The Database Vault solution allows to create rules that manage access to database. Among these rules there is what is called in Database Vault “Rule Sets”. These logic components are written as PL/SQL functions to return Boolean results. If rule expressions do not match the user context, the access is refused and a specific message can be configured in order to warn the user that he is not authorized to access this specific object. These expressions can be for instance related to the client IP address, the session username, the time or date and many other things.
During one of my missions I had to configure Database Vault Rule Set in order to prevent access from specific IP adresses and specific session username. For each rule set the database vault administrator (me ;-)) have to specify a name. In my case I decided to use an explicit name such as “Security Rule set for manager group”. You can find a typical Rule Set definition screen below:
Unfortunately, some minutes after having implemented this rule set, some users complain about an error message looking like this:
SQL> select * from toto.ow_frm_plant; select * from toto.ow_frm_plant Error on line 1 : ORA-03113: end-of-file on communication channel Processus IS: 29976 Session ID : 32, Serial Number : 271
In fact this error was coming from my rule set name. Despite the fact that name field in rule set form offers the possibility to use many characters (more than 32), the maximum length of a rule set name is 31 characters.
Therefore, a Rule Set name looking like “Security Rule Set test with lon” won’t generate an ORA-03113 error, but a Rule Set name looking like “Security Rule Set test with long” will generate an ORA-03113.
The following screen presents a correct rule set name with less than 32 characters and the normal rule set error message:
The error Database Vault error message (in this example “My Error Message”) will be displayed below as expected:
SQL> select * from toto.ow_frm_plant select * from toto.ow_frm_plant ERROR on line 1:ORA-47305:20003 My error message
Hope this helps!