Oracle Database: Advanced PL/SQL — Question 43

Which three are true regarding code based access control (CBAC)? (Choose three.)

Answer options

• A. In a multitenant environment, the DELEGATE option of CBAC cannot be used.
• B. CBAC roles can be granted to a program unit only if they are directly granted to its owner.
• C. CBAC roles can be granted to a program unit only if they are the predefined roles automatically defined by the standard scripts as part of database creation.
• D. You can use CBAC to attach database roles to a PL/SQL function or procedure only.
• E. In CBAC, the ADMIN and DELEGATE options cannot both be granted to the same user.
• F. You can use CBAC to attach database roles to a PL/SQL function, procedure, or package.
• G. CBAC cannot be used to secure definer's rights.

Correct answer: B, E, F

Explanation

The correct answers B, E, and F accurately reflect the limitations and capabilities of CBAC. B is correct because CBAC roles must be granted to the owner before they can be assigned to a program unit. E is true as both ADMIN and DELEGATE options cannot be granted to the same user to maintain security boundaries. F is correct since CBAC can indeed attach roles to functions, procedures, or packages, while the other options either misstate the functionalities of CBAC or are incorrect in their assertions.