Oracle Label Security Administrator's Guide
Release 9.0.1
Part Number A90149-01
Go To Documentation Library
Home		 Go To Product List
Book List		 Go To Table Of Contents
Contents		 Go To Index
Index
Master Index
Feedback

Go to previous page Go to next page

B
Reference

This appendix provides the following reference information:

Oracle Label Security Data Dictionary Tables and Views

Oracle9i Data Dictionary Tables

Oracle Label Security does not in any way label the Oracle9i data dictionary tables. Access is controlled by standard Oracle9i system and object privileges. For a description of all data dictionary tables and views, see the Oracle9i Reference

Oracle Label Security Data Dictionary Views

Oracle Label Security maintains an independent set of data dictionary tables. These tables are exempt from any policy enforcement. This section lists the views which can display information related to Oracle Label Security.

Note that access to the DBA views is granted by default to the SELECT_CATALOG_ROLE, a standard Oracle9i role which lets you examine the Oracle9i data dictionary.

ALL_SA_AUDIT_OPTIONS

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

USER_NAME 

NOT NULL 

VARCHAR2(30) 

APY 

 

VARCHAR2(3) 

REM 

 

VARCHAR2(3) 

SET_ 

 

VARCHAR2(3) 

PRV 

 

VARCHAR2(3) 

ALL_SA_COMPARTMENTS

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

COMP_NUM 

NOT NULL 

NUMBER(4) 

SHORT_NAME 

NOT NULL 

VARCHAR2(30) 

LONG_NAME 

NOT NULL 

VARCHAR2(80) 

ALL_SA_DATA_LABELS

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

LABEL 

 

VARCHAR2(4000) 

LABEL_TAG 

 

NUMBER 

ALL_SA_GROUPS

Name   Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

GROUP_NUM 

NOT NULL 

NUMBER(4) 

SHORT_NAME 

NOT NULL 

VARCHAR2(30) 

LONG_NAME 

NOT NULL 

VARCHAR2(80) 

PARENT_NUM 

 

NUMBER(4) 

PARENT_NAME 

 

VARCHAR2(30) 

ALL_SA_LABELS

Access to ALL_SA_LABELS is PUBLIC, however only the labels authorized for read access by the session are visible.

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

LABEL 

 

VARCHAR2(4000) 

LABEL_TAG 

 

NUMBER 

LABEL_TYPE 

 

VARCHAR2(15) 

ALL_SA_LEVELS

Name  Null?  Type 

POLICY_NAME 

 

VARCHAR2(30) 

LEVEL_NUM 

 

NUMBER(4) 

SHORT_NAME 

 

VARCHAR2(30) 

LONG_NAME 

 

VARCHAR2(80) 

ALL_SA_POLICIES

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

COLUMN_NAME 

NOT NULL 

VARCHAR2(30) 

STATUS 

 

VARCHAR2(8) 

POLICY_OPTIONS 

 

VARCHAR2(4000) 

ALL_SA_PROG_PRIVS

Name  Null?  Type 

SCHEMA_NAME 

NOT NULL 

VARCHAR2(30) 

PROGRAM_NAME 

NOT NULL 

VARCHAR(30) 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

PROGRAM_PRIVILEGES 

 

VARCHAR2(4000) 

ALL_SA_SCHEMA_POLICIES

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

SCHEMA_NAME 

NOT NULL 

VARCHAR2(30) 

STATUS 

 

VARCHAR2(8) 

SCHEMA_OPTIONS 

 

VARCHAR2(4000) 

ALL_SA_TABLE_POLICIES

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

SCHEMA_NAME 

NOT NULL 

VARCHAR2(30) 

TABLE_NAME 

NOT NULL 

VARCHAR2(30) 

STATUS 

 

VARCHAR2(8) 

TABLE_OPTIONS 

 

VARCHAR2(4000) 

FUNCTION 

 

VARCHAR2(1024) 

PREDICATE 

 

VARCHAR2(256) 

ALL_SA_USERS

Name  Null?  Type 

USER_NAME 

NOT NULL 

VARCHAR2(30) 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

USER_PRIVILEGES 

 

