Oracle Label Security Administrator's Guide Release 2 (9.2) Part Number A96578-01 |
|
This appendix provides the following reference information:
Oracle Label Security does not in any way label the Oracle9i data dictionary tables. Access is controlled by standard Oracle9i system and object privileges. For a description of all data dictionary tables and views, see the Oracle9i Database Reference
Oracle Label Security maintains an independent set of data dictionary tables. These tables are exempt from any policy enforcement. This section lists the views which can display information related to Oracle Label Security.
Note that access to the DBA views is granted by default to the SELECT_CATALOG_ROLE, a standard Oracle9i role which lets you examine the Oracle9i data dictionary.
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
USER_NAME |
NOT NULL |
VARCHAR2(30) |
APY |
VARCHAR2(3) |
|
REM |
VARCHAR2(3) |
|
SET_ |
VARCHAR2(3) |
|
PRV |
VARCHAR2(3) |
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
COMP_NUM |
NOT NULL |
NUMBER(4) |
SHORT_NAME |
NOT NULL |
VARCHAR2(30) |
LONG_NAME |
NOT NULL |
VARCHAR2(80) |
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
LABEL |
VARCHAR2(4000) |
|
LABEL_TAG |
NUMBER |
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
GROUP_NUM |
NOT NULL |
NUMBER(4) |
SHORT_NAME |
NOT NULL |
VARCHAR2(30) |
LONG_NAME |
NOT NULL |
VARCHAR2(80) |
PARENT_NUM |
NUMBER(4) |
|
PARENT_NAME |
VARCHAR2(30) |
Access to ALL_SA_LABELS is PUBLIC, however only the labels authorized for read access by the session are visible.
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
LABEL |
VARCHAR2(4000) |
|
LABEL_TAG |
NUMBER |
|
LABEL_TYPE |
VARCHAR2(15) |
Name | Null? | Type |
---|---|---|
POLICY_NAME |
VARCHAR2(30) |
|
LEVEL_NUM |
NUMBER(4) |
|
SHORT_NAME |
VARCHAR2(30) |
|
LONG_NAME |
VARCHAR2(80) |
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
COLUMN_NAME |
NOT NULL |
VARCHAR2(30) |
STATUS |
VARCHAR2(8) |
|
POLICY_OPTIONS |
VARCHAR2(4000) |
Name | Null? | Type |
---|---|---|
SCHEMA_NAME |
NOT NULL |
VARCHAR2(30) |
PROGRAM_NAME |
NOT NULL |
VARCHAR(30) |
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
PROGRAM_PRIVILEGES |
VARCHAR2(4000) |
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
SCHEMA_NAME |
NOT NULL |
VARCHAR2(30) |
STATUS |
VARCHAR2(8) |
|
SCHEMA_OPTIONS |
VARCHAR2(4000) |
Note: The field USER_LABELS in ALL_SA_USERS and the field LABELS in ALL_SA_USER_LABELS are retained solely for backward compatibility and will be removed in the next release. |
Name | Null? | Type |
---|---|---|
USER_NAME |
NOT NULL |
VARCHAR2(30) |
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
USER_PRIVILEGES |
VARCHAR2(4000) |
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
USER_NAME |
NOT NULL |
VARCHAR2(30) |
APY |
VARCHAR2(3) |
|
REM |
VARCHAR2(3) |
|
SET_ |
VARCHAR2(3) |
|
PRV |
VARCHAR2(3) |
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
COMP_NUM |
NOT NULL |
NUMBER(4) |
SHORT_NAME |
NOT NULL |
VARCHAR2(30) |
LONG_NAME |
NOT NULL |
VARCHAR2(80) |
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
LABEL |
VARCHAR2(4000) |
|
LABEL_TAG |
NUMBER |
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
GROUP_NUM |
NOT NULL |
NUMBER(4) |
SHORT_NAME |
NOT NULL |
VARCHAR2(30) |
LONG_NAME |
NOT NULL |
VARCHAR2(80) |
PARENT_NUM |
NUMBER(4) |
|
PARENT_NAME |
VARCHAR2(30) |
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
HIERARCHY_LEVEL |
NUMBER |
|
GROUP_NAME |
VARCHAR2(4000) |
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
LABEL |
