Overview

Oracle Label Security enables companies and government organizations to consolidate data with different access requirements (including government classified data) into the same database.  It implements multilevel access controls based on the classification of the data and the access label of the application user.  This powerful capability enables access to sensitive data associated with R&D projects, non-public financial information, or healthcare information to be enforced inside Oracle Database 18c.

Centralize Application Security

Centralizing application data access policies using Oracle Label Security reduces application development time and complexity for every application. Updating and maintaining application data access security policies becomes easier since it can be done at one time and in one location.

Unify Application Data

Many organizations maintain multiple copies of the exact same application schema on different databases to segment data access to specific groups (each retail store, finance groups, government…). Maintaining multiple copies of the same database across the organization leads to higher maintenance costs along with difficulty in creating cross-organization reports. Unifying this data on a single database reduces operational overhead while maintaining the same separation of data access controls

Control Access to Sensitive Projects

With Oracle Label Security, sensitive projects such as research and development plans, merger and acquisition plans, or financial information are accessible to different people depending on their need-to-know.  Label compartments can authorize the right people to view only the projects they have access to, eliminating the need to develop or re-code applications to meet row level access control requirements.

Implement Hierarchical Access Controls

Financial revenue data that is managed by an organization can organize the data by groups using Oracle Label Security. Staff working with individual countries can be restricted to only seeing their own country’s data. Regional managers who oversee a group of countries can see all the country data in their region. Global managers can see the data from every country. And all the data resides securely in the same database tables, without the need to create separate tables and databases for each country. Reporting, data management and data security are simplified.

Enforce Multiple Levels of Sensitive Data

Oracle Label Security can consolidate data with different sensitivity levels into a single set of database tables. For example, data sensitivity levels can be defined as "Public", "Sensitive" and "Most Sensitive," with the ability to define more levels as needed. Depending on the user access level (public, employee, manager, executive, etc.) a user can access data up to the level they have access to. There is no need to keep separate tables to manage the same data – each row of data is labeled with levels. Managing the sensitivity of the data simplifies and enhances the security of the data throughout its lifetime.