You are using an outdated browser. Please upgrade to the latest version for the best experience.
How do I narrow my search results?

After you submit your search query:

  1. On the Refine Search results page, select one or more categories of products or services from the left sidebar.
  2. Then for a category with search results, click Select to choose your product and release filters, and then click OK.

For search queries that contain multiple words, surround the query with quotes, and then resubmit your query. Example: "database cloud service"

How do I find the documentation for my product or service?

From the home page, click the technology categories for your products or services. If you do not know which category to pick, try the following features:

  • Click the Find a product tab and search for your product or service.
  • Click Browse All Products & Services at the bottom of the home page to view an alphabetical listing of products and services.
  • Apple Safari: Version 6
  • Google Chrome: Version 29 and later
  • Mozilla Firefox: Version 24 and later
  • Microsoft Internet Explorer: Version 9 and later
Results for privileges


81 to 120 of 2781 results. previous page Prev  Next next page
Results per page:  20 |  40  | 60


Label Security Administrator's Guide, 11g Release 1 (11.1)

Administering User Labels and Privileges

8.5 Setting Labels & Privileges with SA_SESSION.SET_ACCESS_PROFILEThe SET_ACCESS_PROFILE procedure sets the Oracle Label Security authorizations and privileges of … . That user assumes only the authorizations and privileges of the specified user. By contrast, the … SA_SESSION.SET_ACCESS_PROFILE Parameter Meaning policy_name The name of an existing policy user_name Name of the user whose authorizations and privileges

Label Security Administrator's Guide, 11g Release 1 (11.1)

Understanding Access Controls and Privileges

3.4.2 The Oracle Label Security Algorithm for Read Accessor less than the current session level. No privileges (other than FULL) allow the user to write … special Oracle Label Security privileges. See Also: \"Privileges Defined by Oracle Label Security

Label Security Administrator's Guide, 11g Release 1 (11.1)

Understanding Access Controls and Privileges

3.5 Using Oracle Label Security PrivilegesThis section introduces the Oracle Label Security database and row label privileges: Privileges … Defined by Oracle Label Security Policies Special Access Privileges Special Row Label Privileges System Privileges, Object Privileges, and Policy Privileges

Label Security Administrator's Guide, 11g Release 1 (11.1)

Administering User Labels and Privileges

8.1 Introduction to User Label and Privilege ManagementTo manage user labels and privileges, you must have the EXECUTE privilege for the SA_USER_ADMIN

Label Security Administrator's Guide, 11g Release 1 (11.1)

Administering User Labels and Privileges

8.2.4 SA_USER_ADMIN.ALTER_COMPARTMENTSThe ALTER_COMPARTMENTS procedure changes the write access, the default label indicator, and the row label indicator for each of the compartments in the list. Syntax: PROCEDURE ALTER_COMPARTMENTS (policy_name IN VARCHAR2, user_name IN VARCHAR2, comps IN VARCHAR2, access_mode IN VARCHAR2 DEFAULT NULL, in_def IN VARCHAR2 DEFAULT NULL, in_row IN VARCHAR2 DEFAULT NULL); Table 8-4 Parameters for SA_USER_ADMIN.ALTER_COMPARTMENTS

Label Security Administrator's Guide, 11g Release 1 (11.1)

Administering User Labels and Privileges

8.3.2 SA_USER_ADMIN.SET_DEFAULT_LABELThe SET_DEFAULT_LABEL procedure sets the user's initial session label to the one specified. Syntax: PROCEDURE SET_DEFAULT_LABELS ( policy_name IN VARCHAR2, user_name IN VARCHAR2, def_label IN VARCHAR2); Table 8-13 Parameters for SA_USER_ADMIN.SET_DEFAULT_LABEL Parameter Meaning policy_name Specifies the policy user_name Specifies the user name def_label Specifies the label string to be used to initialize

Label Security Administrator's Guide, 11g Release 1 (11.1)

Understanding Access Controls and Privileges

3.2.1 The Session LabelEach Oracle Label Security user has a set of authorizations that include: A maximum and minimum level A set of authorized compartments A set of authorized groups For each compartment and group, a specification of read-only access, or read/write access The administrator also specifies the user's initial session label when setting up these authorizations for the user. The session label is the particular

Label Security Administrator's Guide, 11g Release 1 (11.1)

Understanding Access Controls and Privileges

3.3 Understanding User AuthorizationsThere are two types of user authorizations: Authorizations Set by the Administrator Computed Session Labels

Label Security Administrator's Guide, 11g Release 1 (11.1)

Understanding Access Controls and Privileges

3.4.1 Introducing Read/Write AccessAlthough data labels are stored in a column within data records, information about user authorizations is stored in relational tables. When a user logs on, the tables are used to dynamically generate user labels for use during the session. 3.4.1.1 Difference Between Read and Write Operations Two fundamental types of access mediation on Data Manipulation language (DML) operations exist, within protected

