MINI MINI MANI MO
<?xml version="1.0"?>
<!--
Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
NAME
kutsrole.xsl
DESCRIPTION
XSLT stylesheet for XML => DDL conversion of the following ADTs:
ku$_xsrole_t - RAS roles
ku$_xsrole_grant_t - RAS dynamic roles
ku$_xsgrant_t - RAS privilege grants
NOTES
Do NOT modify this file under any circumstance. Copy the file
if you wish to use this stylesheet with an external XML/XSL parser
MODIFIED MM/DD/YY
rapayne 10/14/14 - bug 20164836 - support RAS schema level policy
enhancements txn, yanlili_schemapolicyadm
bwright 08/21/13 - Bug 17312600: Remove hard tabs from DP src code
rapayne 10/03/12 - support mixed case names.
rapayne 10/24/11 - change ROLE_NAME to NAME
rapayne 08/31/11 - Triton rename to Real Application Security (RAS).
Object names will be changed from TS_* to XS_*.
rapayne 07/17/10 - Creation
-->
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<!-- Import required scripts -->
<xsl:import href="kucommon.xsl"/>
<!-- Top-level parameters -->
<xsl:param name="PRETTY">1</xsl:param>
<xsl:param name="SQLTERMINATOR">1</xsl:param>
<!-- params for parse -->
<xsl:param name="PRS_DDL">0</xsl:param>
<xsl:param name="PRS_DELIM">\{]`</xsl:param>
<xsl:param name="PRS_VERB">0</xsl:param>
<xsl:param name="PRS_OBJECT_TYPE">0</xsl:param>
<xsl:param name="PRS_SCHEMA">0</xsl:param>
<xsl:param name="PRS_NAME">0</xsl:param>
<xsl:param name="PRS_GRANTEE">0</xsl:param>
<xsl:param name="PRS_GRANTOR">0</xsl:param>
<xsl:param name="PRS_BASE_OBJECT_SCHEMA">0</xsl:param>
<xsl:param name="PRS_BASE_OBJECT_NAME">0</xsl:param>
<xsl:param name="PRS_BASE_OBJECT_TYPE">0</xsl:param>
<xsl:template match="XS_ROLE_T">
<!-- *******************************************************************
Template: XS_ROLE_T
Description: top-level template for Triton Security Roles
(XS_ROLE_T objects).
Calls callCreateRole to generate anonymous PL/SQL block which calls
apropriate Triton Security API (i.e., xs_principal.create_role()
to create Triton Role.
******************************************************************** -->
<xsl:call-template name="DoParse">
<xsl:with-param name="Verb">CREATE</xsl:with-param>
<xsl:with-param name="ObjectType">XS_ROLE</xsl:with-param>
<xsl:with-param name="NameNode" select="NAME"/>
</xsl:call-template>
<!-- Note: somehow there is a space being displayed which
screws up the identation. So, realign things with a newline
-->
<xsl:text>
</xsl:text>
<xsl:call-template name="callCreateRole">
<xsl:with-param name="role" select="XS_OBJ/NAME"/>
<xsl:with-param name="schema" select="SCHEMA"/>
<xsl:with-param name="prinNode" select="XS_OBJ/XS_PRIN"/>
</xsl:call-template>
</xsl:template>
<xsl:template match="XS_ROLE_GRANT_T">
<xsl:call-template name="DoParse">
<xsl:with-param name="Verb">CREATE</xsl:with-param>
<xsl:with-param name="ObjectType">XS_ROLE_GRANT</xsl:with-param>
<xsl:with-param name="NameNode" select="NAME"/>
</xsl:call-template>
<!-- hack - somehow there is a space being displayed which
screws up the identation. So, realign things with a newline
-->
<xsl:text>
</xsl:text>
<xsl:text>BEGIN
 </xsl:text>
<xsl:text> xs_principal.grant_roles(grantee => </xsl:text>
<xsl:call-template name="TSQuoteObject">
<xsl:with-param name="Object" select="GRANTEE"/>
</xsl:call-template>
<xsl:text>, </xsl:text>
<xsl:text>
 role => </xsl:text>
<xsl:call-template name="TSQuoteObject">
<xsl:with-param name="Object" select="NAME"/>
</xsl:call-template>
<xsl:text>);</xsl:text>
<xsl:text>
</xsl:text>
<xsl:text>END;</xsl:text>
<xsl:if test="$SQLTERMINATOR=1">
<xsl:text>
</xsl:text>
<xsl:text>/</xsl:text>
</xsl:if>
</xsl:template>
<xsl:template name="callCreateRole">
<xsl:param name="role" select="''"/>
<xsl:param name="schema" select="''"/>
<xsl:param name="prinNode" select="''"/>
<!-- *******************************************************************
Template: callCreateRole - create roles and dynamic roles
Parameters:
role - name of role to create
schema - user is associated with a schema
prinNode - <XS_OBJ/XS_PRIN
******************************************************************** -->
<xsl:text>BEGIN
 </xsl:text>
<xsl:choose>
<xsl:when test="$prinNode/TYPE='1'">
<xsl:text>xs_principal.create_role(</xsl:text>
</xsl:when>
<xsl:otherwise>
<xsl:text>xs_principal.create_dynamic_role(</xsl:text>
</xsl:otherwise>
</xsl:choose>
<xsl:text>
