Oracle DBMS_MACSEC
Version 26ai

General Information
Library Note Morgan's Library Page Header
The best Oracle News for FY2026

Oracle Database 26ai will be available on generic Linux platforms in January and soon on AIX and Windows
Purpose Contains functions that retrieve factor identities. After Oracle Database Vault installation, the install process locks the DVF account to enhance security.

When creating a new factor, Database Vault creates a new retrieval function for the factor owned by the DVF schema.
AUTHID DEFINER
Constants
Name Data Type Value
 General
G_SECURE_ROLE_AUDIT_CODE PLS_INTEGER 10006
Dependencies
DBMS_MACAUD FACTOR$ KZV$FAC_LIBT
DBMS_MACOLS GET_FACTOR OLS$POL
DBMS_MACSEC_RULES GET_FACTOR_LABEL ROLE$
DBMS_MACUTL GET_TRUST_LEVEL ROLE_IS_ENABLED
DBMS_STANDARD GET_TRUST_LEVEL_FOR_IDENTITY SESSION_CONTEXT
DV$RULE IDENTITY$ SET_FACTOR
DV$RULE_SET IS_SECURE_APPLICATION_ROLE  
Documented Yes
Exceptions
Error Code Reason
ORA-47301 Secure application role <role_name> is not found.
First Available Not Known
Security Model Owned by DVSYS with EXECUTE with no privileges granted
Source {ORACLE_HOME}/rdbms/admin/catmacp.sql
Subprograms
GET_FACTOR GET_TRUST_LEVEL ROLE_IS_ENABLED
GET_FACTOR_LABEL IS_SECURE_APPLICATION_ROLE SET_FACTOR
 
GET_FACTOR
Using the SYS_CONTEXT function, returns the value of a factor. Will return the value cached in the context if the eval_option is set for evaluate on session. dbms_macsec.get_factor(p_factor IN VARCHAR2) RETURN VARCHAR2;
col get_expr format a60

SELECT name, get_expr
FROM dvsys.factor$
ORDER BY 1;

SELECT dvsys.dbms_macsec.get_factor('Database_IP');

DVSYS.DBMS_MACSEC.GET_FACTOR('DATABASE_IP')
--------------------------------------------
FE80::C905:8BD8:A1EC:ECB9%2

SELECT dvsys.dbms_macsec.get_factor('Machine');

DVSYS.DBMS_MACSEC.GET_FACTOR('MACHINE')
----------------------------------------
localhost.localdomain
 
GET_FACTOR_LABEL
Returns the Factor label dbms_macsec.get_factor_label(
p_factor      IN VARCHAR2,
p_policy_name IN VARCHAR2)
RETURN VARCHAR2;
TBD
 
GET_TRUST_LEVEL
Returns the Trust Level of a Factor

Overload 1		 dbms_macsec.get_trust_level(p_factor IN VARCHAR2) RETURN NUMBER;
SELECT dvsys.dbms_macsec.get_trust_level('Authentication_Method');

DVSYS.DBMS_MACSEC.GET_TRUST_LEVEL('AUTHENTICATION_METHOD')
----------------------------------------------------------
                                                         1
Returns the Trust Level of a Factor Identity

Overload 2		 dbms_macsec.get_trust_level(
p_factor   IN VARCHAR2,
p_identity IN VARCHAR2)
RETURN NUMBER;
TBD
 
IS_SECURE_APPLICATION_ROLE
Returns TRUE if given role is a secure application role dbms_macsec.is_secure_application_role(p_role VARCHAR2) RETURN BOOLEAN;
BEGIN
  IF dvsys.dbms_macsec.is_secure_application_role('DBA') THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
F
 
ROLE_IS_ENABLED
Returns TRUE if a Secure Application Role is enabled for use, else FALSE

Note, in the demo at right, you must create a DVSYS role to use this. Standard Oracle Database roles are not the focus of this package.		 dbms_macsec.role_is_enabled(p_role IN VARCHAR2) RETURN BOOLEAN;
SELECT role FROM dvsys.role$;

no rows selected

BEGIN
  IF dvsys.dbms_macsec.role_is_enabled('DBA') THEN
    dbms_output.put_line('F');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
*
ORA-47301: Secure application role DBA is not found.
 
SET_FACTOR
 Sets the value of a Factor (if allowed by the assignment Rule Set) dbms_macsec.set_factor(
p_factor IN VARCHAR2,
p_value  IN VARCHAR2);
TBD

Related Topics
Built-in Functions
Built-in Packages
CONFIGURE_DV_INTERNAL
DBMS_MACAUD
DBMS_MACOLS_SESSION
DBMS_MACOUT
DBMS_MACSEC_FUNCTION
DBMS_MACSEC_ROLES
DBMS_MACSEC_RULES
EVENT
OLS_ENFORCEMENT
OLS$DATAPUMP
What's New In 21c
What's New In 26ai

Morgan's Library Page Footer
This site is maintained by Daniel Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2026 Daniel A. Morgan All Rights Reserved