Database
Middleware
Developer Tools
Enterprise Management
Applications Technology
Products A-Z

BI & Data Warehousing
Embedded
Java
Linux
.NET
PHP
Security
Service-Oriented Architecture
Windows Server System
Virtualization
Technologies A-Z

COMMUNITY

Join OTN
Oracle ACEs
Oracle Wiki
Blogs
Podcasts
Events
Newsletters
Oracle Magazine
Oracle Books
Certification
User Groups
Partner White Papers

Printer View

E-mail this page

Bookmark

Oracle Label Security

Protect PII by controlling Secure Application Roles with
OLS User Authorizations

Create Label Security policy

Define label components

Authorize users

Create procedure to enable role

Oracle Label Security consists of two parts: User clearance labels and data classification labels (row labels). The policy itself determines access rights to rows by comparing the user's clearance with data classification labels. In this example though, the OLS policy will not be applied to a table, and there is no additional column appended to the protected table, which would otherwise hold the row labels. But in order to initially create the policy, the name of the additional column can not be omitted. Since this policy will never be attached to a table, the default policy enforcement option can be set to 'NO_CONTROL', which minimizes any overhead caused by a truly active policy.

Create Oracle Label Security Policy and define defaults

The same could be achieved using the following script:

BEGIN
SA_SYSDBA.CREATE_POLICY (
  policy_name => 'PROTECT_PII',
  column_name => 'OLS_COLUMN',
  default_options => 'NO_CONTROL');
END;
/