Back to Secure Application Roles homepage

Oracle Label Security

Controlling Secure Application Roles with
OLS User Authorizations

 
Oracle Label Security and Secure Application Roles step 1 of 4
 
 
 
 
Oracle Label Security and Secure Application Roles step 2 of 4
 
 
 
 
Oracle Label Security and Secure Application Roles step 3 of 4
 
 
 
 
Oracle Label Security and Secure Application Roles step 4 of 4
 
Create Label Security policy Define label components Authorize users Create procedure to enable role


Only the user 'SKing' will get a label which is equal to or dominates the 'S:PII' label, which will allow him to see all columns of the table which contains PII information; all other users ('LDoran' for example) have labels that do not dominate the 'S:PII' label; for them, the 'salary' column will be empty. In this Oracle-by-Example, an OLS policy is applied to non-database users.

ols-vpd-03

The same could be achieved using the following scripts:

BEGIN
SA_USER_ADMIN.SET_USER_LABELS (
  policy_name => 'PROTECT_PII',
  user_name => 'SKING',
  max_read_label => 'S:PII',
  max_write_label => 'S:PII',
  min_write_label => 'C',
  def_label => 'S:PII',
  row_label => 'S:PII');
END;
/ 

BEGIN
SA_USER_ADMIN.SET_USER_LABELS (
  policy_name => 'PROTECT_PII',
  user_name => 'LDORAN',
  max_read_label => 'C',
  max_write_label => 'C',
  min_write_label => 'C',
  def_label => 'C',
  row_label => 'C');
END;
/

Hands-On
Using OLS user authorizations to create powerful Command Rules in Oracle Database Vault
OLS user authorizations in VPD policies: Determine access to application table columns based on user authorizations
Six steps towards a successful multi level security implementation
Oracle Magazine: Now Securing Every Row

Related Technologies
Database Firewall
Audit Vault
Data Masking (pdf)
Secure Backup
Configuration Management
Identity Management

Discussion Forums
Security
Audit Vault
Database

Technical Information
Datasheet
Overview Whitepaper
Oracle Label Security in Government and Defense Environments
Technical White Paper
Best practices
Frequently Asked Questions
Oracle Label Security with Oracle E-Business Suite: Best Practices

Security Options
Oracle Database Vault
Oracle Advanced Security
Oracle Label Security

Security Features
Data Encryption
Virtual Private Database
Database Auditing
Backup Encryption
Export file encryption
Proxy Authentication
Enterprise User Security
Secure Application Roles
Fine Grained Auditing
Left Curve
Popular Downloads
 Right Curve
Untitled Document
Left Curve
More Database Downloads
 Right Curve