Oracle Label Security Administrator's Guide -- Contents

Audience

Organization

Related Documentation

Conventions

Documentation Accessibility

Computer Security and Data Access Controls

Introduction to Computer Security

Oracle Label Security and Security Standards

Security Policies

Access Control

Discretionary Access Control

Label-Based Access Control

How Label-Based Access Control Works with Discretionary Access Control

Oracle Label Security Architecture

Oracle9i Enterprise Edition: Virtual Private Database Technology

Oracle Label Security: An Out-of-the-Box VPD Policy

Features of Oracle Label Security

Overview of Oracle Label Security Policy Functionality

Label Policy Framework Features

Data Labels

Label Authorizations

Policy Privileges

Policy Enforcement Options

Summary: Four Aspects of Label-Based Row Access

Auditing Features

Oracle Label Security Distributed Capabilities

Introduction to Label-Based Security

Label Components

Label Component Definitions and Valid Characters

Levels

Compartments

Groups

Industry Examples of Levels, Compartments, and Groups

Label Syntax and Type

How Data Labels and User Labels Work Together

Administering Labels

Introduction to Access Mediation

Understanding Session Label and Row Label

The Session Label

The Row Label

Session Label Example

Understanding User Authorizations

Authorizations Set by the Administrator

Authorized Levels

Authorized Compartments

Authorized Groups

Computed Session Labels

How Labels Are Evaluated for Access Mediation

Introduction to Read/Write Access

Difference Between Read and Write Operations

Propagation of Read/Write Authorizations on Groups

The Oracle Label Security Algorithm for Read Access

The Oracle Label Security Algorithm for Write Access

Using Oracle Label Security Privileges

Privileges Defined by Oracle Label Security Policies

Special Access Privileges

Special Row Label Privileges

WRITEUP

WRITEDOWN

WRITEACROSS

System Privileges, Object Privileges, and Policy Privileges

Access Mediation and Views

Access Mediation and Program Unit Execution

Access Mediation and Policy Enforcement Options

Multiple Oracle Label Security Policies

Multiple Oracle Label Security Policies in a Single Database

Multiple Oracle Label Security Policies in a Distributed Environment

The Policy Label Column and Label Tags

The Policy Label Column

Hiding the Policy Label Column

Example 1: Numeric Column Datatype (NUMBER)

Example 2: Numeric Column Datatype with Hidden Column

Label Tags

Manually Defining Label Tags to Order Labels

Manually Defining Label Tags to Manipulate Data

Automatically Generated Label Tags

Presenting the Label

Converting a Character String to a Label Tag, with CHAR_TO_LABEL

Converting a Label Tag to a Character String, with LABEL_TO_CHAR

LABEL_TO_CHAR Examples

Retrieving All Columns from a Table When Policy Label Column Is Hidden

Filtering Data Using Labels

Using Numeric Label Tags in WHERE Clauses

Ordering Labeled Data Rows

Ordering by Character Representation of Label

Determining Upper and Lower Bounds of Labels

Finding Least Upper Bound with LEAST_UBOUND

Finding Greatest Lower Bound with GREATEST_LBOUND

Merging Labels with the MERGE_LABEL Function

Inserting Labeled Data

Inserting Labels Using CHAR_TO_LABEL

Inserting Labels Using Numeric Label Tag Values

Inserting Data Without Specifying a Label

Inserting Data When the Policy Label Column Is Hidden

Inserting Labels Using TO_DATA_LABEL

Changing Your Session and Row Labels with SA_SESSION

SA_SESSION Functions to Change Session and Row Labels

Changing the Session Label with SA_SESSION.SET_LABEL

Changing the Row Label with SA_SESSION.SET_ROW_LABEL

Restoring Label Defaults with SA_SESSION.RESTORE_DEFAULT_LABELS

Saving Label Defaults with SA_SESSION.SAVE_DEFAULT_LABELS

Viewing Session Attributes with SA_SESSION Functions

USER_SA_SESSION View to Return All Security Attributes

Functions to Return Individual Security Attributes

Oracle Label Security Administrative Task Overview

Step 1: Create the Policy

Step 2: Define the Components of the Labels

Step 3: Identify the Set of Valid Data Labels

Step 4: Apply the Policy to Tables and Schemas

Step 5: Authorize Users

Step 6: Create and Authorize Trusted Program Units (Optional)

Step 7: Configure Auditing (Optional)

