6 Fine-Grained Access Control for RDF Data

The default control of access to the Oracle Database RDF data store is at the RDF graph level: the owner of a graph can grant select, delete, and insert privileges on the graph to other users by granting appropriate privileges on the view named RDFM_<rdf_graph_name>. However, for applications with stringent security requirements, you can enforce a fine-grained access control mechanism by using the Oracle Label Security option of Oracle Database.

Oracle Label Security (OLS) for RDF data allows sensitivity labels to be associated with individual triples stored in an RDF graph. For each query, access to specific triples is granted by comparing their labels with the user's session labels. This triple-level security option provides a thin layer of RDF-specific capabilities on top of the Oracle Database native support for label security.

For information about using OLS, see Oracle Label Security Administrator's Guide.

• Triple-Level Security
  The triple-level security option provides a thin layer of RDF-specific capabilities on top of the Oracle Database native support for label security.