Contents
- Audience
- Documentation Accessibility
- Related Documentation
- Conventions
- 1.1 Computer Security and Data Access Controls
-
- 1.1.1 Oracle Label Security and Security Standards
- 1.1.2 Security Policies
- 1.1.3 Access Control
-
- 1.1.3.1 Discretionary Access Control
- 1.1.3.2 Oracle Label Security
- 1.1.3.3 How Oracle Label Security Works with Discretionary Access Control
- 1.2 Oracle Label Security Architecture
- 1.3 Features of Oracle Label Security
-
- 1.3.1 Overview of Oracle Label Security Policy Functionality
- 1.3.2 Oracle Enterprise Edition: VPD Technology
- 1.3.3 Oracle Label Security: An Out-of-the-Box VPD
- 1.3.4 Label Policy Features
-
- 1.3.4.1 Data Labels
- 1.3.4.2 Label Authorizations
- 1.3.4.3 Policy Privileges
- 1.3.4.4 Policy Enforcement Options
- 1.3.4.5 Summary: Four Aspects of Label-Based Row Access
- 1.4 Oracle Label Security Integration with Oracle Internet Directory
- 2.1 Introduction to Label-Based Security
- 2.2 Label Components
-
- 2.2.1 Label Component Definitions and Valid Characters
- 2.2.2 Levels
- 2.2.3 Compartments
- 2.2.4 Groups
- 2.2.5 Industry Examples of Levels, Compartments, and Groups
- 2.3 Label Syntax and Type
- 2.4 How Data Labels and User Labels Work Together
- 2.5 Administering Labels
- 3.1 Introducing Access Mediation
- 3.2 Understanding Session Label and Row Label
-
- 3.2.1 The Session Label
- 3.2.2 The Row Label
- 3.2.3 Session Label Example
- 3.3 Understanding User Authorizations
-
- 3.3.1 Authorizations Set by the Administrator
-
- 3.3.1.1 Authorized Levels
- 3.3.1.2 Authorized Compartments
- 3.3.1.3 Authorized Groups
- 3.3.2 Computed Session Labels
- 3.4 Evaluating Labels for Access Mediation
-
- 3.4.1 Introducing Read/Write Access
-
- 3.4.1.1 Difference Between Read and Write Operations
- 3.4.1.2 Propagation of Read/Write Authorizations on Groups
- 3.4.2 The Oracle Label Security Algorithm for Read Access
- 3.4.3 The Oracle Label Security Algorithm for Write Access
- 3.5 Using Oracle Label Security Privileges
-
- 3.5.1 Privileges Defined by Oracle Label Security Policies
- 3.5.2 Special Access Privileges
-
- 3.5.2.1 READ
- 3.5.2.2 FULL
- 3.5.2.3 COMPACCESS
- 3.5.2.4 PROFILE_ACCESS
- 3.5.3 Special Row Label Privileges
-
- 3.5.3.1 WRITEUP
- 3.5.3.2 WRITEDOWN
- 3.5.3.3 WRITEACROSS
- 3.5.4 System Privileges, Object Privileges, and Policy Privileges
- 3.5.5 Access Mediation and Views
- 3.5.6 Access Mediation and Program Unit Execution
- 3.5.7 Access Mediation and Policy Enforcement Options
- 3.6 Working with Multiple Oracle Label Security Policies
-
- 3.6.1 Multiple Oracle Label Security Policies in a Single Database
- 3.6.2 Multiple Oracle Label Security Policies in a Distributed Environment
- 4.1 The Policy Label Column and Label Tags
-
- 4.1.1 The Policy Label Column
-
- 4.1.1.1 Hiding the Policy Label Column
- 4.1.1.2 Example 1: Numeric Column Data Type (NUMBER)
- 4.1.1.3 Example 2: Numeric Column Data Type with Hidden Column
- 4.1.2 Label Tags
-
- 4.1.2.1 Manually Defining Label Tags to Order Labels
- 4.1.2.2 Manually Defining Label Tags to Manipulate Data
- 4.1.2.3 Automatically Generated Label Tags
- 4.2 Assigning Labels to Data Rows
