Back to Oracle Label Security homepage

Oracle Label Security


Protect PII from unauthorized access

 
Oracle Label Security and Virtual Private Database step 1 of 4
 
 
 
 
Oracle Label Security and Virtual Private Database step 2 of 4
 
 
 
 
Oracle Label Security and Virtual Private Database step 3 of 4
 
 
 
 
Oracle Label Security and Virtual Private Database step 4 of 4
 
Create Label Security policy Define label components Authorize users Create and apply VPD policy



The VPD policy will do the following:

  1. Get the numerical label tag from the user's current label
  2. Get the numerical label tag from the 'S:PII' label
  3. User label ≥ 'S:PII' → access to all rows in sensitive columns
  4. User label < 'S:PII' → access to all rows, but sensitive PII column is blank

In this example, the VPD policy will be applied to the hr.EMPLOYEES table:

BEGIN
  DBMS_RLS.ADD_POLICY(
   object_schema => 'HR',
   object_name => 'EMPLOYEES',
   policy_name => 'vpd_protect_pii',
   function_schema => 'LBACSYS',
   policy_function => 'f_protect_pii',
   statement_types => 'select',
   sec_relevant_cols => 'SALARY',
   sec_relevant_cols_opt => dbms_rls.ALL_ROWS,
   policy_type => dbms_rls.CONTEXT_SENSITIVE);
END;
/

Download the entire demo script from here.



Hands-On


 Using OLS user authorizations to create powerful Command Rules in Oracle Database Vault
 OLS user authorizations in VPD policies: Determine access to application table columns based on user authorizations
 Six steps towards a successful multi level security implementation

Security Features


Strong Authentication
Network Encryption
Real Application Security
Unified Auditing
Secure External Password Store
Virtual Private Database
Traditional Database Auditing
Proxy Authentication
Enterprise User Security
Secure Application Roles
Fine Grained Auditing

Discussion Forums


 Security
 Oracle Audit Vault and Database Firewall
 Database

Technical Information


 Datasheet
 Overview White Paper
 Government and Defense Environments White Paper
 Technical White Paper
 Best Practices
 Frequently Asked Questions
 Oracle Label Security with Oracle E-Business Suite: Best Practices

Security Solutions


 Oracle Database Vault
 Oracle Advanced Security
 Oracle Label Security
Oracle Audit Vault and Database Firewall
Data Masking
OpenworldDatabaseBanner

Oracle has a very active research organization (Oracle Labs) that is charged to 'Identify, explore, and transfer new technologies that have the potential to substantially improve Oracle's business'. One part of the organization is the External Research Office (ERO). The ERO is charged to ' ... invest in research collaborations that fit Oracle's long-term strategic goals. These collaborations are between university researchers and engineers/researchers throughout Oracle's various organizations'. The ERO webpage lists numerous current and past collaborations. Oracle provides funds and direct interactions with highly experienced developers.

If you are interested in the ERO program please contact Steve Jeffreys at
eroadmin_us_grp@oracle.com

If you would like to explore opportunities for a research collaboration with the database team please contact Dieter Gawlick at
dieter.gawlick@oracle.com


or Garret Swart at
garret.swart@oracle.com
.
Oracle Database Cloud