Label Security Administrator's Guide, 11g Release 1 (11.1)

Administering User Labels and Privileges

8.2.10 SA_USER_ADMIN.DROP_GROUPSThe DROP_GROUPS procedure drops the specified groups from a user's authorizations. Syntax: PROCEDURE DROP_GROUPS (policy_name IN VARCHAR2, user_name IN VARCHAR2, groups IN VARCHAR2); Table 8-10 Parameters for SA_USER_ADMIN.DROP_GROUPS Parameter Meaning policy_name Specifies the policy user_name Specifies the user name groups A comma-delimited list of groups to drop

Label Security Administrator's Guide, 11g Release 1 (11.1)

Understanding Access Controls and Privileges

3.4 Evaluating Labels for Access MediationWhen a table is protected by an Oracle Label Security policy, the user's label components are compared to the row's label components to determine whether the user can access the data. In this way, Oracle Label Security evaluates whether the user is authorized to perform the requested operation on the data in the row. This section explains the rules and options by which user access is mediated. It

Label Security Administrator's Guide, 11g Release 1 (11.1)

Understanding Access Controls and Privileges

3.5.7 Access Mediation and Policy Enforcement OptionsAn administrator can choose from among a set of policy enforcement options when applying an Oracle Label Security policy to individual tables. These options enable enforcement to be tailored differently for each database table. In addition to the access controls based on the labels, a SQL predicate can also be associated with each table. The predicate can further define which rows in the table are

Label Security Administrator's Guide, 11g Release 1 (11.1)

Administering User Labels and Privileges

8.2.5 SA_USER_ADMIN.ADD_COMPARTMENTS8.2.5 SA_USER_ADMIN. ADD_COMPARTMENTS This procedure adds compartments to a user's authorizations, indicating whether the compartments are authorized for write as well as read. Syntax: PROCEDURE ADD_COMPARTMENTS (policy_name IN VARCHAR2, user_name IN VARCHAR2, comps IN VARCHAR2, access_model IN VARCHAR2 DEFAULT NULL, in_def IN VARCHAR2 DEFAULT NULL, in_row IN VARCHAR2 DEFAULT NULL); Table 8-5 Parameters

Label Security Administrator's Guide, 11g Release 1 (11.1)

Administering User Labels and Privileges

8.2.9 SA_USER_ADMIN.ALTER_GROUPSThe ALTER_GROUPS procedure changes the write access, the default label indicator, and the row label indicator for each of the groups in the list. Syntax: PROCEDURE ALTER_GROUPS (policy_name IN VARCHAR2, user_name IN VARCHAR2, groups IN VARCHAR2, access_mode IN VARCHAR2 DEFAULT NULL, in_def IN VARCHAR2 DEFAULT NULL, in_row IN VARCHAR2 DEFAULT NULL); Table 8-9 Parameters for SA_USER_ADMIN.ALTER_GROUPS

Label Security Administrator's Guide, 11g Release 1 (11.1)

Administering User Labels and Privileges

8.3.1 SA_USER_ADMIN.SET_USER_LABELS… See Also: \"Managing Program Unit Privileges with SET_PROG_PRIVS\"

Label Security Administrator's Guide, 11g Release 1 (11.1)

Administering User Labels and Privileges

8.4 Managing User Privileges with SA_USER_ADMIN.SET_USER_PRIVSThe SET_USER_PRIVS procedure sets policy-specific privileges for users. These privileges do not … . The new set of privileges replaces any existing privileges. A NULL value for the privileges … parameter removes the user's privileges for the policy. To assign policy privileges

Label Security Administrator's Guide, 11g Release 1 (11.1)

Understanding Access Controls and Privileges

3 Understanding Access Controls and Privilegeslabel and the user's label. This chapter examines the access controls and privileges that determine … Evaluating Labels for Access Mediation Using Oracle Label Security Privileges Working with Multiple Oracle Label Security Policies

Label Security Administrator's Guide, 11g Release 1 (11.1)

Understanding Access Controls and Privileges

3.2 Understanding Session Label and Row LabelThis section introduces the basic user labels. The Session Label The Row Label Session Label Example

Label Security Administrator's Guide, 11g Release 1 (11.1)

Understanding Access Controls and Privileges

3.4.3 The Oracle Label Security Algorithm for Write AccessIn the context of Oracle Label Security, WRITE_CONTROL enforcement determines the ability to insert, update, or delete data in a row. WRITE_CONTROL enables you to control data access with ever finer granularity. Granularity increases when compartments are added to levels. It increases again when groups are added to compartments. Access control becomes even more fine grained when you can manage the