- 4.3 Presenting the Label
-
- 4.3.1 Converting a Character String to a Label Tag, with CHAR_TO_LABEL
- 4.3.2 Converting a Label Tag to a Character String, with LABEL_TO_CHAR
-
- 4.3.2.1 LABEL_TO_CHAR Examples
- 4.3.2.2 Retrieving All Columns from a Table When the Policy Label Column Is Hidden
- 4.4 Filtering Data Using Labels
-
- 4.4.1 Using Numeric Label Tags in WHERE Clauses
- 4.4.2 Ordering Labeled Data Rows
- 4.4.3 Ordering by Character Representation of Label
- 4.4.4 Determining Upper and Lower Bounds of Labels
-
- 4.4.4.1 Finding Least Upper Bound with LEAST_UBOUND
- 4.4.4.2 Finding Greatest Lower Bound with GREATEST_LBOUND
- 4.4.5 Merging Labels with the MERGE_LABEL Function
- 4.5 Inserting Labeled Data
-
- 4.5.1 Inserting Labels Using CHAR_TO_LABEL
- 4.5.2 Inserting Labels Using Numeric Label Tag Values
- 4.5.3 Inserting Data Without Specifying a Label
- 4.5.4 Inserting Data When the Policy Label Column Is Hidden
- 4.5.5 Inserting Labels Using TO_DATA_LABEL
- 4.6 Changing Your Session and Row Labels with SA_SESSION
-
- 4.6.1 SA_SESSION Functions to Change Session and Row Labels
- 4.6.2 Changing the Session Label with SA_SESSION.SET_LABEL
- 4.6.3 Changing the Row Label with SA_SESSION.SET_ROW_LABEL
- 4.6.4 Restoring Label Defaults with SA_SESSION.RESTORE_DEFAULT_LABELS
- 4.6.5 Saving Label Defaults with SA_SESSION.SAVE_DEFAULT_LABELS
- 4.6.6 Viewing Session Attributes with SA_SESSION Functions
-
- 4.6.6.1 USER_SA_SESSION View to Return All Security Attributes
- 4.6.6.2 Functions to Return Individual Security Attributes
- 5.1 Introducing Label Management on Oracle Internet Directory
- 5.2 Configuring Oracle Internet Directory-Enabled Label Security
-
- 5.2.1 Granting Permissions for Configuring Oracle Internet Directory enabled Oracle Label Security
- 5.2.2 Registering a Database and Configuring Oracle Internet Directory enabled Oracle Label Security
-
- 5.2.2.1 Task 1 Configure Your Oracle Home for Directory Usage.
- 5.2.2.2 Task 2 Configure the Database for Oracle Internet Directory enabled Oracle Label Security
- 5.2.2.3 Alternate Method for Task 2, Configuring Database for Oracle Internet Directory enabled Oracle Label Security
- 5.2.2.4 Task3: Set the DIP Password and Connect Data
- 5.2.3 Unregistering a Database with Oracle Internet Directory enabled OLS
- 5.3 Removing Directory-enabled Oracle Label Security from Database
- 5.4 Oracle Label Security Profiles
- 5.5 Integrated Capabilities When Label Security Uses the Directory
- 5.6 Oracle Label Security Policy Attributes in Oracle Internet Directory
- 5.7 Restrictions on New Data Label Creation
- 5.8 Two Types of Administrators
- 5.9 Bootstrapping Databases
- 5.10 Synchronizing the Database and Oracle Internet Directory
-
- 5.10.1 Oracle Directory Integration and Provisioning (DIP) Provisioning Profiles
- 5.10.2 Disabling, Changing, and Enabling a Provisioning Profile
- 5.11 Security Roles and Permitted Actions
-
- 5.11.1 Restriction on Policy Creators for Directory-enabled Oracle Label Security
- 5.12 Superseded PL/SQL Statements
- 5.13 Procedures for Policy Administrators Only
- 6.1 Oracle Label Security Administrative Task Overview
