Changes in This Release for Oracle Label Security Administrator's Guide

This preface contains:

• Changes in Oracle Database 23ai
  Oracle Label Security Administrator’s Guide for Oracle Database 23ai has one new feature and two important desupported features.

Changes in Oracle Database 23ai

Oracle Label Security Administrator’s Guide for Oracle Database 23ai has one new feature and two important desupported features.

• Introduction of the LBAC_TRIGGER Schema for OLS DML Triggers
  Starting with Oracle Database release 23ai, the LBAC_TRIGGER schema is available to store DML triggers that Oracle Label Security uses.
• Desupport of Traditional Auditing in Oracle Label Security
  Starting with Oracle Database 23ai, traditional auditing is desupported.
• Desupport of Oracle Internet Directory with Oracle Label Security
  Starting with Oracle Database 23ai, the integration of Oracle Internet Directory (OID) with Oracle Label Security is desupported.

Introduction of the LBAC_TRIGGER Schema for OLS DML Triggers

Starting with Oracle Database release 23ai, the LBAC_TRIGGER schema is available to store DML triggers that Oracle Label Security uses.

In previous releases, these triggers were stored in the LBACSYS schema. The LBAC_TRIGGER schema provides greater security than the LBACSYS schema.

New triggers that you create will be automatically stored in the LBAC_TRIGGER schema. Triggers that were created in previous releases will still be in the LBACSYS schema after you upgrade to release 23ai. You will need to disable and reenable the OLS policies to migrate these triggers to the LBAC_TRIGGER schema.

Desupport of Traditional Auditing in Oracle Label Security

Starting with Oracle Database 23ai, traditional auditing is desupported.

Unified auditing is the way forward to perform Oracle Label Security auditing. Unified auditing offers more flexibility to perform selective and effective auditing, which helps you focus on activities that really matter to your enterprise. Unified auditing has one single and secure unified trail, conditional policy for audit selectivity, and default predefined policies for simplicity. To improve security and compliance, Oracle strongly recommends that you use unified auditing.

Desupport of Oracle Internet Directory with Oracle Label Security

Starting with Oracle Database 23ai, the integration of Oracle Internet Directory (OID) with Oracle Label Security is desupported.

The use of OID to store Oracle Label Security policies and labels is desupported with this release. no replacement for this feature is planned. If you are using this feature, then you must create a custom method to copy and store this information.