VARCHAR2(4000) 

USER_LABELS 

 

VARCHAR2(4000) 

ALL_SA_USER_LABELS

Name  Null?  Type 

USER_NAME 

NOT NULL 

VARCHAR2(30) 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

LABELS 

 

VARCHAR2(4000) 

ALL_SA_USER_LEVELS

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

USER_NAME 

NOT NULL 

VARCHAR2(30) 

MAX_LEVEL 

NOT NULL 

VARCHAR2(30) 

MIN_LEVEL 

NOT NULL 

VARCHAR2(30) 

DEF_LEVEL 

NOT NULL 

VARCHAR2(30) 

ROW_LEVEL 

NOT NULL 

VARCHAR2(30) 

ALL_SA_USER_PRIVS

Name  Null?  Type 

USER_NAME 

NOT NULL 

VARCHAR2(30) 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

USER_PRIVILEGES 

 

VARCHAR2(4000) 

DBA_SA_AUDIT_OPTIONS

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

USER_NAME 

NOT NULL 

VARCHAR2(30) 

APY 

 

VARCHAR2(3) 

REM 

 

VARCHAR2(3) 

SET_ 

 

VARCHAR2(3) 

PRV 

 

VARCHAR2(3) 

DBA_SA_COMPARTMENTS

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

COMP_NUM 

NOT NULL 

NUMBER(4) 

SHORT_NAME 

NOT NULL 

VARCHAR2(30) 

LONG_NAME 

NOT NULL 

VARCHAR2(80) 

DBA_SA_DATA_LABELS

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

LABEL 

 

VARCHAR2(4000) 

LABEL_TAG 

 

NUMBER 

DBA_SA_GROUPS

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

GROUP_NUM 

NOT NULL 

NUMBER(4) 

SHORT_NAME 

NOT NULL 

VARCHAR2(30) 

LONG_NAME 

NOT NULL 

VARCHAR2(80) 

PARENT_NUM 

 

NUMBER(4) 

PARENT_NAME 

 

VARCHAR2(30) 

DBA_SA_GROUP_HIERARCHY

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

HIERARCHY_LEVEL 

 

NUMBER 

GROUP_NAME 

 

VARCHAR2(4000) 

DBA_SA_LABELS

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

LABEL 

 

VARCHAR2(4000) 

LABEL_TAG 

 

NUMBER 

LABEL_TYPE 

 

VARCHAR2(15) 

DBA_SA_LEVELS

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

LEVEL_NUM 

NOT NULL 

NUMBER(4) 

SHORT_NAME 

NOT NULL 

VARCHAR2(30) 

LONG_NAME 

NOT NULL 

VARCHAR2(80) 

DBA_SA_POLICIES

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

COLUMN_NAME 

NOT NULL 

VARCHAR2(30) 

STATUS 

 

VARCHAR2(8) 

POLICY_OPTIONS 

 

VARCHAR2(4000) 

DBA_SA_PROG_PRIVS

Name  Null?  Type 

SCHEMA_NAME 

NOT NULL 

VARCHAR2(30) 

PROGRAM_NAME  

NOT NULL 

VARCHAR2(30) 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

PROGRAM_PRIVILEGES 

 

VARCHAR2(4000) 

DBA_SA_SCHEMA_POLICIES

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

SCHEMA_NAME 

NOT NULL 

VARCHAR2(30) 

STATUS 

 

VARCHAR2(8) 

SCHEMA_OPTIONS 

 

VARCHAR2(4000) 

DBA_SA_TABLE_POLICIES

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

SCHEMA_NAME 

NOT NULL 

VARCHAR2(30) 

TABLE_NAME 

NOT NULL 

VARCHAR2(30) 

STATUS 

 

VARCHAR2(8) 

TABLE_OPTIONS 

 

VARCHAR2(4000) 

FUNCTION 

 

VARCHAR2(1024) 

PREDICATE 

 

VARCHAR2(256) 

DBA_SA_USERS

Name  Null?  Type 

USER_NAME 

NOT NULL 

VARCHAR2(30) 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

USER_PRIVILEGES 

 

VARCHAR2(4000) 