-
- 6.1.1 Step 1: Create the Policy
- 6.1.2 Step 2: Define the Components of the Labels
- 6.1.3 Step 3: Identify the Set of Valid Data Labels
- 6.1.4 Step 4: Apply the Policy to Tables and Schemas
- 6.1.5 Step 5: Authorize Users
- 6.1.6 Step 6: Create and Authorize Trusted Program Units (Optional)
- 6.1.7 Step 7: Configure Auditing (Optional)
- 6.2 Organizing the Duties of Oracle Label Security Administrators
- 6.3 Choosing an Oracle Label Security Administrative Interface
-
- 6.3.1 Oracle Label Security Packages
-
- 6.3.1.1 Oracle Label Security Demonstration File
- 6.3.2 Oracle Policy Manager
- 6.4 Using the SA_SYSDBA Package to Manage Security Policies
-
- 6.4.1 Who Can Use the SA_SYSDBA Package
- 6.4.2 Who Can Administer a Policy
- 6.4.3 Valid Characters for Policy Specifications
- 6.4.4 Creating a Policy with SA_SYSDBA.CREATE_POLICY
- 6.4.5 Modifying Policy Options with SA_SYSDBA.ALTER_POLICY
- 6.4.6 Disabling a Policy with SA_SYSDBA.DISABLE_POLICY
- 6.4.7 Enabling a Policy with SA_SYSDBA.ENABLE_POLICY
- 6.4.8 Removing a Policy with SA_SYSDBA.DROP_POLICY
- 6.5 Using the SA_COMPONENTS Package to Define Label Components
-
- 6.5.1 Using Overloaded Procedures
- 6.5.2 Creating a Level with SA_COMPONENTS.CREATE_LEVEL
- 6.5.3 Modifying a Level with SA_COMPONENTS.ALTER_LEVEL
- 6.5.4 Removing a Level with SA_COMPONENTS.DROP_LEVEL
- 6.5.5 Creating a Compartment with SA_COMPONENTS.CREATE_COMPARTMENT
- 6.5.6 Modifying a Compartment with SA_COMPONENTS.ALTER_COMPARTMENT
- 6.5.7 Removing a Compartment with SA_COMPONENTS.DROP_COMPARTMENT
- 6.5.8 Creating a Group with SA_COMPONENTS.CREATE_GROUP
- 6.5.9 Modifying a Group with SA_COMPONENTS.ALTER_GROUP
- 6.5.10 Modifying a Group Parent with SA_COMPONENTS.ALTER_GROUP_PARENT
- 6.5.11 Removing a Group with SA_COMPONENTS.DROP_GROUP
- 6.6 Using the SA_LABEL_ADMIN Package to Specify Valid Labels
-
- 6.6.1 Creating a Valid Data Label with SA_LABEL_ADMIN.CREATE_LABEL
- 6.6.2 Modifying a Label with SA_LABEL_ADMIN.ALTER_LABEL
- 6.6.3 Deleting a Label with SA_LABEL_ADMIN.DROP_LABEL
- 7.1 Introduction to User Label and Privilege Management
- 7.2 Managing User Labels by Component, with SA_USER_ADMIN
-
- 7.2.1 SA_USER_ADMIN.SET_LEVELS
- 7.2.2 SA_USER_ADMIN.SET_COMPARTMENTS
- 7.2.3 SA_USER_ADMIN.SET_GROUPS
- 7.2.4 SA_USER_ADMIN.ALTER_COMPARTMENTS
- 7.2.5 SA_USER_ADMIN.ADD_COMPARTMENTS
- 7.2.6 SA_USER_ADMIN.DROP_COMPARTMENTS
- 7.2.7 SA_USER_ADMIN.DROP_ALL_COMPARTMENTS
- 7.2.8 SA_USER_ADMIN.ADD_GROUPS
- 7.2.9 SA_USER_ADMIN.ALTER_GROUPS
- 7.2.10 SA_USER_ADMIN.DROP_GROUPS
- 7.2.11 SA_USER_ADMIN.DROP_ALL_GROUPS
- 7.3 Managing User Labels by Label String, with SA_USER_ADMIN
-
- 7.3.1 SA_USER_ADMIN.SET_USER_LABELS
- 7.3.2 SA_USER_ADMIN.SET_DEFAULT_LABEL
- 7.3.3 SA_USER_ADMIN.SET_ROW_LABEL
- 7.3.4 SA_USER_ADMIN.DROP_USER_ACCESS
- 7.4 Managing User Privileges with SA_USER_ADMIN.SET_USER_PRIVS
- 7.5 Setting Labels & Privileges with SA_SESSION.SET_ACCESS_PROFILE
- 7.6 Returning User Name with SA_SESSION.SA_USER_NAME
- 7.7 Using Oracle Label Security Views
-
- 7.7.1 View to Display All User Security Attributes: DBA_SA_USERS
- 7.7.2 Views to Display User Authorizations by Component
