SecurityClass

Rem Rem $Header: rdbms/admin/xsu102.sql /main/22 2009/01/29 11:22:18 yiru Exp $ Rem Rem xsu102.sql Rem Rem Copyright (c) 2006, 2008, Oracle and/or its affiliates. Rem All rights reserved. Rem Rem NAME Rem xsu102.sql - Upgrade script for Fusion Security Rem Rem DESCRIPTION Rem Rem Rem NOTES Rem Rem Rem MODIFIED (MM/DD/YY) Rem yiru 12/10/08 - Fixup: create xs$principals table after the new Rem the new schema is registered and misc. fixups Rem sidicula 01/10/08 - Grants to dba, system Rem rburns 11/05/07 - fixup re-run errors Rem rburns 10/02/07 - add 11g upgrade Rem jsamuel 01/25/07 - Call xszxsu102 for changes on XS project branch Rem mhho 02/28/07 - remove extra space from resolve privilege Rem pknaggs 11/07/06 - Remove principal targetNamespace (bug 5632273) Rem taahmed 10/30/06 - bug-5479794 Rem pthornto 10/09/06 - move VIEW creations to xsrelod.sql Rem pthornto 09/19/06 - use flat files for schema defns Rem pknaggs 09/26/06 - Register securityClass as CSX (bug 5404947) Rem taahmed 09/13/06 - Rem pknaggs 09/08/06 - Add [ALL|USER|DBA]_XDS_ATTRIBUTE_SECS views Rem pknaggs 09/05/06 - Remove DSD attribute_mask element Rem pknaggs 08/02/06 - Make DSD baseSecurityClass optional Rem pknaggs 07/19/06 - Change DSD to use CSX Rem mhho 08/31/06 - create xs$null user Rem jnarasin 08/31/06 - Privilege and proxy user changes Rem srirasub 08/27/06 - bug-5487336 - binary xml principal schema Rem taahmed 08/14/06 - xsguest user and xsauthenticated role Rem mhho 08/18/06 - add apps_feature to global_var namespace Rem mxu 08/03/06 - Remove grant_type Rem taahmed 06/22/06 - added title, description, and any for datasec doc Rem rpang 06/27/06 - add PL/SQL network ACL security objects Rem mhho 06/15/06 - modify to include new views Rem rmurthy 05/30/06 - removed xlink.xsd, rename document_links Rem pthornto 05/11/06 - mid tier cache stuff Rem petam 04/10/06 - Created Rem Rem ====================================================================== Rem BEGIN XS upgrade from 10.2.0 Rem ====================================================================== Rem Create resources if they do not exist DECLARE result BOOLEAN; BEGIN if (NOT DBMS_XDB.existsResource('/sys/xs')) then result := dbms_xdb.createFolder('/sys/xs'); end if; if (NOT DBMS_XDB.existsResource('/sys/xs/securityclasses')) then result := dbms_xdb.createFolder('/sys/xs/securityclasses'); end if; if (NOT DBMS_XDB.existsResource('/sys/xs/roles')) then result := dbms_xdb.createFolder('/sys/xs/roles'); end if; if (NOT DBMS_XDB.existsResource('/sys/xs/users')) then result := dbms_xdb.createFolder('/sys/xs/users'); end if; END; / Rem Register Data Security Documents schema declare DSDURL varchar2(100) := 'http://xmlns.oracle.com/xs/dataSecurity.xsd'; c number; DSDXSD BFILE := dbms_metadata_hack.get_bfile('xsdatasec.xsd'); begin select count(*) into c from xdb.xdb$schema s where s.xmldata.schema_url =DSDURL; if c = 0 then dbms_xmlschema.registerSchema( schemaurl => DSDURL, schemadoc => DSDXSD, local => FALSE, GENTYPES => FALSE, GENTABLES => TRUE, owner => 'XDB', options => DBMS_XMLSCHEMA.REGISTER_BINARYXML); end if; end; / Rem Register sys_acloid column schema declare AIDURL varchar2(100) := 'http://xmlns.oracle.com/xs/aclids.xsd'; c number; AIDXSD BFILE := dbms_metadata_hack.get_bfile('xsaclids.xsd'); begin select count(*) into c from xdb.xdb$schema s where s.xmldata.schema_url =AIDURL; if c = 0 then xdb.dbms_xmlschema.registerSchema(AIDURL, AIDXSD, FALSE, FALSE, FALSE, FALSE, FALSE, 'XDB'); end if; end; / Rem Register principal schema declare c number; PRINCIPALXSD BFILE := dbms_metadata_hack.get_bfile('xsprin.xsd'); stmt varchar2(2000); begin select count(*) into c from xdb.xdb$schema s where s.xmldata.schema_url ='http://xmlns.oracle.com/xs/principal.xsd'; if c = 0 then dbms_xmlschema.registerSchema('http://xmlns.oracle.com/xs/principal.xsd', PRINCIPALXSD,owner=>'XDB', local=>FALSE,GENTYPES=>FALSE,GENTABLES=>FALSE, OPTIONS=>DBMS_XMLSCHEMA.REGISTER_BINARYXML); stmt := ' create table XDB.XS$PRINCIPALS of XMLType XMLType xmlschema "http://xmlns.oracle.com/xs/principal.xsd" element "principal"'; execute immediate stmt; end if; end; / --select count(*) from xdb.xs$principals; --create table XDB.XS$PRINCIPALS of XMLType XMLType xmlschema "http://xmlns.oracle.com/xs/principal.xsd" element "principal"; --sanity check --SELECT t.prin_path, r.any_path acl_path, t.acloid, t.uuid -- FROM -- (SELECT r.any_path prin_path, extractValue(r.res,'/Resource/ACLOID') acloid, extractValue(value(p),'/*/UID') uuid -- FROM xdb.xs$principals p, resource_view r -- WHERE ref(p) = extractvalue(r.RES, '/Resource/XMLRef') -- ) t, resource_view r --WHERE t.acloid = sys_op_r2o(extractValue(r.res, '/Resource/XMLRef')); declare c number; ROLESETXSD BFILE := dbms_metadata_hack.get_bfile('xsroleset.xsd'); begin select count(*) into c from xdb.xdb$schema s where s.xmldata.schema_url ='http://xmlns.oracle.com/xs/roleset.xsd'; if c = 0 then dbms_xmlschema.registerSchema('http://xmlns.oracle.com/xs/roleset.xsd', ROLESETXSD,owner=>'XDB', local=>FALSE,GENTYPES=>TRUE,GENTABLES=>TRUE); end if; end; / DECLARE c number; SECLASSXSD BFILE := dbms_metadata_hack.get_bfile('xsseccls.xsd'); SECLASSURL varchar2(100) := 'http://xmlns.oracle.com/xs/securityclass.xsd'; BEGIN select count(*) into c from xdb.xdb$schema s where s.xmldata.schema_url ='http://xmlns.oracle.com/xs/securityclass.xsd'; if c = 0 then DBMS_XMLSCHEMA.registerSchema( schemaurl => SECLASSURL, schemadoc => SECLASSXSD, owner =>'XDB', local => FALSE, options => DBMS_XMLSCHEMA.REGISTER_BINARYXML, GENTYPES => FALSE, GENTABLES => TRUE); end if; END; / DECLARE b BOOLEAN; BEGIN if (NOT DBMS_XDB.existsResource('/sys/xs/securityclasses/securityclass.xml')) then b := DBMS_XDB.createResource( '/sys/xs/securityclasses/securityclass.xml', ' SecurityClass

