CREATE_RULE( rule_name => 'SYSTEM SUPER USER' ,rule_expr =>
'UPPER(SYS_CONTEXT(''USERENV'',''SESSION_USER'')) in (''SYS'',''SYSTEM'')' );
EXEC dvsys.dbms_macadm.CREATE_RULE( rule_name => 'BI OBJECT OWNER' ,rule_expr =>
'UPPER(SYS_CONTEXT(''USERENV'',''SESSION_USER'')) in ( ''BIVIMSDBA'', ''EDERODB'',
''OFFLOADDB1'', ''TRAVELDB_DR'', ''VIMS_PAYMENT'', ''BI_ESERVICES'', ''BI_PORTAL'',)');
EXEC dvsys.dbms_macadm.ADD_RULE_TO_RULE_SET( rule_set_name => 'BI Access' ,rule_name
=> 'BI SUPER USER' ,rule_order => 1 ,enabled => dbms_macutl.G_YES );
commit;#
EXEC dvsys.dbms_macadm.ADD_RULE_TO_RULE_SET( rule_set_name => 'Disabled_by_BI'
,rule_name => 'DBV SUPER USER' ,rule_order => 3 ,enabled => dbms_macutl.G_YES ); commit;
EXEC dvsys.dbms_macadm.ADD_RULE_TO_RULE_SET( rule_set_name => 'Disabled_by_BI'
,rule_name => 'SYSTEM SUPER USER' ,rule_order => 4 ,enabled => dbms_macutl.G_YES );
commit;
EXEC dvsys.dbms_macadm.ADD_RULE_TO_RULE_SET( rule_set_name => 'Disabled_by_BI'
,rule_name => 'BI OBJECT OWNER' ,rule_order => 5 ,enabled => dbms_macutl.G_YES
);commit;
EXEC dvsys.dbms_macadm.ADD_RULE_TO_RULE_SET( rule_set_name => 'Disabled_by_BI'
,rule_name => 'BI USER' ,rule_order => 6 ,enabled => dbms_macutl.G_YES );commit
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE(command => 'CONNECT',rule_set_name =>
'Disabled_by_BI' ,object_owner => dbms_macutl.G_ALL_OBJECT ,object_name =>
dbms_macutl.G_ALL_OBJECT ,enabled => dbms_macutl.G_YES); commit;

2. EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'NOAUDIT', rule_set_name
=> 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled => DBMS_MACUTL.G_YES);
COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER FUNCTION',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER JAVA', rule_set_name
=> 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled => DBMS_MACUTL.G_YES);
COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER OPERATOR',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER PACKAGE',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER PROCEDURE',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER ROLE',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER SYNONYM',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER TRIGGER',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER TYPE', rule_set_name
=> 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled => DBMS_MACUTL.G_YES);
COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER USER',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'ALTER VIEW',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'CREATE DATABASE LINK',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;

3. EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'CREATE DIRECTORY',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.DBMS_MACADM.CREATE_COMMAND_RULE (command => 'CREATE FUNCTION',
rule_set_name => 'Disabled_by_BI', object_owner => '%', object_name => '%', enabled =>
DBMS_MACUTL.G_YES); COMMIT;
EXEC dvsys.dbms_macadm.CREATE_REALM(realm_name => 'BI Realm' ,description => 'This realm
protects against unauthorized access by privileged users to business data.' ,enabled=>
dbms_macutl.G_YES ,audit_options => dbms_macutl.G_REALM_AUDIT_FAIL); commit;
EXEC dvsys.dbms_macadm.add_object_to_realm(realm_name=> 'BI Realm' ,object_owner =>
'BIVIMSDBA',object_name => dbms_macutl.G_ALL_OBJECT ,object_type=>
dbms_macutl.G_ALL_OBJECT); commit;
EXEC dvsys.dbms_macadm.add_auth_to_realm(realm_name=> 'BI Realm' ,grantee =>
'BIVIMSDBA'); commit;
EXEC dvsys.dbms_macadm.add_object_to_realm( realm_name => 'BI Realm',object_owner=>
'EDERODB', object_name => dbms_macutl.G_ALL_OBJECT ,object_type=>
dbms_macutl.G_ALL_OBJECT); commit;
EXEC dvsys.dbms_macadm.add_auth_to_realm(realm_name => 'BI Realm' ,grantee => 'EDERODB');
commit;
EXEC dvsys.dbms_macadm.add_object_to_realm( realm_name => 'BI Realm'
,object_owner => 'TRAVELDB_DR', object_name => dbms_macutl.G_ALL_OBJECT, object_type =>
dbms_macutl.G_ALL_OBJECT); commit;
EXEC dvsys.dbms_macadm.add_auth_to_realm(realm_name => 'BI Realm',grantee => 'BI_FSU');
commit;
EXEC dvsys.dbms_macadm.add_auth_to_realm(realm_name => 'BI Realm',grantee=>
'BI_SYSTEM'); commit;
EXEC dvsys.dbms_macadm.add_auth_to_realm(realm_name => 'BI Realm',grantee=>
'BI_TICKET'); commit;
EXEC dvsys.dbms_macadm.add_auth_to_realm(realm_name => 'BI Realm',grantee=>
'BI_TRAVEL_REPORTS'); commit;