- 8.1 Choosing Policy Options
-
- 8.1.1 Overview of Policy Enforcement Options
- 8.1.2 The HIDE Policy Column Option
- 8.1.3 The Label Management Enforcement Options
-
- 8.1.3.1 LABEL_DEFAULT: Using the Session's Default Row Label
- 8.1.3.2 LABEL_UPDATE: Changing Data Labels
- 8.1.3.3 CHECK_CONTROL: Checking Data Labels
- 8.1.4 The Access Control Enforcement Options
-
- 8.1.4.1 READ_CONTROL: Reading Data
- 8.1.4.2 WRITE_CONTROL: Writing Data
- 8.1.4.3 INSERT_CONTROL, UPDATE_CONTROL, and DELETE_CONTROL
- 8.1.5 The Overriding Enforcement Options
- 8.1.6 Guidelines for Using the Policy Enforcement Options
- 8.1.7 Exemptions from Oracle Label Security Policy Enforcement
- 8.1.8 Viewing Policy Options on Tables and Schemas
- 8.2 Using a Labeling Function
-
- 8.2.1 Labeling Data Rows under Oracle Label Security
- 8.2.2 Understanding Labeling Functions in Oracle Label Security Policies
- 8.2.3 Creating a Labeling Function for a Policy
- 8.2.4 Specifying a Labeling Function in a Policy
- 8.3 Inserting Labeled Data Using Policy Options and Labeling Functions
-
- 8.3.1 Evaluating Enforcement Control Options and INSERT
- 8.3.2 Inserting Labels When a Labeling Function Is Specified
- 8.3.3 Inserting Child Rows into Tables with Declarative Referential Integrity Enabled
- 8.4 Updating Labeled Data Using Policy Options and Labeling Functions
-
- 8.4.1 Updating Labels Using CHAR_TO_LABEL
- 8.4.2 Evaluating Enforcement Control Options and UPDATE
- 8.4.3 Updating Labels When a Labeling Function Is Specified
- 8.4.4 Updating Child Rows in Tables with Declarative Referential Integrity Enabled
- 8.5 Deleting Labeled Data Using Policy Options and Labeling Functions
- 8.6 Using a SQL Predicate with an Oracle Label Security Policy
-
- 8.6.1 Modifying an Oracle Label Security Policy with a SQL Predicate
- 8.6.2 Affecting Oracle Label Security Policies with Multiple SQL Predicates
- 9.1 Policy Administration Terminology
- 9.2 Subscribing Policies in Directory-Enabled Label Security
-
- 9.2.1 Subscribing to a Policy with SA_POLICY_ADMIN.POLICY_SUBSCRIBE
-
- 9.2.1.1 Syntax
- 9.2.2 Unsubscribing to a Policy with SA_POLICY_ADMIN.POLICY_UNSUBSCRIBE
-
- 9.2.2.1 Syntax
- 9.3 Policy Administration Functions for Tables and Schemas
- 9.4 Administering Policies on Tables Using SA_POLICY_ADMIN
-
- 9.4.1 Applying a Policy with SA_POLICY_ADMIN.APPLY_TABLE_POLICY
-
- 9.4.1.1 Syntax
- 9.4.2 Removing a Policy with SA_POLICY_ADMIN.REMOVE_TABLE_POLICY
-
- 9.4.2.1 Syntax
- 9.4.3 Disabling a Policy with SA_POLICY_ADMIN.DISABLE_TABLE_POLICY
-
- 9.4.3.1 Syntax
- 9.4.4 Reenabling a Policy with SA_POLICY_ADMIN.ENABLE_TABLE_POLICY
-
- 9.4.4.1 Syntax
- 9.5 Administering Policies on Schemas with SA_POLICY_ADMIN
-
- 9.5.1 Applying a Policy with SA_POLICY_ADMIN.APPLY_SCHEMA_POLICY
-
- 9.5.1.1 Syntax
- 9.5.2 Altering Enforcement Options: SA_POLICY_ADMIN.ALTER_SCHEMA_POLICY
-
- 9.5.2.1 Syntax
- 9.5.3 Removing a Policy with SA_POLICY_ADMIN.REMOVE_SCHEMA_POLICY
-
- 9.5.3.1 Syntax
- 9.5.4 Disabling a Policy with SA_POLICY_ADMIN.DISABLE_SCHEMA_POLICY
-
- 9.5.4.1 Syntax
- 9.5.5 Reenabling a Policy with SA_POLICY_ADMIN.ENABLE_SCHEMA_POLICY
-
- 9.5.5.1 Syntax
