DB Wiki

User Tools

Site Tools

Trace: privilegeanalysis
privilegeanalysis

This is an old revision of the document!

Table of Contents

Privilege Analysis

It is possible to use privilege analysis without having Database Vault configured.

Define Policy

Below shows an example of a Role and Context Policy 

BEGIN
  DBMS_PRIVILEGE_CAPTURE.CREATE_CAPTURE (
    name      => 'rolecontext_policy',
    type      => DBMS_PRIVILEGE_CAPTURE.g_role_and_context,
    roles     => role_name_list('DBA', 'EXP_FULL_DATABASE')
    condition => 'SYS_CONTEXT(''USERENV'', ''SESSION_USER'') = ''SYSTEM''');
END;

Other types available are …

  • g_database
  • g_role
  • g_context

Use the view DBA_PRIV_CAPTURES to view details on existing privilege capture policies.

Enable Policy

BEGIN
  DBMS_PRIVILEGE_CAPTURE.enable_capture('rolecontext_policy');
END;

Disable Policy

After a few days have passed you must disable the capture before you can see the results 

BEGIN
  DBMS_PRIVILEGE_CAPTURE.disable_capture('rolecontext_policy');
END;

Generate Results

BEGIN
  DBMS_PRIVILEGE_CAPTURE.generate_result('rolecontext_policy');
END;

The following views can now be used to see the results …

  • DBA_USED_SYSPRIVS
  • DBA_USED_SYSPRIVS_PATH
  • DBA_USED_OBJPRIVS
  • DBA_USED_OBJPRIVS_PATH
privilegeanalysis.1438073693.txt.gz · Last modified: 2025/03/08 22:23 (external edit)