20 Oracle Database Vault Oracle Label Security APIs
You can use the DBMS_MACADM
PL/SQL package to manage Oracle Label Security labels and policies in Oracle Database Vault.
- CREATE_MAC_POLICY Procedure
TheCREATE_MAC_POLICY
procedure specifies the algorithm to merge labels when computing the label for a factor, or the Oracle Label Security Session label. - CREATE_POLICY_LABEL Procedure
TheCREATE_POLICY_LABEL
procedure labels an identity within an Oracle Label Security policy. - DELETE_MAC_POLICY_CASCADE Procedure
TheDELETE_MAC_POLICY_CASCADE
procedure deletes all Oracle Database Vault objects related to an Oracle Label Security policy. - DELETE_POLICY_FACTOR Procedure
TheDELETE_POLICY_FACTOR
procedure removes the factor from contributing to the Oracle Label Security label. - DELETE_POLICY_LABEL Procedure
TheDELETE_POLICY_LABEL
procedure removes the label from an identity within an Oracle Label Security policy. - UPDATE_MAC_POLICY Procedure
TheUPDATE_MAC_POLICY
procedure specifies the algorithm to merge labels when computing the label for a factor, or the Oracle Label Security Session label.
20.1 CREATE_MAC_POLICY Procedure
The CREATE_MAC_POLICY
procedure specifies the algorithm to merge labels when computing the label for a factor, or the Oracle Label Security Session label.
Syntax
DBMS_MACADM.CREATE_MAC_POLICY( policy_name IN VARCHAR2, algorithm IN VARCHAR2);
Parameters
Table 20-1 CREATE_MAC_POLICY Parameters
Parameter | Description |
---|---|
|
Name of an existing policy. To find existing policies in the current database instance, query the |
|
Merge algorithm for cases when Oracle Label Security has merged two labels. Enter the code listed in Table 20-2 that corresponds to the merge algorithm you want. For example, enter |
Table 20-2 Oracle Label Security Merge Algorithm Codes
Code | Value |
---|---|
|
Maximum Level/Union/Union |
|
Maximum Level/Intersection/Union |
|
Maximum Level/Minus/Union |
|
Maximum Level/Null/Union |
|
Maximum Level/Union/Intersection |
|
Maximum Level/Intersection/Intersection |
|
Maximum Level/Minus/Intersection |
|
Maximum Level/Null/Intersection |
|
Maximum Level/Union/Minus |
|
Maximum Level/Intersection/Minus |
|
Maximum Level/Minus/Minus |
|
Maximum Level/Null/Minus |
|
Maximum Level/Union/Null |
|
Maximum Level/Intersection/Null |
|
Maximum Level/Minus/Null |
|
Maximum Level/Null/Null |
|
Minimum Level/Union/Union |
|
Minimum Level/Intersection/Union |
|
Minimum Level/Minus/Union |
|
Minimum Level/Null/Union |
|
Minimum Level/Union/Intersection |
|
Minimum Level/Intersection/Intersection |
|
Minimum Level/Minus/Intersection |
|
Minimum Level/Null/Intersection |
|
Minimum Level/Union/Minus |
|
Minimum Level/Intersection/Minus |
|
Minimum Level/Minus/Minus |
|
Minimum Level/Null/Minus |
|
Minimum Level/Union/Null |
|
Minimum Level/Intersection/Null |
|
Minimum Level/Minus/Null |
|
Minimum Level/Null/Null |
Example
BEGIN DBMS_MACADM.CREATE_MAC_POLICY( policy_name => 'Access Locations', algorithm => 'HUU'); END; /
Parent topic: Oracle Database Vault Oracle Label Security APIs
20.2 CREATE_POLICY_LABEL Procedure
The CREATE_POLICY_LABEL
procedure labels an identity within an Oracle Label Security policy.