- 9.5.6 Policy Issues for Schemas
- 10.1 Introduction to Trusted Stored Program Units
-
- 10.1.1 How a Trusted Stored Program Unit Runs
- 10.1.2 Trusted Stored Program Unit Example
- 10.2 Managing Program Unit Privileges with SET_PROG_PRIVS
- 10.3 Creating and Compiling Trusted Stored Program Units
-
- 10.3.1 Creating Trusted Stored Program Units
- 10.3.2 Setting Privileges for Trusted Stored Program Units
- 10.3.3 Recompiling Trusted Stored Program Units
- 10.3.4 Re-creating Trusted Stored Program Units
- 10.3.5 Running Trusted Stored Program Units
- 10.4 Using SA_UTL Functions to Set and Return Label Information
-
- 10.4.1 Viewing Session Label and Row Label Using SA_UTL
-
- 10.4.1.1 SA_UTL.NUMERIC_LABEL
- 10.4.1.2 SA_UTL.NUMERIC_ROW_LABEL
- 10.4.1.3 SA_UTL.DATA_LABEL
- 10.4.2 Setting the Session Label and Row Label Using SA_UTL
-
- 10.4.2.1 SA_UTL.SET_LABEL
- 10.4.2.2 SA_UTL.SET_ROW_LABEL
- 10.4.3 Returning Greatest Lower Bound and Least Upper Bound
-
- 10.4.3.1 GREATEST_LBOUND
- 10.4.3.2 LEAST_UBOUND
- 11.1 Overview of Oracle Label Security Auditing
- 11.2 Enabling Systemwide Auditing: AUDIT_TRAIL Initialization Parameter
- 11.3 Enabling Oracle Label Security Auditing with SA_AUDIT_ADMIN
-
- 11.3.1 Auditing Options for Oracle Label Security
- 11.3.2 Enabling Oracle Label Security Auditing with SA_AUDIT_ADMIN.AUDIT
- 11.3.3 Disabling Oracle Label Security Auditing with SA_AUDIT_ADMIN.NOAUDIT
- 11.3.4 Examining Audit Options with the DBA_SA_AUDIT_OPTIONS View
- 11.4 Managing Policy Label Auditing
-
- 11.4.1 Policy Label Auditing with SA_AUDIT_ADMIN.AUDIT_LABEL
- 11.4.2 Disabling Policy Label Auditing with SA_AUDIT_ADMIN.NOAUDIT_LABEL
- 11.4.3 Finding Label Audit Status with AUDIT_LABEL_ENABLED
- 11.5 Creating and Dropping an Audit Trail View for Oracle Label Security
-
- 11.5.1 Creating a View with SA_AUDIT_ADMIN.CREATE_VIEW
- 11.5.2 Dropping a View with SA_AUDIT_ADMIN.DROP_VIEW
- 11.6 Oracle Label Security Auditing Tips
-
- 11.6.1 Strategy for Setting SA_AUDIT_ADMIN Options
- 11.6.2 Auditing Privileged Operations
- 12.1 An Oracle Label Security Distributed Configuration
- 12.2 Connecting to a Remote Database Under Oracle Label Security
- 12.3 Establishing Session Label and Row Label for a Remote Session
- 12.4 Setting Up Labels in a Distributed Environment
-
- 12.4.1 Setting Label Tags in a Distributed Environment
- 12.4.2 Setting Numeric Form of Label Components in a Distributed Environment
- 12.5 Using Oracle Label Security Policies in a Distributed Environment
- 12.6 Using Replication with Oracle Label Security
-
- 12.6.1 Introduction to Replication Under Oracle Label Security
-
- 12.6.1.1 Replication Functionality Supported by Oracle Label Security
- 12.6.1.2 Row-Level Security Restriction on Replication Under Oracle Label Security
- 12.6.2 Contents of a Materialized View
-
- 12.6.2.1 How Materialized View Contents Are Determined
- 12.6.2.2 Complete Materialized Views
- 12.6.2.3 Partial Materialized Views
- 12.6.3 Requirements for Creating Materialized Views Under Oracle Label Security
-
- 12.6.3.1 Requirements for the REPADMIN Account
- 12.6.3.2 Requirements for the Owner of the Materialized View