Label Security Administrator's Guide, 11g Release 1 (11.1)

Administering User Labels and Privileges

8.2.7 SA_USER_ADMIN.DROP_ALL_COMPARTMENTSThe DROP_ALL_COMPARTMENTS procedure drops all compartments from a user's authorizations. Syntax: PROCEDURE DROP_ALL_COMPARTMENTS (policy_name IN VARCHAR2, user_name IN VARCHAR2); Table 8-7 Parameters for SA_USER_ADMIN.DROP_ALL_COMPARTMENTS Parameter Meaning policy_name Specifies the policy user_name Specifies the user name

Label Security Administrator's Guide, 11g Release 1 (11.1)

Administering User Labels and Privileges

8.3.3 SA_USER_ADMIN.SET_ROW_LABELUse the SET_ROW_LABEL procedure to set the user's initial row label to the one specified. Syntax: PROCEDURE SET_ROW_LABEL ( policy_name IN VARCHAR2, user_name IN VARCHAR2, row_label IN VARCHAR2); Table 8-14 Parameters for SA_USER_ADMIN.SET_ROW_LABEL Parameter Meaning policy_name Specifies the policy user_name Specifies the user name row_label Specifies the label string to be used to initialize the

Label Security Administrator's Guide, 11g Release 1 (11.1)

Administering User Labels and Privileges

8.7 Using Oracle Label Security ViewsThis section describes views you can use to see the user authorization and privilege assignments made by the administrator. View to Display All User Security Attributes: DBA_SA_USERS Views to Display User Authorizations by Component

Label Security Administrator's Guide, 11g Release 1 (11.1)

Understanding Access Controls and Privileges

3.1 Introducing Access MediationTo access data protected by an Oracle Label Security policy, a user must have authorizations based on the labels defined for the policy. Figure 3-1, \"Relationships Between Users, Data, and Labels\" illustrates the relationships between users, data, and labels. Data labels specify the sensitivity of data rows. User labels provide the appropriate authorizations to users. Access mediation between users

Label Security Administrator's Guide, 11g Release 1 (11.1)

Understanding Access Controls and Privileges

3.5.1 Privileges Defined by Oracle Label Security PoliciesOracle Label Security supports special privileges that allow authorized users to bypass certain … parts of the policy. Table 3-3 summarizes the full set of privileges that can be granted to users or … Label Security Privileges Security Privilege Explanation READ Allows read access to all data … groups PROFILE_ACCESS Allows a session

Label Security Administrator's Guide, 11g Release 1 (11.1)

Understanding Access Controls and Privileges

3.5.5 Access Mediation and Viewsprivileges on the view. If the underlying table (on which the view is based) is protected by Oracle Label

Label Security Administrator's Guide, 11g Release 1 (11.1)

Understanding Access Controls and Privileges

3.5.6 Access Mediation and Program Unit ExecutionUser2's system and object privileges. However, any procedure executed by User1 runs with User1's own … Oracle Label Security labels and privileges. This is true even when User1 executes stored program … : Stored program units run with the DAC privileges of the procedure's owner (User2). In addition, stored … on the label attached

Label Security Administrator's Guide, 11g Release 1 (11.1)

Understanding Access Controls and Privileges

3.6 Working with Multiple Oracle Label Security PoliciesThis section describes aspects of using multiple policies.

Label Security Administrator's Guide, 11g Release 1 (11.1)

Understanding Access Controls and Privileges

3.6.2 Multiple Oracle Label Security Policies in a Distributed EnvironmentIf you work in a distributed environment, where multiple databases may be protected by the same or different Oracle Label Security policies, your remote connections will also be controlled by Oracle Label Security. See Also: Chapter 13, \"Using Oracle Label Security with a Distributed Database\"

Label Security Administrator's Guide, 11g Release 1 (11.1)

Administering User Labels and Privileges

8.2.3 SA_USER_ADMIN.SET_GROUPSThe SET_GROUPS procedure assigns groups to a user and identifies default values for the user's session label and row label. If the write_groups are NULL, they are set to the read_groups. If the def_groups are NULL, they are set to the read_groups. If the row_groups are NULL, they are set to the groups in def_groups that are authorized for write access. All users must have their levels set before their

Label Security Administrator's Guide, 11g Release 1 (11.1)

Administering User Labels and Privileges

8.3 Managing User Labels by Label String, with SA_USER_ADMINThe following SA_USER_ADMIN procedures enable you to manage user labels by specifying the complete character label string: SA_USER_ADMIN.SET_USER_LABELS SA_USER_ADMIN.SET_DEFAULT_LABEL SA_USER_ADMIN.SET_ROW_LABEL SA_USER_ADMIN.SET_DEFAULT_LABEL

Label Security Administrator's Guide, 11g Release 1 (11.1)

