Database
Middleware
Developer Tools
Enterprise Management
Applications Technology
Products A-Z

TECHNOLOGIES

BI & Data Warehousing
Embedded
Java
Linux
.NET
PHP
Security
Windows Server System
Technologies A-Z

ARCHITECTURE

Enterprise 2.0
Extreme Transaction Processing
Service-Oriented Architecture
Virtualization

COMMUNITY

Join OTN
Oracle ACEs
Oracle Wiki
Blogs
Podcasts
Events
Newsletters
Oracle Magazine
Oracle Books
Certification
User Groups
Partner White Papers

Printer View

E-mail this page

Bookmark

Oracle Label Security

Protect PII by controlling Secure Application Roles with
OLS User Authorizations

Create Label Security policy

Define label components

Authorize users

Create procedure to enable role

Only the user 'SKing' will get a label which is equal to or dominates the 'S:PII' label, which will allow him to see all columns of the table which contains PII information; all other users ('LDoran' for example) have labels that do not dominate the 'S:PII' label; for them, the 'salary' column will be empty:

Oracle Label Security User Authorizations

The same could be achieved using the following scripts:

BEGIN
SA_USER_ADMIN.SET_USER_LABELS (
  policy_name => 'PROTECT_PII',
  user_name => 'SKING',
  max_read_label => 'S:PII',
  max_write_label => 'S:PII',
  min_write_label => 'C',
  def_label => 'S:PII',
  row_label => 'S:PII');
END;
/

BEGIN
SA_USER_ADMIN.SET_USER_LABELS (
  policy_name => 'PROTECT_PII',
  user_name => 'LDORAN',
  max_read_label => 'C',
  max_write_label => 'C',
  min_write_label => 'C',
  def_label => 'C',
  row_label => 'C');
END;
/