Release 8.1.5
A68001-01
 Library |
 Product |
 Contents |
 Index |
| Oracle8i Supplied Packages Reference Release 8.1.5 A68001-01 |
|
DBMS_DISTRIBUTED_TRUST_ADMIN procedures maintain the Trusted Database List. It is used to define the databases that are (or are not) to be trusted.
To execute DBMS_DISTRIBUTED_TRUST_ADMIN, the EXECUTE_CATALOG_ROLE role must be granted to the DBA. To select from the view TRUSTED_SERVERS, the SELECT_CATALOG_ROLE role must be granted to the DBA.
It is important to know whether all servers are trusted or not trusted. Trusting a particular server with the ALLOW_SERVER procedure does not have any impact if the database already trusts all databases, or if that database is already trusted. Similarly, denying a particular server with the DENY_SERVER procedure does not have any effect if the database already doesn't trust any database or if that database is already untrusted.
The procedures DENY_ALL and ALLOW_ALL delete all entries (i.e. server names) that are explicitly allowed or denied using the ALLOW_SERVER procedure or DENY_SERVER procedure respectively.
| Subprogram | Description |
|---|---|
ALLOW_ALL procedure |
Empties the list, and inserts a row indicating that all servers should be untrusted. |
ALLOW_SERVER procedure |
Enables a specific server to be allowed access, even though |
DENY_ALL procedure |
Empties the list, and inserts a row indicating that all servers should be trusted. |
DENY_SERVER procedure |
Enables a specific server to be denied access, even though |
This procedure empties the Trusted Database List, and specifies that all servers trusted by the central authority, such as Oracle Security Server, are allowed access.
The view TRUSTED_SERVERS will show "TRUSTED ALL" indicating that all servers are currently trusted by the central authority, such as Oracle Security Server.
DBMS_DISTRIBUTED_TRUST_ADMIN.ALLOW_ALL;
None.
None.
ALLOW_ALL only applies to the servers listed as trusted at the Central Authority.
This procedure ensures that the specified server is considered trusted (even if you have previously specified "deny all").
DBMS_DISTRIBUTED_TRUST_ADMIN.ALLOW_SERVER ( server IN VARCHAR2);
| Parameter | Description |
|---|---|
server |
Unique, fully-qualified name of the server to be trusted. |
None.
If the Trusted Servers List contains the entry "deny all", then this procedure adds a specification indicating that a specific database (for example, DBx) is to be trusted.
If the Trusted Servers List contains the entry "allow all", and if there is no "deny DBx" entry in the list, then executing this procedure causes no change.
If the Trusted Servers List contains the entry "allow all", and if there is a "deny DBx" entry in the list, then that entry is deleted.
This procedure enables a specific server to be allowed access, even though deny all is indicated in the list.
The view TRUSTED_SERVERS will show "UNTRUSTED ALL" indicating that no servers are currently trusted.
DBMS_DISTRIBUTED_TRUST_ADMIN.DENY_ALL;
None.
None.
This procedure ensures that the specified server is considered untrusted (even if you have previously specified "allow all").
DBMS_DISTRIBUTED_TRUST_ADMIN.DENY_SERVER ( server IN VARCHAR2);
| Parameter | Description |
|---|---|
server |
Unique, fully-qualified name of the server to be untrusted. |
None.
If the Trusted Servers List contains the entry "allow all", then this procedure adds an entry indicating that the specified database (for example, DBx) is not to be trusted.
If the Trusted Servers List contains the entry "deny all", and if there is no "allow DBx" entry in the list, then this procedure causes no change.
If the Trusted Servers List contains the entry "deny all", and if there is an "allow DBx" entry, then this procedure causes that entry to be deleted.
If you have not yet used the package DBMS_DISTRIBUTED_TRUST_ADMIN to change trust, the default is that all servers defined in the Oracle Security Server are considered trusted:
SELECT * FROM TRUSTED_SERVERS; TRUST NAME --------- --------------------- Trusted All 1 row selected.
Because all servers are currently trusted, you can execute the DENY_SERVER procedure and specify that a particular server is not trusted:
EXECUTE DBMS_DISTRIBUTED_TRUST_ADMIN.DENY_SERVER ('SALES.US.AMERICAS.ACME_AUTO.COM'); Statement processed. SELECT * FROM TRUSTED_SERVERS; TRUST NAME --------- ----------------------------------------------- Untrusted SALES.US.AMERICAS.ACME_AUTO.COM 1 row selected
By executing the DENY_ALL procedure, you can choose to not trust any database server:
EXECUTE DBMS_DISTRIBUTED_TRUST_ADMIN.DENY_ALL; Statement processed. SELECT * FROM TRUSTED_SERVERS; TRUST NAME --------- ----------------------------------------------- Untrusted All 1 row selected.
The ALLOW_SERVER procedure can be used to specify that one particular database is to be trusted:
EXECUTE DBMS_DISTRIBUTED_TRUST_ADMIN.ALLOW_SERVER ('SALES.US.AMERICAS.ACME_AUTO.COM'); Statement processed. SELECT * FROM TRUSTED_SERVERS; TRUST NAME --------- ------------------------------------------------ Trusted SALES.US.AMERICAS.ACME_AUTO.COM 1 row selected.