Organizing the Duties of Oracle Label Security Administrators

Choosing an Oracle Label Security Administrative Interface

Oracle Label Security Packages

Oracle Label Security Demonstration File

Oracle Policy Manager

Using the SA_SYSDBA Package to Manage Security Policies

Who Can Use the SA_SYSDBA Package

Who Can Administer a Policy

Valid Characters for Policy Specifications

Creating a Policy with SA_SYSDBA.CREATE_POLICY

Modifying Policy Options with SA_SYSDBA.ALTER_POLICY

Disabling a Policy with SA_SYSDBA.DISABLE_POLICY

Enabling a Policy with SA_SYSDBA.ENABLE_POLICY

Removing a Policy with SA_SYSDBA.DROP_POLICY

Using the SA_COMPONENTS Package to Define Label Components

Using Overloaded Procedures

Creating a Level with SA_COMPONENTS.CREATE_LEVEL

Modifying a Level with SA_COMPONENTS.ALTER_LEVEL

Removing a Level with SA_COMPONENTS.DROP_LEVEL

Creating a Compartment with SA_COMPONENTS.CREATE_COMPARTMENT

Modifying a Compartment with SA_COMPONENTS.ALTER_COMPARTMENT

Removing a Compartment with SA_COMPONENTS.DROP_COMPARTMENT

Creating a Group with SA_COMPONENTS.CREATE_GROUP

Modifying a Group with SA_COMPONENTS.ALTER_GROUP

Modifying a Group Parent with SA_COMPONENTS.ALTER_GROUP_PARENT

Removing a Group with SA_COMPONENTS.DROP_GROUP

Using the SA_LABEL_ADMIN Package to Specify Valid Labels

Creating a Valid Data Label with SA_LABEL_ADMIN.CREATE_LABEL

Modifying a Label with SA_LABEL_ADMIN.ALTER_LABEL

Deleting a Label with SA_LABEL_ADMIN.DROP_LABEL

Introduction to User Label and Privilege Management

Managing User Labels by Component, with SA_USER_ADMIN

SA_USER_ADMIN.SET_LEVELS

SA_USER_ADMIN.SET_COMPARTMENTS

SA_USER_ADMIN.SET_GROUPS

SA_USER_ADMIN.ALTER_COMPARTMENTS

SA_USER_ADMIN.ADD_COMPARTMENTS

SA_USER_ADMIN.DROP_COMPARTMENTS

SA_USER_ADMIN.DROP_ALL_COMPARTMENTS

SA_USER_ADMIN.ADD_GROUPS

SA_USER_ADMIN.ALTER_GROUPS

SA_USER_ADMIN.DROP_GROUPS

SA_USER_ADMIN.DROP_ALL_GROUPS

Managing User Labels by Label String, with SA_USER_ADMIN

SA_USER_ADMIN.SET_USER_LABELS

SA_USER_ADMIN.SET_DEFAULT_LABEL

SA_USER_ADMIN.SET_ROW_LABEL

SA_USER_ADMIN.DROP_USER_ACCESS

Managing User Privileges with SA_USER_ADMIN.SET_USER_PRIVS

Setting Labels & Privileges with SA_SESSION.SET_ACCESS_PROFILE

Returning User Name with SA_SESSION.SA_USER_NAME

Using Oracle Label Security Views

View to Display All User Security Attributes: DBA_SA_USERS

Views to Display User Authorizations by Component

Choosing Policy Options

Overview of Policy Enforcement Options

The HIDE Policy Column Option

The Label Management Enforcement Options

LABEL_DEFAULT: Using the Session's Default Row Label

LABEL_UPDATE: Changing Data Labels

CHECK_CONTROL: Checking Data Labels

The Access Control Enforcement Options

READ_CONTROL: Reading Data

WRITE_CONTROL: Writing Data

INSERT_CONTROL, UPDATE_CONTROL, and DELETE_CONTROL

The Overriding Enforcement Options

Guidelines for Using the Policy Enforcement Options

Exemptions from Oracle Label Security Policy Enforcement

Viewing Policy Options on Tables and Schemas

Using a Labeling Function

Approaches to Data Labeling

How Labeling Functions Work

Creating a Labeling Function

Specifying a Labeling Function

Policy Options and Labeling Functions: Inserting Labeled Data

Enforcement Control Options and INSERT

Inserting Labels When a Labeling Function is Specified

Inserting Child Rows into Tables with Declarative Referential Integrity Enabled

Policy Options and Labeling Functions: Updating Labeled Data

Updating Labels Using CHAR_TO_LABEL

Enforcement Control Options and UPDATE

Updating Labels When a Labeling Function Is Specified

Updating Child Rows in Tables with Declarative Referential Integrity Enabled

Policy Options and Labeling Functions: Deleting Labeled Data

Using a SQL Predicate with an Oracle Label Security Policy

SQL Predicates Used with an Oracle Label Security Policy

Effect of Multiple SQL Predicates Under Oracle Label Security

