Back to Secure Application Roles homepage

Oracle Label Security


Controlling Secure Application Roles with
OLS User Authorizations

 
Oracle Label Security and Secure Application Roles step 1 of 4
 
 
 
 
Oracle Label Security and Secure Application Roles step 2 of 4
 
 
 
 
Oracle Label Security and Secure Application Roles step 3 of 4
 
 
 
 
Oracle Label Security and Secure Application Roles step 4 of 4
 
Create Label Security policy Define label components Authorize users Create procedure to enable role



Labels consists of three components: Required Levels, and optional Compartments and Groups. In this example, the levels will be 'Confidential' and 'Sensitive', and the compartment will be 'PII'; no groups are used:

Oracle Label Security Label Components

The same could be achieved using the following scripts:

BEGIN
SA_COMPONENTS.CREATE_LEVEL (
  policy_name => 'PROTECT_PII',
  level_num => 1000,
  short_name => 'C',
  long_name => 'CONFIDENTIAL');
END;
/

BEGIN
SA_COMPONENTS.CREATE_LEVEL (
  policy_name => 'PROTECT_PII',
  level_num => 2000,
  short_name => 'S',
  long_name => 'SENSITIVE');
END;
/ 

BEGIN
SA_COMPONENTS.CREATE_COMPARTMENT (
  policy_name => 'PROTECT_PII',
  comp_num => 100,
  short_name => 'PII',
  long_name => 'PERS_INFO');
END;
/
 


Hands-On


 Using OLS user authorizations to create powerful Command Rules in Oracle Database Vault
 OLS user authorizations in VPD policies: Determine access to application table columns based on user authorizations
 Six steps towards a successful multi level security implementation
 Oracle Magazine: Now Securing Every Row

Related Technologies


 Database Firewall
 Audit Vault
 Data Masking (pdf)
 Secure Backup
 Configuration Management
 Identity Management

Discussion Forums


 Security
 Audit Vault
 Database

Technical Information


 Datasheet
 Overview Whitepaper
 Oracle Label Security in Government and Defense Environments
 Technical White Paper
 Best practices
 Frequently Asked Questions
 Oracle Label Security with Oracle E-Business Suite: Best Practices

Security Options


 Oracle Database Vault
 Oracle Advanced Security
 Oracle Label Security

Security Features


 Data Encryption
 Virtual Private Database
 Database Auditing
 Backup Encryption
 Export file encryption
 Proxy Authentication
 Enterprise User Security
 Secure Application Roles
 Fine Grained Auditing


In-Memory Replay Banner