The DBMS_XSTREAM_AUTH package provides subprograms for granting privileges to and revoking privileges from XStream administrators.
This chapter contains the following topic:
See Also:
This package provides subprograms for granting privileges to XStream administrators and revoking privileges from XStream administrators.
Security on this package can be controlled by either granting EXECUTE on this package to selected users or roles, or by granting EXECUTE_CATALOG_ROLE to selected users or roles.
The user executing the subprograms in the DBMS_XSTREAM_AUTH package must have SYSDBA administrative privilege, and the user must exercise the privilege using AS SYSDBA at connect time.
If subprograms in the package are run from within a stored procedure, then the user who runs the subprograms must be granted EXECUTE privilege on the package directly. It cannot be granted through a role.
To ensure that the user who runs the subprograms in this package has the necessary privileges, connect as an administrative user who can create users, grant privileges, and create tablespaces when using this package.
This table lists the DBMS_XSTREAM_AUTH subprograms and briefly describes them.
Table 210-1 DBMS_XSTREAM_AUTH Package Subprograms
| Subprogram | Description | 
|---|---|
| Either grants the privileges needed by a user to be an XStream administrator directly, or generates a script that grants these privileges | |
| Enables a remote XStream administrator to perform administrative actions at the local database by connecting to the grantee using a database link | |
| Either revokes XStream administrator privileges from a user directly, or generates a script that revokes these privileges | |
| Disables a remote XStream administrator from performing administrative actions by connecting to the grantee using a database link | 
Note:
All subprograms commit unless specified otherwise.
This procedure either grants the privileges needed by a user to be an XStream administrator directly, or generates a script that grants these privileges.
See Also:
Syntax
DBMS_XSTREAM_AUTH.GRANT_ADMIN_PRIVILEGE( grantee IN VARCHAR2, privilege_type IN VARCHAR2 DEFAULT '*', grant_select_privileges IN BOOLEAN DEFAULT FALSE, do_grants IN BOOLEAN DEFAULT TRUE, file_name IN VARCHAR2 DEFAULT NULL, directory_name IN VARCHAR2 DEFAULT NULL grant_optional_privileges IN VARCHAR2 DEFAULT NULL, container IN VARCHAR2 DEFAULT 'CURRENT');
Parameters
Table 210-2 GRANT_ADMIN_PRIVILEGE Procedure Parameters
| Parameter | Description | 
|---|---|
| 
 | The user to whom privileges are granted | 
| 
 | Specify one of the following values: 
 | 
| 
 | If  If  
 | 
| 
 | If  If  You specify  | 
| 
 | The name of the file generated by the procedure. The file contains all of the statements that grant the privileges. If a file with the specified file name exists in the specified directory name, then the grant statements are appended to the existing file. If  | 
| 
 | The directory into which the generated file is placed. The specified directory must be a directory object created using the SQL statement  If  If  | 
| 
 | A comma-separated list of optional privileges to grant to the grantee, such as the  | 
| 
 | If  If  If a container name, then grants privileges to the grantee only in the specified container. To specify root, use  Note: This parameter only applies to CDBs. | 
Usage Notes
The user who runs the procedure must be an administrative user who can grant privileges to other users.
Specifically, the procedure grants the following privileges to the specified user:
The RESTRICTED SESSION system privilege
EXECUTE on the following packages:
DBMS_APPLY_ADM
DBMS_AQ
DBMS_AQADM
DBMS_AQIN
DBMS_AQELM
DBMS_CAPTURE_ADM
DBMS_FLASHBACK
DBMS_LOCK
DBMS_PROPAGATION_ADM
DBMS_RULE_ADM
DBMS_STREAMS_ADM
DBMS_STREAMS_ADVISOR_ADM
DBMS_STREAMS_HANDLER_ADM
DBMS_STREAMS_MESSAGING
DBMS_TRANSFORM
DBMS_XSTREAM_ADM
Privileges to enqueue messages into and dequeue messages from any queue
Privileges to manage any queue
Privileges to create, alter, and execute any of the following types of objects in the user's own schema and in other schemas:
Evaluation contexts
Rule sets
Rules
In addition, the grantee can grant these privileges to other users.