Administering User Labels and Privileges

8.6 Returning User Name with SA_SESSION.SA_USER_NAMEThe SA_USER_NAME function returns the name of the current Oracle Label Security user, as set by the SET_ACCESS_PROFILE procedure (or as established at login). This is how you can determine the identity of the current user in relation to Oracle Label Security, rather than in relation to your Oracle login name. Syntax: FUNCTION SA_USER_NAME (policy_name IN VARCHAR2) RETURN VARCHAR2; Table 8-18 Parameters

Label Security Administrator's Guide, 11g Release 1 (11.1)

Administering User Labels and Privileges

8.7.2 Views to Display User Authorizations by ComponentThe following views individually display each component of the label: Table 8-19 Oracle Label Security Views View Contents DBA_SA_USER_LEVELS Displays the levels assigned to the user: minimum level, maximum level, default level, and level for the row label DBA_SA_USER_COMPARTMENTS Displays the compartments assigned to the user DBA_SA_USER_GROUPS Displays the groups assigned to the user

Label Security Administrator's Guide, 11g Release 1 (11.1)

Understanding Access Controls and Privileges

3.2.2 The Row LabelWhen a user writes data without specifying its label, a row label is assigned automatically, using the user's session label. However, the user can set the label for the written row, within certain restrictions on the components of the label he specifies. The level of this label can be set to any level within the range specified by the administrator. For example, it can be set to the level of the user's

Label Security Administrator's Guide, 11g Release 1 (11.1)

Administering User Labels and Privileges

8.2 Managing User Labels by Component, with SA_USER_ADMINThe following SA_USER_ADMIN procedures enable you to manage user labels by label component: SA_USER_ADMIN.SET_LEVELS SA_USER_ADMIN.SET_COMPARTMENTS SA_USER_ADMIN.SET_GROUPS SA_USER_ADMIN.ADD_COMPARTMENTS SA_USER_ADMIN.ALTER_COMPARTMENTS SA_USER_ADMIN.DROP_COMPARTMENTS SA_USER_ADMIN.DROP_ALL_COMPARTMENTS SA_USER_ADMIN.ADD_GROUPS SA_USER_ADMIN.ALTER_GROUPS SA_USER_ADMIN.DROP_GROUPS SA_USER_ADMIN.DROP_ALL_GROUPS

Database Security Guide, 11g Release 1 (11.1)

Configuring Privilege and Role Authorization

Why Is It Important to Restrict System Privileges?Because system privileges are so powerful, by default the database is configured to prevent typical … (non-administrative) users from exercising the ANY system privileges (such as UPDATE ANY TABLE ) on … the data dictionary. See \"Guidelines for Securing User Accounts and Privileges\" for additional … guidelines about restricting

Database Security Guide, 11g Release 1 (11.1)

Configuring Privilege and Role Authorization

Securing Role Privileges by Using Secure Application Rolesdirectly from the application when the user logs in, before the user exercises the privileges granted … framework of the application privileges that they have been granted. See Also: \"Creating Secure Application

Database Security Guide, 11g Release 1 (11.1)

Verifying Security Access with Auditing

Using Default Auditing for Security-Relevant SQL Statements and Privileges, Oracle Database audits the most commonly used security-relevant SQL statements and privileges. It also … do that: Oracle Database continues to audit the privileges that are audited by default. If you … Database audits the AUDIT ROLE SQL statement by default. The privileges that are audited by default are as … statements and

Database Security Guide, 11g Release 1 (11.1)

Managing Security for Application Developers

Table 5-2 How Privileges Relate to Schema ObjectsObject Privilege Applies to Table? Applies to View? Applies to Sequence? Applies to Procedure? Foot 1  ALTER Yes No Yes No DELETE Yes Yes No No EXECUTE No No No Yes INDEX Yes Foot 2  No No No INSERT Yes Yes No No REFERENCES Yes No No No SELECT Yes Yes Foot 3  Yes No UPDATE Yes Yes No No See also \"Auditing Schema Objects\" for detailed information about how schema objects can be audited.

Database Security Guide, 11g Release 1 (11.1)

Verifying Security Access with Auditing

Auditing SQL Statements and Privileges in a Multitier EnvironmentYou can use the AUDIT statement to audit the activities of a client in a multitier environment. In a multitier environment, Oracle Database preserves the identity of a client through all tiers. Thus, you can audit actions taken on behalf of the client by a middle-tier application. To do so, use the BY user clause in your AUDIT statement. This audit includes the user session as well as proxy sessions.

Database Security Guide, 11g Release 1 (11.1)

Managing Security for Application Developers

What Application Developers Need to Know About Object PrivilegesEnd users are typically granted object privileges. An object privilege allows a user to perform a … summarizes the object privileges available for each type of object.