| General Information |
| Library Note |
|
| Purpose |
Manages Oracle Label Security policies, such as creating, altering and or disabling. |
| AUTHID |
CURRENT_USER |
| Dependencies |
| DUAL |
LBAC_SYSDBA |
OLS_DIP_NTFY |
| LBAC_LGSTNDBY_UTIL |
|
|
|
| Documented |
Yes |
| First Available |
10.1 |
| Policy Enforcement Options |
| ALL_CONTROL |
LABEL_DEFAULT |
READ_CONTROL |
| CHECK_CONTROL |
LABEL_UPDATE |
UPDATE_CONTROL |
| DELETE_CONTROL |
NO_CONTROL |
WRITE_CONTROL |
| INSERT_CONTROL |
|
|
|
| Security Model |
Owned by LBACSYS with no privileges granted.
GRANT inherit_privileges ON USER sys TO lbacsys;
GRANT lbac_dba to SYS; |
| Source |
{ORACLE_HOME}/rdbms/admin/prvtolsdd.plb |
| Subprograms |
|
| |
| ALTER_POLICY |
| Alter an OLS policy |
sa_sysdba.alter_policy(
policy_name IN VARCHAR2,
default_options IN VARCHAR2,
column_name IN VARCHAR2); |
exec sa_sysdba.alter_policy('DATA_ACCESS', 'READ_CONTROL, DELETE_CONTROL'); |
| |
| CREATE_POLICY |
Creates a new Oracle Label Security policy, defines a policy-specific column name, and specifies default policy options.
After creating a policy, a role for it is created and granted to. The format of the role name is policy_DBA (for example, my_ols_pol_DBA). |
sa_sysdba.create_policy(
policy_name IN VARCHAR2,
column_name IN VARCHAR2,
default_options IN VARCHAR2); |
exec sa_sysdba.create_policy(
policy_name => 'DATA_ACCESS',
column_name => 'OLS_COL',
default_options => 'READ_CONTROL, WRITE_CONTROL'); |
| |
| DISABLE_POLICY |
| Disable an OLS policy |
sa_sysdba.disable_policy(policy_name IN VARCHAR2); |
exec lbacsys.sa_sysdba.disable_policy('DATA_ACCESS'); |
| |
| DROP_POLICY |
| Drop an OLS policy |
sa_sysdba.drop_policy(
policy_name IN VARCHAR2,
drop_column IN BOOLEAN); |
exec lbacsys.sa_sysdba.drop_policy('DATA_ACCESS', TRUE); |
| |
| ENABLE_POLICY |
| Enable an OLS policy |
sa_sysdba.enable_policy(policy_name IN VARCHAR2); |
exec lbacsys.sa_sysdba.enable_policy('DATA_ACCESS'); |