Back to Secure Application Roles homepage

Oracle Label Security


Controlling Secure Application Roles with
OLS User Authorizations

 
Oracle Label Security and Secure Application Roles step 1 of 4
 
 
 
 
Oracle Label Security and Secure Application Roles step 2 of 4
 
 
 
 
Oracle Label Security and Secure Application Roles step 3 of 4
 
 
 
 
Oracle Label Security and Secure Application Roles step 4 of 4
 
Create Label Security policy Define label components Authorize users Create procedure to enable role



The Secure Application Role procedure will do the following:

  1. Get the numerical label_tag from the user's current label
  2. Get the numerical label_tag from the 'SENS:PII' label
  3. User label ≥ 'SENS:PII' label → role will be set for user
  4. User label < 'SENS:PII' label → role will not be set for user

SQL> grant pii_role to <user>;
SQL> alter user <user> set default role none;
CREATE OR REPLACE PROCEDURE p_pii_roles authid current_user
 IS
    session_tag number;  -- numerical expression of session label
    sens_tag number;     -- numerical expression of SENS:PII label
  BEGIN
    session_tag := sa_util.numeric_label('PROTECT_PII');
                         -- numerical expression of session label
    sens_tag := char_to_label('PROTECT_PII','SENS:PII');
                         -- numerical expression of the SENS:PII label
    if dominates (session_tag, sens_tag) = 1 then
                         -- true (1) if session label ≥ SENS:PII label
      dbms_session.set_role('pii_role');
    else  null;          -- else do nothing
  end if;
END p_pii_roles;
/


Hands-On


 Using OLS user authorizations to create powerful Command Rules in Oracle Database Vault
 OLS user authorizations in VPD policies: Determine access to application table columns based on user authorizations
 Six steps towards a successful multi level security implementation
 Oracle Magazine: Now Securing Every Row

Related Technologies


 Database Firewall
 Audit Vault
 Data Masking (pdf)
 Secure Backup
 Configuration Management
 Identity Management

Discussion Forums


 Security
 Audit Vault
 Database

Technical Information


 Datasheet
 Overview Whitepaper
 Oracle Label Security in Government and Defense Environments
 Technical White Paper
 Best practices
 Frequently Asked Questions
 Oracle Label Security with Oracle E-Business Suite: Best Practices

Security Options


 Oracle Database Vault
 Oracle Advanced Security
 Oracle Label Security

Security Features


 Data Encryption
 Virtual Private Database
 Database Auditing
 Backup Encryption
 Export file encryption
 Proxy Authentication
 Enterprise User Security
 Secure Application Roles
 Fine Grained Auditing


In-Memory Replay Banner