1. RULE_SET概念
规则集(RULE_SET)是由多个规则组成(RULE),当所有的规则为TRUE时,规则集才为TRUE。规则集为访问Realm内的业务对象,或执行Command rule定义的命令时进行条件限制。
2. 创建、删除RULE_SET
目的:测试alertsystem命令只允许在服务器上操作,不允许远程客户端操作
创建rule_set(规则集)
begin
DVSYS.DBMS_MACADM.CREATE_RULE_SET(
rule_set_name =>'Access_From_Local',
description => 'limit altersystem operation only from local',
enabled => 'Y',
eval_options => DVSYS.DBMS_MACUTL.g_ruleset_eval_all, -- 全部为真
audit_options =>DVSYS.DBMS_MACUTL.g_ruleset_audit_fail, -- 失败时审计
fail_options => DVSYS.DBMS_MACUTL.g_ruleset_fail_show, -- 显示错误消息
fail_message => 'RestrictedCommand', -- 错误消息
fail_code => -20001,
handler_options => 0,
handler => null);
commit;
end;
/