dav:dav

extend '); end if; END; / DECLARE b BOOLEAN; BEGIN if (NOT DBMS_XDB.existsResource('/sys/xs/securityclasses/baseSystemPrivileges.xml')) then b := DBMS_XDB.createResource( '/sys/xs/securityclasses/baseSystemPrivileges.xml', ' Base System Privileges '); end if; END; / DECLARE b BOOLEAN; BEGIN if (NOT DBMS_XDB.existsResource('/sys/xs/securityclasses/baseDavPrivileges.xml')) then b := DBMS_XDB.createResource( '/sys/xs/securityclasses/baseDavPrivileges.xml', ' Base DAV Privileges '); end if; END; / DECLARE b BOOLEAN; BEGIN if (NOT DBMS_XDB.existsResource('/sys/xs/securityclasses/systemPrivileges.xml')) then b := DBMS_XDB.createResource( '/sys/xs/securityclasses/systemPrivileges.xml', ' System Privileges

xdb:baseSystemPrivileges

dav:baseDav

'); end if; END; / DECLARE b BOOLEAN; BEGIN if (NOT DBMS_XDB.existsResource('/sys/xs/securityclasses/dav.xml')) then b := DBMS_XDB.createResource( '/sys/xs/securityclasses/dav.xml', ' DAV privileges

xdb:systemPrivileges

'); end if; END; / declare tmp boolean := false; begin if (NOT DBMS_XDB.existsResource('/sys/xs/securityclasses/principalsc.xml')) then tmp := DBMS_XDB.CreateResource('/sys/xs/securityclasses/principalsc.xml', ' PrincipalSecurityClass

