Oracle Information InDepth



Stay Connected:

Oracle on Twitter Oracle on Facebook Oracle on Youtube Oracle Blog Oracle on LinkedIn Google+

October 2012




Back to the main page

FAQ: Label-Based Access Controls in Oracle Database 11g

Initially developed for government and defense organizations, Oracle Label Security, which provides multilevel security within Oracle Database, has rapidly expanded to commercial organizations.

Why? Because compliance requirements are becoming increasingly complex, security threats are growing more sophisticated, and the trend toward data consolidation is creating demand for new ways to ensure strong access controls for sensitive data.

As interest in Oracle Label Security widens, we wanted to share frequently asked questions about how it works and how it can benefit your organization.

How does Oracle Label Security work?
Oracle Label Security is a powerful and easy-to-use tool for classifying data and mediating access to data based on its classification. It enables multilevel security and mandatory access controls, and provides a flexible framework that both government and commercial entities worldwide can use to manage access to data on a need-to-know basis. This helps to protect data privacy and achieve regulatory compliance.

How do Oracle Label Security and Oracle Database Vault complement each other?
Tables in Oracle Database Vault that are protected with Oracle Label Security policies behave the same way as those stored and accessed in a conventional database, since Oracle Database Vault provides access controls at the object level, and not down to the row level. Oracle Label Security labels can be assigned to Oracle Database Vault factors. These labels are then merged with the user clearance labels before access control decisions are made.

Who is most likely to benefit from Oracle Label Security?
Sensitivity labels are used in virtually every industry, but especially healthcare, law enforcement, energy, retail, national security, and defense. Examples of sensitivity labels include internal, confidential, X Corporation, physician only, and classified.

What can Oracle Label Security do for my security needs?
Oracle Label Security can be used to label data and restrict access with a high degree of granularity. This is useful when multiple organizations, companies, or users share a single application. Sensitivity labels can be used to restrict application users to an organization, or to a subset within an organization, without having to change the application.

Where can customers learn more about Oracle Label Security?
The next step is to watch the SANS Institute Tool Talk Webcast: Label-Based Access Controls in Oracle Database 11g. Learn how easy it is to control access to data subsets within an application table, especially when faced with specific data ownership, consolidation, and multitenancy requirements. In addition, hear real-world case studies demonstrating how customers in industries ranging from retail to government are relying on Oracle Label Security for virtual information partitioning and secure consolidation of information.

Back to Top

Please send questions or comments to

This document is provided for information purposes only, and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor is it subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. We specifically disclaim any liability with respect to this document, and no contractual obligations are formed either directly or indirectly by this document. This document may not be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without our prior written permission.

Hardware and Software, Engineered to Work Together

Copyright © 2012, Oracle and/or its affiliates.
All rights reserved.

Contact Us | Legal Notices and Terms of Use | Privacy Statement


Oracle Corporation - Worldwide Headquarters, 500 Oracle Parkway, OPL - E-mail Services, Redwood Shores, CA 94065, United States

Your privacy is important to us. You can login to your account to update your e-mail subscriptions or you can opt-out of all Oracle Marketing e-mails at any time.

Please note that opting-out of Marketing communications does not affect your receipt of important business communications related to your current relationship with Oracle such as Security Updates, Event Registration notices, Account Management and Support/Service communications.