Back to Oracle Label Security homepage

Oracle Label Security


Protect PII from unauthorized access

 
Oracle Label Security and Virtual Private Database step 1 of 4
 
 
 
 
Oracle Label Security and Virtual Private Database step 2 of 4
 
 
 
 
Oracle Label Security and Virtual Private Database step 3 of 4
 
 
 
 
Oracle Label Security and Virtual Private Database step 4 of 4
 
Create Label Security policy Define label components Authorize users Create and apply VPD policy



The VPD policy will do the following:

  1. Get the numerical label tag from the user's current label
  2. Get the numerical label tag from the 'S:PII' label
  3. User label ≥ 'S:PII' → access to all rows in sensitive columns
  4. User label < 'S:PII' → access to all rows, but sensitive PII column is blank

In this example, the VPD policy will be applied to the hr.EMPLOYEES table:

BEGIN
  DBMS_RLS.ADD_POLICY(
   object_schema => 'HR',
   object_name => 'EMPLOYEES',
   policy_name => 'vpd_protect_pii',
   function_schema => 'LBACSYS',
   policy_function => 'f_protect_pii',
   statement_types => 'select',
   sec_relevant_cols => 'SALARY',
   sec_relevant_cols_opt => dbms_rls.ALL_ROWS,
   policy_type => dbms_rls.CONTEXT_SENSITIVE);
END;
/

Download the entire demo script from here.



Hands-On


 Using OLS user authorizations to create powerful Command Rules in Oracle Database Vault
 OLS user authorizations in VPD policies: Determine access to application table columns based on user authorizations
 Six steps towards a successful multi level security implementation

Security Features


Strong Authentication
Network Encryption
Real Application Security
Unified Auditing
Secure External Password Store
Virtual Private Database
Traditional Database Auditing
Proxy Authentication
Enterprise User Security
Secure Application Roles
Fine Grained Auditing

Discussion Forums


 Security
 Oracle Audit Vault and Database Firewall
 Database

Technical Information


 Datasheet
 Overview White Paper
 Government and Defense Environments White Paper
 Technical White Paper
 Best Practices
 Frequently Asked Questions
 Oracle Label Security with Oracle E-Business Suite: Best Practices

Security Solutions


 Oracle Database Vault
 Oracle Advanced Security
 Oracle Label Security
Oracle Audit Vault and Database Firewall
Data Masking

In-Memory Replay Banner