We’re sorry. We could not find a match for your search.

We suggest you try the following to help find what you’re looking for:

  • Check the spelling of your keyword search.
  • Use synonyms for the keyword you typed, for example, try "application" instead of "software."
  • Start a new search.
Cloud Account Sign in to Cloud
Oracle Account
Oracle Label Security

Oracle Label Security

Oracle Label Security User Clearances as Factors in Oracle Database Vault

 $ sqlplus LBACSYS/password
 SQL> execute sa_sysdba.create_policy('PRIVACY','PRIVACY_COLUMN','NO_CONTROL');

The following commands create the two levels used in the OLS policy:

 SQL> execute sa_components.create_level('PRIVACY',1000,'C','CONFIDENTIAL');
 SQL> execute sa_components.create_level('PRIVACY',2000,'S','SENSITIVE');

The next command creates the 'PII' compartment:

SQL> execute sa_components.create_compartment('PRIVACY',100,'PII','PERS_INFO');

The user JSmith is granted the less sensitive label:

SQL> execute sa_user_admin.set_user_labels('PRIVACY','JSmith','C');

The user MDale is granted the more sensitive label, which also includes the PII compartment:

SQL> execute sa_user_admin.set_user_labels('PRIVACY','MDale','S:PII');

In order to use the OLS labels as factors in Database Vault, you need to create a 'Rule Set' first:

 SQL> connect dbv_owner/password;
 SQL> execute dvsys.dbms_macadm.create_rule_set('PII Rule Set','Protect PII
 data from privileged users','Y',1,0,2,NULL,NULL,0,NULL);

Rule Sets contain one or more Rule; this Rule contains the syntax to evaluate the OLS labels:

SQL> execute dvsys.dbms_macadm.create_rule('Check OLS Factor', 
 'dominates(sa_utl.numeric_label(''PRIVACY''), char_to_label(''PRIVACY'',''S:PII'')) = ''1''');
SQL> execute dvsys.dbms_macadm.sync_rules;
SQL> commit;

Add the Rule to the Rule Set:

SQL> execute dvsys.dbms_macadm.add_rule_to_rule_set ('PII Rule Set','Check OLS Factor');
SQL> commit;
Oracle Label Security