Policy Administration Terminology

Policy Administration Functions for Tables and Schemas

Administering Policies on Tables Using SA_POLICY_ADMIN

Applying a Policy with SA_POLICY_ADMIN.APPLY_TABLE_POLICY

Removing a Policy with SA_POLICY_ADMIN.REMOVE_TABLE_POLICY

Disabling a Policy with SA_POLICY_ADMIN.DISABLE_TABLE_POLICY

Re-enabling a Policy with SA_POLICY_ADMIN.ENABLE_TABLE_POLICY

Administering Policies on Schemas with SA_POLICY_ADMIN

Applying a Policy with SA_POLICY_ADMIN.APPLY_SCHEMA_POLICY

Altering Enforcement Options: SA_POLICY_ADMIN.ALTER_SCHEMA_POLICY

Removing a Policy with SA_POLICY_ADMIN.REMOVE_SCHEMA_POLICY

Disabling a Policy with SA_POLICY_ADMIN.DISABLE_SCHEMA_POLICY

Re-Enabling a Policy with SA_POLICY_ADMIN.ENABLE_SCHEMA_POLICY

Policy Issues for Schemas

Introduction to Trusted Stored Program Units

How a Trusted Stored Program Unit Executes

Trusted Stored Program Unit Example

Managing Program Unit Privileges with SET_PROG_PRIVS

Creating and Compiling Trusted Stored Program Units

Creating Trusted Stored Program Units

Setting Privileges for Trusted Stored Program Units

Re-Compiling Trusted Stored Program Units

Recreating Trusted Stored Program Units

Executing Trusted Stored Program Units

Using SA_UTL Functions to Set and Return Label Information

Viewing Session Label and Row Label Using SA_UTL

SA_UTL.NUMERIC_LABEL

SA_UTL.NUMERIC_ROW_LABEL

SA_UTL.DATA_LABEL

Setting the Session Label and Row Label Using SA_UTL

SA_UTL.SET_LABEL

SA_UTL.SET_ROW_LABEL

Returning Greatest Lower Bound and Least Upper Bound

GREATEST_LBOUND

LEAST_UBOUND

Overview of Oracle Label Security Auditing

Enabling Systemwide Auditing: AUDIT_TRAIL Initialization Parameter

Enabling Oracle Label Security Auditing with SA_AUDIT_ADMIN

Auditing Options for Oracle Label Security

Enabling Oracle Label Security Auditing with SA_AUDIT_ADMIN.AUDIT

Disabling Oracle Label Security Auditing with SA_AUDIT_ADMIN.NOAUDIT

Examining Audit Options with the DBA_SA_AUDIT_OPTIONS View

Managing Policy Label Auditing

Policy Label Auditing with SA_AUDIT_ADMIN.AUDIT_LABEL

Disabling Policy Label Auditing with SA_AUDIT_ADMIN.NOAUDIT_LABEL

Finding Label Audit Status with AUDIT_LABEL_ENABLED

Creating and Dropping an Audit Trail View for Oracle Label Security

Creating a View with SA_AUDIT_ADMIN.CREATE_VIEW

Dropping the View with SA_AUDIT_ADMIN.DROP_VIEW

Oracle Label Security Auditing Tips

Strategy for Setting SA_AUDIT_ADMIN Options

Auditing Privileged Operations

An Oracle Label Security Distributed Configuration

Connecting to a Remote Database Under Oracle Label Security

Establishing Session Label and Row Label for a Remote Session

Setting Up Labels in a Distributed Environment

Setting Label Tags in a Distributed Environment

Setting Numeric Form of Label Components in a Distributed Environment

Using Oracle Label Security Policies in a Distributed Environment

Using Replication with Oracle Label Security

Introduction to Replication Under Oracle Label Security

Replication Functionality Supported by Oracle Label Security

Row Level Security Restriction on Replication Under Oracle Label Security

Contents of a Materialized View

How Materialized View Contents Are Determined

Complete Materialized Views

Partial Materialized Views

Requirements for Creating Materialized Views Under Oracle Label Security

Requirements for the REPADMIN Account

Requirements for the Owner of the Materialized View

Requirements for Creating Partial Multilevel Materialized Views

Requirements for Creating Complete Multilevel Materialized Views

How to Refresh Materialized Views

Using the Export Utility with Oracle Label Security

Using the Import Utility with Oracle Label Security

Requirements for Import Under Oracle Label Security

Preparing the Import Database

Verifying Import User Authorizations

Defining Data Labels for Import