- 12.6.3.3 Requirements for Creating Partial Multilevel Materialized Views
- 12.6.3.4 Requirements for Creating Complete Multilevel Materialized Views
- 12.6.4 How to Refresh Materialized Views
- 13.1 Using the Export Utility with Oracle Label Security
-
- 13.1.1 Using Datapump Export Utility with Oracle Label Security
- 13.2 Using the Import Utility with Oracle Label Security
-
- 13.2.1 Requirements for Import Under Oracle Label Security
-
- 13.2.1.1 Preparing the Import Database
- 13.2.1.2 Verifying Import User Authorizations
- 13.2.2 Defining Data Labels for Import
- 13.2.3 Importing Labeled Data Without Installing Oracle Label Security
- 13.2.4 Importing Unlabeled Data
- 13.2.5 Importing Tables with Hidden Columns
- 13.3 Using SQL*Loader with Oracle Label Security
-
- 13.3.1 Requirements for Using SQL*Loader Under Oracle Label Security
- 13.3.2 Oracle Label Security Input to SQL*Loader
- 13.4 Performance Tips for Oracle Label Security
-
- 13.4.1 Using ANALYZE to Improve Oracle Label Security Performance
- 13.4.2 Creating Indexes on the Policy Label Column
- 13.4.3 Planning a Label Tag Strategy to Enhance Performance
- 13.4.4 Partitioning Data Based on Numeric Label Tags
- 13.5 Creating Additional Databases After Installation
- 14.1 Introduction to Inverse Groups and Releasability
- 14.2 Comparing Standard Groups and Inverse Groups
- 14.3 How Inverse Groups Work
-
- 14.3.1 Implementing Inverse Groups with the INVERSE_GROUP Enforcement Option
- 14.3.2 Inverse Groups and Label Components
- 14.3.3 Computed Labels with Inverse Groups
-
- 14.3.3.1 Computed Session Labels with Inverse Groups
- 14.3.3.2 Inverse Groups and Computed Max Read Groups and Max Write Groups
- 14.3.4 Inverse Groups and Hierarchical Structure
- 14.3.5 Inverse Groups and User Privileges
- 14.4 Algorithm for Read Access with Inverse Groups
- 14.5 Algorithm for Write Access with Inverse Groups
- 14.6 Algorithms for COMPACCESS Privilege with Inverse Groups
- 14.7 Session Labels and Inverse Groups
-
- 14.7.1 Setting Initial Session/Row Labels for Standard or Inverse Groups
-
- 14.7.1.1 Standard Groups: Rules for Changing Initial Session/Row Labels
- 14.7.1.2 Inverse Groups: Rules for Changing Initial Session/Row Labels
- 14.7.2 Setting Current Session/Row Labels for Standard or Inverse Groups
-
- 14.7.2.1 Standard Groups: Rules for Changing Current Session/Row Labels
- 14.7.2.2 Inverse Groups: Rules for Changing Current Session/Row Labels
- 14.7.3 Examples of Session Labels and Inverse Groups
-
- 14.7.3.1 Inverse Groups Example 1
- 14.7.3.2 Inverse Groups Example 2
- 14.8 Changes in Behavior of Procedures with Inverse Groups
-
- 14.8.1 SYSDBA.CREATE_POLICY with Inverse Groups
- 14.8.2 SYSDBA.ALTER_POLICY with Inverse Groups
- 14.8.3 SA_USER_ADMIN.ADD_GROUPS with Inverse Groups
- 14.8.4 SA_USER_ADMIN.ALTER_GROUPS with Inverse Groups
- 14.8.5 SA_USER_ADMIN.SET_GROUPS with Inverse Groups
- 14.8.6 SA_USER_ADMIN.SET_USER_LABELS with Inverse Groups
- 14.8.7 SA_USER_ADMIN.SET_DEFAULT_LABEL with Inverse Groups
- 14.8.8 SA_USER_ADMIN.SET_ROW_LABEL with Inverse Groups
- 14.8.9 SA_COMPONENTS.CREATE_GROUP with Inverse Groups
