1. Administrator's Guide
  2. Changes in This Release for Oracle Label Security Administrator's Guide

Changes in This Release for Oracle Label Security Administrator's Guide

This preface contains:

Changes in Oracle Database 18c

The following are changes in Oracle Label Security Administrator’s Guide for Oracle Database 18c.

Parent topic: Changes in This Release for Oracle Label Security Administrator's Guide

LBACSYS User Created by Default as a Schema-Only Account

Starting with this release, the LBACSYS user account is create as a schema-only account.

Users cannot login to a schema-only account until an authentication method is configured for the account by using the ALTER USER statement. LBACSYS is only used as a login account initially to provision named Oracle Label Security administrators. Because users do not need to log in to this account (except for initial provisioning), LBACSYS should remain a schema-only account so that default passwords do not need to be changed or rotated.

This feature meets requirements for users who must be able to create schemas for object ownership without actually allowing the schema owner to log in to the database. Examples of environments that have this need include some Oracle schemas as well as some customer schemas.

Related Topics

Parent topic: Changes in Oracle Database 18c

Deprecated Columns in Oracle Label Security Views

Starting in this release, four Oracle Label Security data dictionary views have deprecated columns.

Data Dictionary View Deprecated Column

ALL_SA_USER_LABELS

LABELS

ALL_SA_USERS

USER_LABELS

DBA_SA_USER_LABELS

LABELS

DBA_SA_USERS

USER_LABELS

The information in the LABELS and USER_LABELS columns is redundant. This information is displayed in other columns in these data dictionary views.

Related Topics

Parent topic: Changes in Oracle Database 18c

Changes in Oracle Database 12c Release 2 (12.2)

The following are changes in Oracle Label Security Administrator’s Guide for Oracle Database 12c release 2 (12.2).

Parent topic: Changes in This Release for Oracle Label Security Administrator's Guide

Oracle Label Security Support for Oracle Database Real Application Security Users

Starting with this release, Oracle Label Security provides support for the Oracle Database Real Application Security user account.

This feature enables Oracle Label Security policies to be enforced for Real Application Security users by assigning labels and privileges to Real Application Security users.

To configure the Oracle Database Real Application Security user for Oracle Label Security, you can set the user_name parameter in the SA_USER_ADMIN.SET_USER_LABELS procedure and in the SA_USER_ADMIN.SET_USER_PRIVS procedure.

Related Topics

Parent topic: Changes in Oracle Database 12c Release 2 (12.2)

Oracle Label Security Support for Data Guard Rolling Upgrades

Oracle Label Security now supports rolling upgrades for Oracle Data Guard.

You can perform Oracle Data Guard rolling upgrades to new database releases or patch sets in a rolling fashion, which reduces the planned downtime. The total database downtime for a rolling upgrade is limited to the small amount of time that is required to execute an Oracle Data Guard switchover operation.

See Also:

Oracle Data Guard Concepts and Administration for more information about Oracle Data Guard rolling upgrades

Parent topic: Changes in Oracle Database 12c Release 2 (12.2)

Enhancements for Oracle Label Security in a Multitenant Environment

Starting with this release, Oracle Label Security supports the use of Oracle Label Security policies in application containers.

In addition to application container support, there are changes in how you can use Oracle Label Security in a CDB environment. As part of this enhancement, you can query the CDB_OLS_STATUS to check the enablement status of Oracle Label Security in a multitenant environment.

Related Topics

Parent topic: Changes in Oracle Database 12c Release 2 (12.2)