The following DQL will retrieve all permission sets with the permission set names (object_name), accessor names (r_accessor_name), basic (r_accessor_permit) and extended permissions (r_accessor_xpermit). The object_name and r_accessor_name values are self-explanatory and human-readable.
select object_name, r_accessor_name, r_accessor_permit, r_accessor_xpermit from dm_acl order by object_name
The r_accessor_permit and r_accessor_xpermit values are however, integer values to be decoded. The r_accessor_permit can be decoded against this table (also available in Object Reference Manual).
0, for NULL
1, for None
2, for Browse
3, for Read
4, for Relate
5, for Version
6, for Write
7, for Delete
For r_accessor_xpermit, it is more complicated. The integer values are integer and has to be converted into binary before translating into the descriptions.
The first 16 bits (two bytes) represent the basic permissions for backward compatibility. The first 16 bits are valued with 0 as ON. The second 16 bits (two bytes) uses 1 to indicate that the permission is ON. The bit locations of the permissions are:
execute_proc = 1
change_location = 2
change_state = 17
change_permit = 18
change_owner = 19
- The r_accessor_xpermit is 393216.
- Change it to binary, you will get the following: 0000000000000110 0000000000000000
- Bits 1 and 2 are 0, means ON, hence, execute_proc and change_location are set.
- Bits 18 and 19 are ON, meaning change_permit and change_owner are granted too.