This preface contains:
Changes in Oracle Database 18c
The following are changes in Oracle Label Security Administrator’s Guide for Oracle Database 18c.
LBACSYS User Created by Default as a Schema-Only Account
Starting with this release, the
LBACSYS user account is create as a schema-only account.
Users cannot login to a schema-only account until an authentication method is configured for the account by using the
ALTER USER statement.
LBACSYS is only used as a login account initially to provision named Oracle Label Security administrators. Because users do not need to log in to this account (except for initial provisioning),
LBACSYS should remain a schema-only account so that default passwords do not need to be changed or rotated.
This feature meets requirements for users who must be able to create schemas for object ownership without actually allowing the schema owner to log in to the database. Examples of environments that have this need include some Oracle schemas as well as some customer schemas.
Deprecated Columns in Oracle Label Security Views
Starting in this release, four Oracle Label Security data dictionary views have deprecated columns.
|Data Dictionary View||Deprecated Column|
The information in the
USER_LABELS columns is redundant. This information is displayed in other columns in these data dictionary views.
Changes in Oracle Database 12c Release 2 (12.2)
The following are changes in Oracle Label Security Administrator’s Guide for Oracle Database 12c release 2 (12.2).
Oracle Label Security Support for Oracle Database Real Application Security Users
Starting with this release, Oracle Label Security provides support for the Oracle Database Real Application Security user account.
This feature enables Oracle Label Security policies to be enforced for Real Application Security users by assigning labels and privileges to Real Application Security users.
To configure the Oracle Database Real Application Security user for Oracle Label Security, you can set the
user_name parameter in the
SA_USER_ADMIN.SET_USER_LABELS procedure and in the
Oracle Label Security Support for Data Guard Rolling Upgrades
Oracle Label Security now supports rolling upgrades for Oracle Data Guard.
You can perform Oracle Data Guard rolling upgrades to new database releases or patch sets in a rolling fashion, which reduces the planned downtime. The total database downtime for a rolling upgrade is limited to the small amount of time that is required to execute an Oracle Data Guard switchover operation.
See Also:Oracle Data Guard Concepts and Administration for more information about Oracle Data Guard rolling upgrades
Enhancements for Oracle Label Security in a Multitenant Environment
Starting with this release, Oracle Label Security supports the use of Oracle Label Security policies in application containers.
In addition to application container support, there are changes in how you can use Oracle Label Security in a CDB environment. As part of this enhancement, you can query the
CDB_OLS_STATUS to check the enablement status of Oracle Label Security in a multitenant environment.