Oracle Label Security
Based on stringent requirements for row level security submitted by Oracle customers, Oracle Label Security — an option to the Oracle Database Enterprise Edition — leverages multilevel security concepts to address real world data security and privacy problems faced by government and commercial entities worldwide.
OLS provides sophisticated row level security controls by leveraging data sensitivity labels such as "Sensitive" and "Company Confidential" and user label authorizations.
OLS uses the concept of policies to store label definitions and authorizations. The policies can be managed directly in the database, or centrally in Oracle Identity Management. This provides lower cost, centralized security and enterprise wide distribution of OLS policy information.
A complete set of APIs are provided for managing policies in the database or in Oracle Identity Management. A graphical tool called Oracle Policy Manager is provided for managing OLS policies stored in the database.
Components of Labels:
- Levels (One or more required per label): Levels define the vertical sensitivity of data and the highest classification level a user can access.
- Compartments (optional): Data can have the same level
(Public, Confidential and Secret), but can belong to different projects inside a company, for example "ACME Merger" and "IT Security". Compartments represent the projects in this example, helping to define more precise access controls. They are most often used in government environments.
- Groups (optional): Groups identify organizations owning or
accessing the data, for example: UK, US, Asia, Europe. Groups are used both in commercial and government environments, and frequently used in place of compartments due to their flexibility.
Recommended reading:
DBASupport.com's 4-part article about Oracle Label Security (Overview |
Implementation |
Administration |
Conclusion)
|
Bookmark