Importing Labeled Data Without Installing Oracle Label Security

Importing Unlabeled Data

Importing Tables with Hidden Columns

Using SQL*Loader with Oracle Label Security

Requirements for Using SQL*Loader Under Oracle Label Security

Oracle Label Security Input to SQL*Loader

Performance Tips for Oracle Label Security

Using ANALYZE to Improve Oracle Label Security Performance

Creating Indexes on the Policy Label Column

Planning a Label Tag Strategy to Enhance Performance

Partitioning Data Based on Numeric Label Tags

Creating Additional Databases After Installation

Introduction to Inverse Groups and Releasability

Comparing Standard Groups and Inverse Groups

How Inverse Groups Work

Implementing Inverse Groups with the INVERSE_GROUP Enforcement Option

Inverse Groups and Label Components

Computed Labels with Inverse Groups

Computed Session Labels with Inverse Groups

Inverse Groups and Computed Max Read Groups and Max Write Groups

Inverse Groups and Hierarchical Structure

Inverse Groups and User Privileges

Algorithm for Read Access with Inverse Groups

Algorithm for Write Access with Inverse Groups

Algorithms for COMPACCESS Privilege with Inverse Groups

Session Labels and Inverse Groups

Inverse Groups with SA_USER_ADMIN.SET_DEFAULT_LABEL and SA_USER_ADMIN.SET_ROW_LABEL

Rules for Changing Default Labels with Standard Groups

Rules for Changing Default Labels with Inverse Groups

Inverse Groups with SA_SESSION.SET_ROW_LABEL and SA_SESSION.SET_LABEL

Rules for Changing Session Label with Standard Groups

Rules for Changing Session Label and Row Label with Inverse Groups

Examples of Session Labels and Inverse Groups

Inverse Groups Example 1

Inverse Groups Example 2

Changes in Behavior of Procedures with Inverse Groups

SYSDBA.CREATE_POLICY with Inverse Groups

SYSDBA.ALTER_POLICY with Inverse Groups

SA_USER_ADMIN.ADD_GROUPS with Inverse Groups

SA_USER_ADMIN.ALTER_GROUPS with Inverse Groups

SA_USER_ADMIN.SET_GROUPS with Inverse Groups

SA_USER_ADMIN.SET_USER_LABELS with Inverse Groups

SA_USER_ADMIN.SET_DEFAULT_LABEL with Inverse Groups

SA_USER_ADMIN.SET_ROW_LABEL with Inverse Groups

SA_COMPONENTS.CREATE_GROUP with Inverse Groups

SA_COMPONENTS.ALTER_GROUP_PARENT with Inverse Groups

SA_SESSION.SET_LABEL with Inverse Groups

SA_SESSION.SET_ROW_LABEL with Inverse Groups

LEAST_UBOUND with Inverse Groups

GREATEST_LBOUND with Inverse Groups

Dominance Rules for Labels with Inverse Groups

Analyzing the Relationships Between Labels

Dominant and Dominated Labels

Non-Comparable Labels

Using Dominance Functions

DOMINATES Standalone Function

STRICTLY_DOMINATES Standalone Function

DOMINATED_BY Standalone Function

STRICTLY_DOMINATED_BY Standalone Function

SA_UTL.DOMINATES

SA_UTL.STRICTLY_DOMINATES

SA_UTL.DOMINATED_BY

SA_UTL.STRICTLY_DOMINATED_BY

OCI Interface for Setting Session Labels

Oracle Label Security Data Dictionary Tables and Views

Restrictions in Oracle Label Security

CREATE TABLE AS SELECT Restriction in Oracle Label Security

Label Tag Restriction

Export Restriction in Oracle Label Security

Oracle Label Security Deinstallation Restriction

Shared Schema Support

Hidden Columns Restriction

Contents

Title and Copyright Information

Send Us Your Comments

Preface

1 Introduction to Oracle Label Security

2 Understanding Data Labels and User Labels

3 Understanding Access Controls and Privileges

4 Working with Labeled Data

5 Creating an Oracle Label Security Policy

6 Administering User Labels and Privileges

7 Implementing Policy Options and Labeling Functions

8 Applying Policies to Tables and Schemas

9 Administering and Using Trusted Stored Program Units

10 Auditing Under Oracle Label Security

11 Using Oracle Label Security with a Distributed Database

12 Performing DBA Functions Under Oracle Label Security

13 Releasability Using Inverse Groups

A Advanced Topics in Oracle Label Security

B Reference

Index