Table of Contents

Privilege Analysis

It is possible to use privilege analysis without having Database Vault configured.

Define Policy

Below shows an example of a Role and Context Policy 

BEGIN
  DBMS_PRIVILEGE_CAPTURE.CREATE_CAPTURE (
    name      => 'rolecontext_policy',
    type      => DBMS_PRIVILEGE_CAPTURE.g_role_and_context,
    roles     => role_name_list('DBA', 'EXP_FULL_DATABASE')
    condition => 'SYS_CONTEXT(''USERENV'', ''SESSION_USER'') = ''SYSTEM''');
END;

Other types available are …

Use the view DBA_PRIV_CAPTURES to view details on existing privilege capture policies.

Enable Policy

BEGIN
  DBMS_PRIVILEGE_CAPTURE.enable_capture('rolecontext_policy');
END;

Disable Policy

After a few days have passed you must disable the capture before you can see the results 

BEGIN
  DBMS_PRIVILEGE_CAPTURE.disable_capture('rolecontext_policy');
END;

Generate Results

BEGIN
  DBMS_PRIVILEGE_CAPTURE.generate_result('rolecontext_policy');
END;

The following views can now be used to see the results …