This appendix provides the following reference information:
Oracle Label Security does not label the Oracle data dictionary tables. Access is controlled by standard Oracle Database system and object privileges. For a description of all data dictionary tables and views, refer to the Oracle Database Reference.
Oracle Label Security maintains an independent set of data dictionary tables. These tables are exempt from any policy enforcement. This section lists the views that can display information related to Oracle Label Security.
Note that access to the DBA views is granted by default to the SELECT_CATALOG_ROLE, a standard Oracle Database role that lets you examine the Oracle Database data dictionary.
The ALL_SA_AUDIT_OPTIONS data dictionary view shows the Oracle Label Security auditing options for the current user, configured using SA_AUDIT_ADMIN.AUDIT procedure. (See "SA_AUDIT_ADMIN.AUDIT Procedure".) The view displays whether auditing is configured to generate audit records per session (BY SESSION) or per access (BY ACCESS) and for successful or unsuccessful operations. Possible values are as follows:
A dash (-) indicates that the audit option is not set.
The S character indicates that the audit option is set BY SESSION.
The A character indicates that the audit option is set BY ACCESS.
Each audit option has two possible settings, WHENEVER SUCCESSFUL and WHENEVER NOT SUCCESSFUL, separated by a slash (/).
For example, in the following output, user jjones is audited with the BY ACCESS audit type for successful actions involving policy-specific privileges. User rlayton is audited with the BY SESSION audit type: audit records are written for failed attempts to remove policies and for successful attempts at setting user authorizations.
SELECT * FROM DBA_SA_AUDIT_OPTIONS; POLICY_NAME USER_NAME APY REM SET_ PRV ----------- ------------ --- ---- ---- --- HR_OLS_POL JJONES -/- -/- -/- A/- HR_OLS_POL RLAYTON -/- -/S S/- -/-
| Column | Datatype | Null | Description |
|---|---|---|---|
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
USER_NAME |
VARCHAR2(128) |
NOT NULL |
Name of the user associated with the policy |
APY |
VARCHAR2(3) |
Audit option; refers to the application of specified Oracle Label Security policies to tables and schemas | |
REM |
VARCHAR2(3) |
Audit option; refers to the removal of specified Oracle Label Security policies from tables and schemas | |
SET_ |
VARCHAR2(3) |
Audit option; refers to the setting of user authorizations, and user and program privileges | |
PRV |
VARCHAR2(3) |
Audit option; refers to the use of all policy-specific privileges |
The ALL_SA_COMPARTMENTS data dictionary view shows for the current user information about Oracle Label Security policy compartments, based on the settings used in the SA_COMPONENTS.CREATE_COMPARTMENT procedure. (See "SA_COMPONENTS.CREATE_COMPARTMENT Procedure".)
| Column | Datatype | Null | Description |
|---|---|---|---|
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
COMP_NUM |
NUMBER(4) |
NOT NULL |
Compartment number in the range of (0-9999) |
SHORT_NAME |
VARCHAR2(30) |
NOT NULL |
Short name for the compartment |
LONG_NAME |
VARCHAR2(80) |
NOT NULL |
Long name for the compartment |
The ALL_SA_DATA_LABELS data dictionary view shows for the current user the label and label tag for the specified Oracle Label Security policy, based on settings from the SA_LABEL_ADMIN.CREATE_LABEL procedure. (See "SA_LABEL_ADMIN.CREATE_LABEL Procedure".)
| Column | Datatype | Null | Description |
|---|---|---|---|
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
LABEL |
VARCHAR2(4000) |
Short name of the level, compartment, or group that was specified as the label value | |
LABEL_TAG |
NUMBER |
Integer that represents the sort order of the label, relative to other policy labels (0-99999999) |
The ALL_SA_GROUPS data dictionary view shows for the current user information about Oracle Label Security policy groups, based on the SA_COMPONENTS.CREATE_GROUP and SA_COMPONENTS.ALTER_GROUP_PARENT procedures. (See"SA_COMPONENTS.CREATE_GROUP Procedure" and "SA_COMPONENTS.ALTER_GROUP_PARENT Procedure".)
| Column | Datatype | Null | Description |
|---|---|---|---|
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
GROUP_NUM |
NUMBER(4) |
NOT NULL |
Group number (0-9999) |
SHORT_NAME |
VARCHAR2(30) |
NOT NULL |
Short name of the group |
LONG_NAME |
VARCHAR2(80) |
NOT NULL |
Long name of the group |
PARENT_NUM |
NUMBER(4) |
Numerical ID for the associated parent group | |
PARENT_NAME |
VARCHAR2(30) |
Name of the group assigned as the parent for the group |
The ALL_SA_LABELS data dictionary view shows for the current user information about the tags and types of labels, based on the SA_LABEL_ADMIN.CREATE_LABEL and SA_LABEL_ADMIN.ALTER_LABEL procedures. (See "SA_LABEL_ADMIN.CREATE_LABEL Procedure" and "SA_LABEL_ADMIN.ALTER_LABEL Procedure".) Access to ALL_SA_LABELS is PUBLIC. However, only the labels authorized for read access by the session are visible.
