Oracle Label Security

Protect PII from unauthorized access

Oracle Label Security and Virtual Private Database step 1 of 4
Oracle Label Security and Virtual Private Database step 2 of 4
Oracle Label Security and Virtual Private Database step 3 of 4
Oracle Label Security and Virtual Private Database step 4 of 4
Create Label Security policy Define label components Authorize users Create and apply VPD policy

Oracle Label Security consists of two parts: User clearance labels and data classification labels (row labels). The policy itself determines access rights to rows by comparing the user's clearance with data classification labels. In this example though, the OLS policy will not be applied to a table, and there is no additional column appended to the protected table, which would otherwise hold the row labels. But in order to initially create the policy, the name of the additional column can not be omitted. Since this policy will never be attached to a table, the default policy enforcement option can be set to 'NO_CONTROL', which minimizes any overhead caused by a truly active policy.

Oracle Label Security and Secure Application Roles step 1 of 4

The same could be achieved using the following script:

  policy_name => 'PROTECT_PII',
  column_name => 'OLS_COLUMN',
  default_options => 'NO_CONTROL');


 Using OLS user authorizations to create powerful Command Rules in Oracle Database Vault
 OLS user authorizations in VPD policies: Determine access to application table columns based on user authorizations
 Six steps towards a successful multi level security implementation

Security Features

Strong Authentication
Network Encryption
Real Application Security
Unified Auditing
Secure External Password Store
Virtual Private Database
Traditional Database Auditing
Proxy Authentication
Enterprise User Security
Secure Application Roles
Fine Grained Auditing

Discussion Forums

 Oracle Audit Vault and Database Firewall

Technical Information

 Overview White Paper
 Government and Defense Environments White Paper
 Technical White Paper
 Best Practices
 Frequently Asked Questions
 Oracle Label Security with Oracle E-Business Suite: Best Practices

Security Solutions

 Oracle Database Vault
 Oracle Advanced Security
 Oracle Label Security
Oracle Audit Vault and Database Firewall
Data Masking

Oracle has a very active research organization (Oracle Labs) that is charged to 'Identify, explore, and transfer new technologies that have the potential to substantially improve Oracle's business'. One part of the organization is the External Research Office (ERO). The ERO is charged to ' ... invest in research collaborations that fit Oracle's long-term strategic goals. These collaborations are between university researchers and engineers/researchers throughout Oracle's various organizations'. The ERO webpage lists numerous current and past collaborations. Oracle provides funds and direct interactions with highly experienced developers.

If you are interested in the ERO program please contact Steve Jeffreys at

If you would like to explore opportunities for a research collaboration with the database team please contact Dieter Gawlick at

or Garret Swart at
Oracle Database Cloud