SELECT_CATALOG_ROLE
SELECT or READ privilege on data dictionary views related to XStream and Oracle Streams
The ability to allow a remote XStream administrator to perform administrative actions through a database link by connecting to the grantee
This ability is enabled by running the GRANT_REMOTE_ADMIN_ACCESS procedure in this package.
Note:
To view all of the statements run by the procedure in detail, you can use the procedure to generate a script and then view the script in a text editor.
This procedure grants only the privileges necessary to configure and administer an XStream environment. You can grant additional privileges to the grantee if necessary.
See Also:
Oracle Database SQL Language Reference for information about the CREATE DIRECTORY SQL statement
This procedure enables a remote XStream administrator to perform administrative actions at the local database by connecting to the grantee using a database link.
Syntax
DBMS_XSTREAM_AUTH.GRANT_REMOTE_ADMIN_ACCESS( grantee IN VARCHAR2);
Parameters
Table 210-3 GRANT_REMOTE_ADMIN_ACCESS Procedure Parameter
| Parameter | Description | 
|---|---|
| 
 | The user who allows remote access. The procedure adds the grantee to the  | 
Usage Notes
Typically, you run the procedure and specify a grantee at a local source database if a downstream capture process captures changes originating at the local source database. The XStream administrator at a downstream capture database administers the source database using this connection.
Note:
The GRANT_ADMIN_PRIVILEGE procedure in this package runs this procedure.
See Also:
This procedure either revokes XStream administrator privileges from a user directly, or generates a script that revokes these privileges.
Syntax
DBMS_XSTREAM_AUTH.REVOKE_ADMIN_PRIVILEGE( grantee IN VARCHAR2, privilege_type IN VARCHAR2 DEFAULT '*', revoke_select_privileges IN BOOLEAN DEFAULT FALSE, do_revokes IN BOOLEAN DEFAULT TRUE, file_name IN VARCHAR2 DEFAULT NULL, directory_name IN VARCHAR2 DEFAULT NULL revoke_optional_privileges IN VARCHAR2 DEFAULT NULL, container IN VARCHAR2 DEFAULT 'CURRENT');
Parameters
Table 210-4 REVOKE_ADMIN_PRIVILEGE Procedure Parameters
| Parameter | Description | 
|---|---|
| 
 | The user from whom privileges are revoked | 
| 
 | Specify one of the following values: 
 | 
| 
 | If  If  
 | 
| 
 | If  If  You specify  | 
| 
 | The name of the file generated by this procedure. The file contains all of the statements that revoke the privileges. If a file with the specified file name exists in the specified directory name, then the revoke statements are appended to the existing file. If  | 
| 
 | The directory into which the generated file is placed. The specified directory must be a directory object created using the SQL statement  If the  If  | 
| 
 | A comma-separated list of optional privileges to revoke from the grantee, such as the  | 
| 
 | If  If  If a container name, then revokes privileges from the grantee only in the specified container. To specify root, use  Note: This parameter only applies to CDBs. | 
Usage Notes
The user who runs this procedure must be an administrative user who can revoke privileges from other users. Specifically, this procedure revokes the privileges granted by running the GRANT_ADMIN_PRIVILEGE procedure in this package.
Note:
To view all of the statements run by this procedure in detail, you can use the procedure to generate a script and then view the script in a text editor.
See Also:
Oracle Database SQL Language Reference for information about the CREATE DIRECTORY SQL statement
This procedure disables a remote XStream administrator from performing administrative actions by connecting to the grantee using a database link.
Note:
The REVOKE_ADMIN_PRIVILEGE procedure in this package runs this procedure.
See Also:
Syntax
DBMS_XSTREAM_AUTH.REVOKE_REMOTE_ADMIN_ACCESS( grantee IN VARCHAR2);
Parameters
Table 210-5 REVOKE_REMOTE_ADMIN_ACCESS Procedure Parameter
| Parameter | Description | 
|---|---|
| 
 | The user for whom access from a remote XStream administrator is disabled. If a row for the grantee exists in the  If no row for the grantee exists in the  |