dav:dav

Create a Light Weight User Session Terminate a Light Weight User Session Attach to a Light Weight User Session Modify contents of a Light Weight User Session Switch User of a Light Weight User Session Assign User to an anonymous Light Weight User Session Create/Delete/Change properties of Namespaces. Set a Light Weight User Session Attribute Read value of a Light Weight User Session Attribute '); end if; end; / Rem Add the xspublic role declare tmp boolean := false; begin if (NOT DBMS_XDB.existsResource('/sys/xs/roles/xspublic.xml')) then tmp := DBMS_XDB.CreateResource('/sys/xs/roles/xspublic.xml', ' 2147483649 4B0F192BF5214F9BBF058025E8E23B89 xspublic '); end if; end; / Rem Add the xsauthenticated role declare tmp boolean := false; begin if (NOT DBMS_XDB.existsResource('/sys/xs/roles/xsauthenticated.xml')) then tmp := DBMS_XDB.CreateResource('/sys/xs/roles/xsauthenticated.xml', ' 2147483650 82B7C3CCBF794F2EBFAA4E8ED7A9AF30 xsauthenticated '); end if; end; / Rem Add the xsguest user declare tmp boolean := false; begin if (NOT DBMS_XDB.existsResource('/sys/xs/users/xsguest.xml')) then tmp := DBMS_XDB.CreateResource('/sys/xs/users/xsguest.xml', ' 2147483651 3ACB6B1172E54FF9BF70497B70C7B733 xsguest '); end if; end; / -- XS$CACHE_ACTIONS used by Mid-Tier Cache create table XDB.XS$CACHE_ACTIONS ( ROW_KEY NUMBER(1) UNIQUE, TIME_VAL TIMESTAMP(9) NOT NULL ); comment on table XDB.XS$CACHE_ACTIONS is 'Timestamps used for Mid-Tier-Cache object invalidation' / comment on column XDB.XS$CACHE_ACTIONS.ROW_KEY is 'Type of the TimeStamp value.' / comment on column XDB.XS$CACHE_ACTIONS.TIME_VAL is 'Timestamp associated with this key' / create or replace public synonym XS$CACHE_ACTIONS for XDB.XS$CACHE_ACTIONS; grant select on XS$CACHE_ACTIONS to public; Rem add seed values for this table insert into XDB.XS$CACHE_ACTIONS(ROW_KEY, TIME_VAL) values (1, systimestamp); insert into XDB.XS$CACHE_ACTIONS(ROW_KEY, TIME_VAL) values (2, systimestamp); insert into XDB.XS$CACHE_ACTIONS(ROW_KEY, TIME_VAL) values (3, systimestamp); insert into XDB.XS$CACHE_ACTIONS(ROW_KEY, TIME_VAL) values (4, systimestamp); insert into XDB.XS$CACHE_ACTIONS(ROW_KEY, TIME_VAL) values (9, systimestamp); Rem now create the Delete table create table XDB.XS$CACHE_DELETE ( ACLOID VARCHAR(32), SECCLS_QNAME VARCHAR2(4000), DEL_DATE TIMESTAMP NOT NULL ); create or replace public synonym XS$CACHE_DELETE for XDB.XS$CACHE_DELETE; grant select on XS$CACHE_DELETE to public; / Rem Create PL/SQL network ACL security tables, views -- dbmsnacl and prvtnacl.plb was moved to xsrelod.sql @@catnacl drop user XS$NULL cascade / create user XS$NULL identified by NO_PASSWORD / -- Explicit grants to DBA,System; "any" privileges arent enough for XDB tables. grant all on XDB.XS$DATA_SECURITY to dba; grant all on XDB.XS$PRINCIPALS to dba; grant all on XDB.XS$ROLESETS to dba; grant all on XDB.XS$SECURITYCLASS to dba; grant all on XDB.XS$DATA_SECURITY to system with grant option; grant all on XDB.XS$PRINCIPALS to system with grant option; grant all on XDB.XS$ROLESETS to system with grant option; grant all on XDB.XS$SECURITYCLASS to system with grant option; Rem ====================================================================== Rem END XS upgrade from 10.2.0 Rem ====================================================================== Rem ====================================================================== Rem BEGIN XS upgrade from subsequent releases Rem ====================================================================== @@xsu111.sql Rem ====================================================================== Rem END XS upgrade from subsequent releases Rem ======================================================================