| Column | Datatype | Null | Description |
|---|---|---|---|
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
LABEL |
VARCHAR2(4000) |
NOT NULL |
Short name of the level associated with this label |
LABEL_TAG |
NUMBER(30) |
NOT NULL |
Integer tag assigned to the label |
LABEL_TYPE |
VARCHAR2(15) |
Type of label |
The ALL_SA_LEVELS data dictionary view shows for the current user information about levels, based on the SA_COMPONENTS.CREATE_LEVEL procedure. (See "SA_COMPONENTS.CREATE_LEVEL Procedure".)
| Column | Datatype | Null | Description |
|---|---|---|---|
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
LEVEL_NUM |
NUMBER(4) |
NOT NULL |
Level number (0-9999) |
SHORT_NAME |
VARCHAR2(30) |
NOT NULL |
Short name for the level |
LONG_NAME |
VARCHAR2(80) |
NOT NULL |
Long name for the level |
The ALL_SA_POLICIES data dictionary view shows for the current user information about Oracle Label Security policies, based on the SA_SYSDBA.CREATE_POLICY procedure, and whether the policy has been enabled or disabled. (See "SA_SYSDBA.CREATE_POLICY Procedure".)
| Column | Datatype | Null | Description |
|---|---|---|---|
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
COLUMN_NAME |
VARCHAR2(128) |
NOT NULL |
Name of the column that was added to tables protected by the policy |
STATUS |
VARCHAR2(8) |
Whether the policy has been enabled or disabled | |
POLICY_OPTIONS |
VARCHAR2(4000) |
Options that were set for this policy
See Table 8-2 for a listing of the possible enforcement options. |
The ALL_SA_PROG_PRIVS data dictionary view shows for the current user information about the policy-specific privileges for program units, based on the SA_USER_ADMIN.SET_PROG_PRIVS procedure. (See "SA_USER_ADMIN.SET_PROG_PRIVS Procedure".)
| Column | Datatype | Null | Description |
|---|---|---|---|
SCHEMA_NAME |
VARCHAR2(128) |
NOT NULL |
Name of the schema that contains the program unit |
PROGRAM_NAME |
VARCHAR(128) |
NOT NULL |
Program unit that was granted privileges |
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
PROGRAM_PRIVILEGES |
VARCHAR2(4000) |
Policy-specific privileges.
See "About Granting Privileges to Users and Trusted Program Units for the Policy" for list of possible privileges. |
The ALL_SA_SCHEMA_POLICIES data dictionary view shows for the current user information about policies that have been applied to all tables in the schema, based on the SA_POLICY_ADMIN.APPLY_SCHEMA_POLICY procedure. (See "SA_POLICY_ADMIN.APPLY_SCHEMA_POLICY Procedure".) It also indicates if the schema enforcement options have been enabled or disabled.
| Column | Datatype | Null | Description |
|---|---|---|---|
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
SCHEMA_NAME |
VARCHAR2(128) |
NOT NULL |
Name of the schema associated with this policy |
STATUS |
VARCHAR2(8) |
Whether the policy has been enabled or disabled for the schema (by the SA_POLICY_ADMIN.APPLY_SCHEMA_POLICY or SA_POLICY_ADMIN.DISABLE_SCHEMA_POLICY for procedure) |
|
SCHEMA_OPTIONS |
VARCHAR2(4000) |
Options that have been applied.
See Table 8-2 for a listing of the default enforcement options. |
The ALL_SA_TABLE_POLICIES data dictionary view shows for the current user information about a policy that has been added to a specific database table, based on the settings from the SA_POLICY_ADMIN.APPLY_TABLE_POLICY procedure. (See "SA_POLICY_ADMIN.APPLY_TABLE_POLICY Procedure".)
| Column | Datatype | Null | Description |
|---|---|---|---|
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
SCHEMA_NAME |
VARCHAR2(128) |
NOT NULL |
Schema that contains the table that the policy protects |
TABLE_NAME |
VARCHAR2(128) |
NOT NULL |
Table to be protected by the policy |
STATUS |
VARCHAR2(8) |
Whether the policy has been enabled or disabled for the table (by the SA_POLICY_ADMIN.APPLY_TABLE_POLICY or SA_POLICY_ADMIN.DISABLE_TABLE_POLICY for procedure) |
|
TABLE_OPTIONS |
VARCHAR2(4000) |
Policy enforcement options to be used for the table
See Table 8-2 for a listing of the default enforcement options. |
|
FUNCTION |
VARCHAR2(1024) |
Name of the function to return a label value to use as the default | |
PREDICATE |
VARCHAR2(256) |
Predicate to combine (using AND or OR) with the label-based predicate for READ_CONTROL |
The ALL_SA_USERS data dictionary view shows for the current user information about the privileges that Oracle Label Security users have, based on the SA_USER_ADMIN.SET_USER_LABELS and SA_USER_ADMIN.SET_USER_PRIVS procedure procedures. (See "SA_USER_ADMIN.SET_USER_LABELS Procedure" and "SA_USER_ADMIN.SET_USER_PRIVS Procedure".)