- 14.8.10 SA_COMPONENTS.ALTER_GROUP_PARENT with Inverse Groups
- 14.8.11 SA_SESSION.SET_LABEL with Inverse Groups
- 14.8.12 SA_SESSION.SET_ROW_LABEL with Inverse Groups
- 14.8.13 LEAST_UBOUND with Inverse Groups
- 14.8.14 GREATEST_LBOUND with Inverse Groups
- 14.9 Dominance Rules for Labels with Inverse Groups
- A.1 Analyzing the Relationships Between Labels
-
- A.1.1 Dominant and Dominated Labels
- A.1.2 Non-Comparable Labels
- A.1.3 Using Dominance Functions
-
- A.1.3.1 The DOMINATES Standalone Function
- A.1.3.2 The STRICTLY_DOMINATES Standalone Function
- A.1.3.3 The DOMINATED_BY Standalone Function
- A.1.3.4 The STRICTLY_DOMINATED_BY Standalone Function
- A.1.3.5 SA_UTL.DOMINATES
- A.1.3.6 SA_UTL.STRICTLY_DOMINATES
- A.1.3.7 SA_UTL.DOMINATED_BY
- A.1.3.8 SA_UTL.STRICTLY_DOMINATED_BY
- A.2 OCI Interface for Setting Session Labels
-
- A.2.1 OCIAttrSet
- A.2.2 OCIAttrGet
- A.2.3 OCIParamGet
- A.2.4 OCIAttrSet
- A.2.5 OCI Example
- B.1 Command Explanations
- B.2 Relating Parameters to Commands for olsadmintool
-
- B.2.1 Summaries
- B.3 Examples of Using olsadmintool
-
- B.3.1 Make Other Users Policy Creators
- B.3.2 Create Policies with Valid Options
- B.3.3 Create Policy Administrators
- B.3.4 Create Some Levels
- B.3.5 Create Some Compartments
- B.3.6 Create Some Groups
- B.3.7 Create Some Labels
- B.3.8 Create a Profile
- B.3.9 Add a User to the Profile
- B.3.10 Add Another User to the Profile
- B.3.11 Set Some Audit Options
- B.3.12 Results of These Examples
- C.1 Oracle Label Security Data Dictionary Tables and Views
-
- C.1.1 Oracle Database Data Dictionary Tables
- C.1.2 Oracle Label Security Data Dictionary Views
-
- C.1.2.1 ALL_SA_AUDIT_OPTIONS
- C.1.2.2 ALL_SA_COMPARTMENTS
- C.1.2.3 ALL_SA_DATA_LABELS
- C.1.2.4 ALL_SA_GROUPS
- C.1.2.5 ALL_SA_LABELS
- C.1.2.6 ALL_SA_LEVELS
- C.1.2.7 ALL_SA_POLICIES
- C.1.2.8 ALL_SA_PROG_PRIVS
- C.1.2.9 ALL_SA_SCHEMA_POLICIES
- C.1.2.10 ALL_SA_TABLE_POLICIES
- C.1.2.11 ALL_SA_USERS
- C.1.2.12 ALL_SA_USER_LABELS
- C.1.2.13 ALL_SA_USER_LEVELS
- C.1.2.14 ALL_SA_USER_PRIVS
- C.1.2.15 DBA_SA_AUDIT_OPTIONS
- C.1.2.16 DBA_SA_COMPARTMENTS
- C.1.2.17 DBA_SA_DATA_LABELS
- C.1.2.18 DBA_SA_GROUPS
- C.1.2.19 DBA_SA_GROUP_HIERARCHY
- C.1.2.20 DBA_SA_LABELS
- C.1.2.21 DBA_SA_LEVELS
- C.1.2.22 DBA_SA_POLICIES
- C.1.2.23 DBA_SA_PROG_PRIVS
- C.1.2.24 DBA_SA_SCHEMA_POLICIES
- C.1.2.25 DBA_SA_TABLE_POLICIES
- C.1.2.26 DBA_SA_USERS
- C.1.2.27 DBA_SA_USER_COMPARTMENTS
- C.1.2.28 DBA_SA_USER_GROUPS
- C.1.2.29 DBA_SA_USER_LABELS
- C.1.2.30 DBA_SA_USER_LEVELS
- C.1.2.31 DBA_SA_USER_PRIVS
- C.1.3 Oracle Label Security Auditing Views
- C.2 Restrictions in Oracle Label Security
-
- C.2.1 CREATE TABLE AS SELECT Restriction in Oracle Label Security
- C.2.2 Label Tag Restriction
- C.2.3 Export Restriction in Oracle Label Security
- C.2.4 Oracle Label Security Removal Restriction
- C.2.5 Shared Schema Support
- C.2.6 Hidden Columns Restriction
- C.3 Installing Oracle Label Security
-
- C.3.1 Oracle Label Security and the SYS.AUD$ Table
- C.4 Removing Oracle Label Security
- D.1 Using Oracle Label Security Policy Functions in an RAC Environment
- D.2 Using Transparent Application Failover in Oracle Label Security