VARCHAR2(4000) |
|
LABEL_TAG |
NUMBER |
|
LABEL_TYPE |
VARCHAR2(15) |
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
LEVEL_NUM |
NOT NULL |
NUMBER(4) |
SHORT_NAME |
NOT NULL |
VARCHAR2(30) |
LONG_NAME |
NOT NULL |
VARCHAR2(80) |
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
COLUMN_NAME |
NOT NULL |
VARCHAR2(30) |
STATUS |
VARCHAR2(8) |
|
POLICY_OPTIONS |
VARCHAR2(4000) |
Name | Null? | Type |
---|---|---|
SCHEMA_NAME |
NOT NULL |
VARCHAR2(30) |
PROGRAM_NAME |
NOT NULL |
VARCHAR2(30) |
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
PROGRAM_PRIVILEGES |
VARCHAR2(4000) |
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
SCHEMA_NAME |
NOT NULL |
VARCHAR2(30) |
STATUS |
VARCHAR2(8) |
|
SCHEMA_OPTIONS |
VARCHAR2(4000) |
Note: The field USER_LABELS in DBA_SA_USERS is retained solely for backward compatibility and will be removed in the next release. |
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
USER_NAME |
NOT NULL |
VARCHAR2(30) |
COMP |
NOT NULL |
VARCHAR2(30) |
RW_ACCESS |
VARCHAR2(5) |
|
DEF_COMP |
NOT NULL |
VARCHAR2(1) |
ROW_COMP |
NOT NULL |
VARCHAR2(1) |
Name | Null? | Type |
---|---|---|
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
USER_NAME |
NOT NULL |
VARCHAR2(30) |
GRP |
NOT NULL |
VARCHAR2(30) |
RW_ACCESS |
VARCHAR2(5) |
|
DEF_GROUP |
NOT NULL |
VARCHAR2(1) |
ROW_GROUP |
NOT NULL |
VARCHAR2(1) |
Note: The field LABELS in DBA_SA_USER_LABELS is retained solely for backward compatibility and will be removed in the next release. |
Name | Null? | Type |
---|---|---|
USER_NAME |
NOT NULL |
VARCHAR2(30) |
POLICY_NAME |
NOT NULL |
VARCHAR2(30) |
USER_PRIVILEGES |
VARCHAR2(4000) |
Using the SA_AUDIT_ADMIN.CREATE_VIEW procedure, you can create an audit trail view for the specified policy. By default, this view is named DBA_policyname_AUDIT_TRAIL.
The DBA_SA_AUDIT_OPTIONS view contains the columns POLICY_NAME, USER_NAME, APY, SET_, and PRV.
The following restrictions exist in this Oracle Label Security release:
If you attempt to perform CREATE TABLE AS SELECT in a schema which is protected by an Oracle Label Security policy, the statement will fail.
Label tags must be unique across all policies in the database. When you use multiple policies in a database, you cannot use the same numeric label tag in different policies.
The LBACSYS schema cannot be exported due to the use of opaque types in Oracle Label Security. To export an entire database, you must individually specify all of the schemas and/or tables (except for the LBACSYS schema). Use standard backup techniques to back up the LBACSYS schema.
Do not perform a DROP USER CASCADE on the LBACSYS account.
Connect to the database as user SYS, using the AS SYSDBA syntax, and run the file $ORACLE_HOME/rdbms/admin/catnools.sql
to deinstall Oracle Label Security.
User accounts defined in the Oracle Internet Directory cannot be given individual Oracle Label Security authorizations. However, authorizations can be given to the shared schema to which the directory users are mapped.
The Oracle Label Security function SET_ACCESS_PROFILE can be used programmatically to set the label authorization profile to use after a user has been authenticated and mapped to a shared schema. Oracle Label Security does not enforce a mapping between users who are given label authorizations in Oracle Label Security and actual database users.
PL/SQL does not recognize references to hidden columns in tables. A compiler error will be generated.
|
Copyright © 2000, 2002 Oracle Corporation. All Rights Reserved. |
|