 </xsl:text>
<xsl:text>name=></xsl:text>
<xsl:call-template name="TSQuoteObject">
<xsl:with-param name="Object" select="$role"/>
</xsl:call-template>
<!-- Generate ENABLE parameter is appropriate -->
<xsl:if test="$prinNode/ENABLE='1'">
<xsl:text>,</xsl:text>
<xsl:text>
 </xsl:text>
<xsl:text>enabled=>TRUE</xsl:text>
</xsl:if>
<!-- Generate DURATION parameter is appropriate -->
<xsl:if test="$prinNode/DURATION">
<xsl:text>,</xsl:text>
<xsl:text>
 </xsl:text>
<xsl:text>duration=></xsl:text>
<xsl:value-of select="$prinNode/DURATION"/>
</xsl:if>
<!-- Process START_DATE and END_DATE if present -->
<xsl:call-template name="XSDateArgs">
<xsl:with-param name="startDate" select="$prinNode/START_DATE"/>
<xsl:with-param name="endDate" select="$prinNode/END_DATE"/>
</xsl:call-template>
<!-- Generate Role SCOPE:
0 = SESSION_SCOPE (default)
1 = REQUEST_SCOPE
-->
<xsl:if test="$prinNode/SCOPE and $prinNode/SCOPE='1'">
<xsl:text>,
 </xsl:text>
<xsl:text>scope=>XS_PRINCIPAL.REQUEST_SCOPE</xsl:text>
</xsl:if>
<!-- Generate DESCRIPTION parameter is appropriate -->
<xsl:if test="$prinNode/DESCRIPTION">
<xsl:text>,
 </xsl:text>
<xsl:text>description=></xsl:text>
<xsl:call-template name="SingleQuotedName">
<xsl:with-param name="NameNode" select="$prinNode/DESCRIPTION"/>
</xsl:call-template>
</xsl:if>
<!-- Close arglist for CREATE_ROLE call and process GRANTS-->
<xsl:text>);</xsl:text>
<xsl:text>
</xsl:text>
<xsl:text>END;</xsl:text>
<xsl:if test="$SQLTERMINATOR=1">
<xsl:text>
</xsl:text>
<xsl:text>/</xsl:text>
</xsl:if>
</xsl:template>
<!-- Template match for RAS Schema Level privilege grants -->
<xsl:template match="XS_GRANT_T">
<!-- *******************************************************************
Template: XS_GRANT_T
Description: top-level template for Triton Security GRANTs (XS_GRANT_T objects).
Generate an api call into xs_admin_util package to grant a RAS
admin priv to a specific schema ( see admin/xsutil.sql for
xs_admin_util package definition).
******************************************************************** -->
<xsl:call-template name="DoParse">
<xsl:with-param name="Verb">CREATE</xsl:with-param>
<xsl:with-param name="ObjectType">XS_GRANT</xsl:with-param>
<xsl:with-param name="NameNode" select="NAME"/>
<xsl:with-param name="Grantee" select="GRANTEE"/>
</xsl:call-template>
<xsl:call-template name="doGrantPriv"/>
</xsl:template>
<xsl:template name="doGrantPriv">
<!-- *******************************************************************
Template: doGrantPriv
Description: This template generates an api call into xs_admin_util package
to grant a RAS admin priv to a specific schema (see admin/xsutil.sql):
PROCEDURE grant_system_privilege(
priv_name IN VARCHAR2, : admin priv to grant
user_name IN VARCHAR2, : grantee
user_type IN PLS_INTEGER := XS_ADMIN_UTIL.PTYPE_DB,
schema IN VARCHAR2 := NULL); : schema to whom priv user can affect
******************************************************************** -->
<xsl:text>BEGIN</xsl:text>
<xsl:text>
 </xsl:text>
<xsl:text>xs_admin_util.grant_system_privilege(</xsl:text>
<xsl:text>
 </xsl:text>
<xsl:text> priv_name=></xsl:text>
<xsl:call-template name="SingleQuotedName">
<xsl:with-param name="NameNode" select="NAME"/>
</xsl:call-template>
<xsl:text>
 </xsl:text>
<xsl:text>,user_name=></xsl:text>
<xsl:call-template name="SingleQuotedName">
<xsl:with-param name="NameNode" select="GRANTEE"/>
</xsl:call-template>
<!-- see admin/xsutil.sql
PTYPE_XS := 1
PTYPE_DB := 2 (default)
PTYPE_DN := 3
PTYPE_EXTERNAL := 4
-->
<xsl:choose>
<xsl:when test="USER_TYPE='1'">
<xsl:text> 
 ,user_type=>xs_admin_util.ptype_xs</xsl:text>
</xsl:when>
<xsl:when test="USER_TYPE='2'">
<xsl:text> 
 ,user_type=>xs_admin_util.ptype_db</xsl:text>
</xsl:when>
<xsl:when test="USER_TYPE='3'">
<xsl:text> 
 ,user_type=>xs_admin_util.ptype_dn</xsl:text>
</xsl:when>
<xsl:when test="USER_TYPE='4'">
<xsl:text> 
 ,user_type=>xs_admin_util.ptype_external</xsl:text>
</xsl:when>
</xsl:choose>
<xsl:text>
 </xsl:text>
<xsl:text>,schema=></xsl:text>
<xsl:call-template name="SingleQuotedName">
<xsl:with-param name="NameNode" select="SCHEMA"/>
</xsl:call-template>
<xsl:text>);</xsl:text>
<xsl:text>
</xsl:text>
<xsl:text>END;</xsl:text>
<xsl:if test="$SQLTERMINATOR=1">
<xsl:text>
</xsl:text>
<xsl:text>/</xsl:text>
</xsl:if>
</xsl:template>
</xsl:stylesheet>
OHA YOOOO