1. Administrator's Guide
  2. Appendixes
  3. Oracle Label Security Restrictions

G Oracle Label Security Restrictions

Several restrictions exist in this Oracle Label Security release.

These restrictions are as follows:

  • CREATE TABLE AS SELECT restriction

    If you attempt to perform CREATE TABLE AS SELECT in a schema that is protected by an Oracle Label Security policy, then the statement will fail.

  • Label tag restriction

    Label tags must be unique across the policies in the database. When you use multiple policies in a database, you cannot use the same numeric label tag in different policies.

  • Export restriction

    Before Oracle Database 12c release 1 (12.1), the LBACSYS schema could not be exported due to the use of opaque types in Oracle Label Security. An export of the entire database (parameter FULL=Y) with Oracle Label Security installed can be done, except that the LBACSYS schema would not be exported.

    From Oracle Database release 12c on, this restriction has been removed. See Full Database Export for additional details on the database versions that the export can be supported from.

  • Oracle Label Security removal restriction

    Do not perform a DROP USER CASCADE on the LBACSYS account.

    Connect to the database as user SYS, using the AS SYSDBA syntax, and run the file $ORACLE_HOME/rdbms/admin/catnools.sql to remove Oracle Label Security.

    See Uninstalling Oracle Label Security for information about the different values that you can use to uninstall Oracle Label Security.

  • Shared schema support restriction

    User accounts defined in the Oracle Internet Directory cannot be given individual Oracle Label Security authorizations. However, authorizations can be given to the shared schema to which the directory users are mapped.

    The Oracle Label Security function SET_ACCESS_PROFILE can be used programmatically to set the label authorization profile to use after a user has been authenticated and mapped to a shared schema. Oracle Label Security does not enforce a mapping between users who are given label authorizations in Oracle Label Security and actual database users.

  • Hidden columns restriction

    PL/SQL does not recognize references to hidden columns in tables. A compiler error will be generated.

Parent topic: Appendixes