Syntax
DBMS_MACADM.CREATE_POLICY_LABEL( identity_factor_name IN VARCHAR2, identity_factor_value IN VARCHAR2, policy_name IN VARCHAR2, label IN VARCHAR2);
Parameters
Table 20-3 CREATE_POLICY_LABEL Parameters
Parameter | Description |
---|---|
|
Name of the factor being labeled. To find existing factors in the current database instance, query the To find factors that are associated with Oracle Label Security policies, use |
|
Value of identity for the factor being labeled. To find the identities of existing factors in the current database instance, query the |
|
Name of an existing policy. To find existing policies in the current database instance, query the |
|
Oracle Label Security label name. To find existing policy labels for factor identifiers, query the |
Example
BEGIN DBMS_MACADM.CREATE_POLICY_LABEL( identity_factor_name => 'App_Host_Name', identity_factor_value => 'Sect2_Fin_Apps', policy_name => 'Access Locations', label => 'Sensitive'); END; /
Parent topic: Oracle Database Vault Oracle Label Security APIs
20.3 DELETE_MAC_POLICY_CASCADE Procedure
The DELETE_MAC_POLICY_CASCADE
procedure deletes all Oracle Database Vault objects related to an Oracle Label Security policy.
Syntax
DBMS_MACADM.DELETE_MAC_POLICY_CASCADE( policy_name IN VARCHAR2);
Parameters
Table 20-4 DELETE_MAC_POLICY_CASCADE Parameter
Parameter | Description |
---|---|
|
Name of an existing policy. To find existing policies in the current database instance, query the |
Example
EXEC DBMS_MACADM.DELETE_MAC_POLICY_CASCADE('Access Locations');
Parent topic: Oracle Database Vault Oracle Label Security APIs
20.4 DELETE_POLICY_FACTOR Procedure
The DELETE_POLICY_FACTOR
procedure removes the factor from contributing to the Oracle Label Security label.
Syntax
DBMS_MACADM.DELETE_POLICY_FACTOR( policy_name IN VARCHAR2, factor_name IN VARCHAR2);
Parameters
Table 20-5 DELETE_POLICY_FACTOR Parameters
Parameter | Description |
---|---|
|
Name of an existing policy. To find existing policies in the current database instance, query the |
|
Name of factor associated with the Oracle Label Security label. To find factors that are associated with Oracle Label Security policies, query |
Example
BEGIN DBMS_MACADM.DELETE_POLICY_FACTOR( policy_name => 'Access Locations', factor_name => 'App_Host_Name'); END; /
Parent topic: Oracle Database Vault Oracle Label Security APIs
20.5 DELETE_POLICY_LABEL Procedure
The DELETE_POLICY_LABEL
procedure removes the label from an identity within an Oracle Label Security policy.
Syntax
DBMS_MACADM.DELETE_POLICY_LABEL( identity_factor_name IN VARCHAR2, identity_factor_value IN VARCHAR2, policy_name IN VARCHAR2, label IN VARCHAR2);
Parameters
Table 20-6 DELETE_POLICY_LABEL Parameters
Parameter | Description |
---|---|
|
Name of the factor that was labeled. To find existing factors in the current database instance that are associated with Oracle Label Security policies, query |
|
Value of identity for the factor that was labeled. To find the identities of existing factors in the current database instance, query the |
|
Name of an existing policy. To find existing policies in the current database instance, query the |
|
Oracle Label Security label name. To find existing policy labels for factor identifiers, query the |
Example
BEGIN DBMS_MACADM.DELETE_POLICY_LABEL( identity_factor_name => 'App_Host_Name', identity_factor_value => 'Sect2_Fin_Apps', policy_name => 'Access Locations', label => 'Sensitive'); END; /
Parent topic: Oracle Database Vault Oracle Label Security APIs
20.6 UPDATE_MAC_POLICY Procedure
The UPDATE_MAC_POLICY
procedure specifies the algorithm to merge labels when computing the label for a factor, or the Oracle Label Security Session label.
Syntax
DBMS_MACADM.UPDATE_MAC_POLICY( policy_name IN VARCHAR2, algorithm IN VARCHAR2);
Parameters
Table 20-7 UPDATE_MAC_POLICY
Parameter | Description |
---|---|
|
Name of an existing policy. To find existing policies in the current database instance, query the |
|
Merge algorithm for cases when Oracle Label Security has merged two labels. See Table 20-2 for listing of the available algorithms. |
Example
BEGIN DBMS_MACADM.UPDATE_MAC_POLICY( policy_name => 'Access Locations', algorithm => 'LUI'); END; /
Parent topic: Oracle Database Vault Oracle Label Security APIs