USER_LABELS 

 

VARCHAR2(4000) 

DBA_SA_USER_COMPARTMENTS

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

USER_NAME 

NOT NULL 

VARCHAR2(30) 

COMP 

NOT NULL 

VARCHAR2(30) 

RW_ACCESS 

 

VARCHAR2(5) 

DEF_COMP 

NOT NULL 

VARCHAR2(1) 

ROW_COMP 

NOT NULL 

VARCHAR2(1) 

DBA_SA_USER_GROUPS

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

USER_NAME 

NOT NULL 

VARCHAR2(30) 

GRP 

NOT NULL 

VARCHAR2(30) 

RW_ACCESS 

 

VARCHAR2(5) 

DEF_GROUP 

NOT NULL 

VARCHAR2(1) 

ROW_GROUP 

NOT NULL 

VARCHAR2(1) 

DBA_SA_USER_LABELS

Name  Null?  Type 

USER_NAME 

NOT NULL 

VARCHAR2(30) 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

LABELS 

 

VARCHAR2(4000) 

DBA_SA_USER_LEVELS

Name  Null?  Type 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

USER_NAME 

NOT NULL 

VARCHAR2(30) 

MAX_LEVEL 

NOT NULL 

VARCHAR2(30) 

MIN_LEVEL 

NOT NULL 

VARCHAR2(30) 

DEF_LEVEL 

NOT NULL 

VARCHAR2(30) 

ROW_LEVEL 

NOT NULL 

VARCHAR2(30) 

DBA_SA_USER_PRIVS

Name  Null?  Type 

USER_NAME 

NOT NULL 

VARCHAR2(30) 

POLICY_NAME 

NOT NULL 

VARCHAR2(30) 

USER_PRIVILEGES 

 

VARCHAR2(4000) 

Oracle Label Security Auditing Views

Using the SA_AUDIT_ADMIN.CREATE_VIEW procedure, you can create an audit trail view for the specified policy. By default, this view is named DBA_policyname_AUDIT_TRAIL.

The DBA_SA_AUDIT_OPTIONS view contains the columns POLICY_NAME, USER_NAME, APY, SET_, and PRV.

See Also:

"Creating and Dropping an Audit Trail View for Oracle Label Security" 

Restrictions in Oracle Label Security

The following restrictions exist in this Oracle Label Security release:

CREATE TABLE AS SELECT Restriction in Oracle Label Security

If you attempt to perform CREATE TABLE AS SELECT in a schema which is protected by an Oracle Label Security policy, the statement will fail.

Label Tag Restriction

Label tags must be unique across all policies in the database. When you use multiple policies in a database, you cannot use the same numeric label tag in different policies.

Export Restriction in Oracle Label Security

The LBACSYS schema cannot be exported due to the use of opaque types in Oracle Label Security. To export an entire database, you must individually specify all of the schemas and/or tables (except for the LBACSYS schema). Use standard backup techniques to back up the LBACSYS schema.

Oracle Label Security Deinstallation Restriction

Do not perform a DROP USER CASCADE on the LBACSYS account.

Connect to the database as user SYS, using the AS SYSDBA syntax, and run the file $ORACLE_HOME/rdbms/admin/catnools.sql to deinstall Oracle Label Security.

See Also:

Your platform-specific Oracle installation documentation 

Shared Schema Support

User accounts defined in the Oracle Internet Directory cannot be given individual Oracle Label Security authorizations. However, authorizations can be given to the shared schema to which the directory users are mapped.

The Oracle Label Security function SET_ACCESS_PROFILE can be used programmatically to set the label authorization profile to use after a user has been authenticated and mapped to a shared schema. Oracle Label Security does not enforce a mapping between users who are given label authorizations in Oracle Label Security and actual database users.

Hidden Columns Restriction

PL/SQL does not recognize references to hidden columns in tables. A compiler error will be generated.

Go to previous page Go to next page
Oracle
Copyright © 1996-2001, Oracle Corporation.
All Rights Reserved.
Go To Documentation Library
Home		 Go To Product List
Book List		 Go To Table Of Contents
Contents		 Go To Index
Index
Master Index
Feedback