| Column | Type | Null | Description |
|---|---|---|---|
USER_NAME |
VARCHAR2(1024) |
NOT NULL |
Name of the user |
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
USER_PRIVILEGES |
VARCHAR2(4000) |
Policy-specific privileges granted to the user.
See "About Granting Privileges to Users and Trusted Program Units for the Policy" for list of possible privileges. |
|
MAX_READ_LABEL |
VARCHAR2(4000) |
Label string to initialize the user's maximum authorized read label | |
MAX_WRITE_LABEL |
VARCHAR2(4000) |
Label string to initialize the user's maximum authorized write label | |
MIN_WRITE_LABEL |
VARCHAR2(4000) |
Label string to initialize the user's minimum authorized write label | |
DEFAULT_READ_LABEL |
VARCHAR2(4000) |
Label string to initialize the user's session label, including level, compartments, and groups, for read access | |
DEFAULT_WRITE_LABEL |
VARCHAR2(4000) |
Label string to initialize the user's session label, including level, compartments, and groups, for write access | |
DEFAULT_ROW_LABEL |
VARCHAR2(4000) |
Label string to initialize the program's row label; includes level, components, and groups | |
USER_LABELS |
VARCHAR2(4000) |
Retained solely for backward compatibility and will be removed in the next release |
The ALL_SA_USER_LABELS data dictionary view shows for the current user label-specific information about users, based on the SA_USER_ADMIN.SET_USER_LABELS. (See "SA_USER_ADMIN.SET_USER_LABELS Procedure".)
| Column | Datatype | Null | Description |
|---|---|---|---|
USER_NAME |
VARCHAR2(1024) |
NOT NULL |
Name of the user |
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
LABELS |
VARCHAR2(4000) |
Retained solely for backward compatibility and will be removed in the next release | |
MAX_READ_LABEL |
VARCHAR2(4000) |
NOT NULL |
Label string to initialize the user's maximum authorized read label |
MAX_WRITE_LABEL |
VARCHAR2(4000) |
Label string to initialize the user's maximum authorized write label | |
MIN_WRITE_LABEL |
VARCHAR2(4000) |
Label string to initialize the user's minimum authorized write label | |
DEFAULT_READ_LABEL |
VARCHAR2(4000) |
Label string to initialize the user's session label, including level, compartments, and groups, for read access | |
DEFAULT_WRITE_LABEL |
VARCHAR2(4000) |
Label string to initialize the user's session label, including level, compartments, and groups, for write access | |
DEFAULT_ROW_LABEL |
VARCHAR2(4000) |
Label string to initialize the program's row label; includes level, components, and groups |
The ALL_SA_USER_LEVELS data dictionary view shows for the current user the minimum and maximum levels that have been assigned to users and lists the default values for the user's session label and row label, based on the SA_USER_ADMIN.SET_LEVELS procedure. (See "SA_USER_ADMIN.SET_LEVELS Procedure".)
| Column | Datatype | Null | Description |
|---|---|---|---|
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
USER_NAME |
VARCHAR2(1024) |
NOT NULL |
Name of the user |
MAX_LEVEL |
VARCHAR2(30) |
NOT NULL |
Short name of the highest level for read and write access |
MIN_LEVEL |
VARCHAR2(30) |
NOT NULL |
Short name of the lowest level for read and write access |
DEF_LEVEL |
VARCHAR2(30) |
NOT NULL |
Short name of the default level |
ROW_LEVEL |
VARCHAR2(30) |
NOT NULL |
Short name of the row level |
The ALL_SA_USER_PRIVS data dictionary view shows for the current user the policy-specific privileges that have been granted to users, based on the SA_USER_ADMIN.SET_USER_PRIVS procedure. (See "SA_USER_ADMIN.SET_USER_PRIVS Procedure".)
| Column | Datatype | Null | Description |
|---|---|---|---|
USER_NAME |
VARCHAR2(1024) |
NOT NULL |
Name of the user |
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
USER_PRIVILEGES |
VARCHAR2(4000) |
Policy-specific privileges granted to the user
See "About Granting Privileges to Users and Trusted Program Units for the Policy" for available privileges |
The DBA_SA_AUDIT_OPTIONS data dictionary view data dictionary view shows for the entire database the Oracle Label Security audit options. Its columns are the same as ALL_SA_AUDIT_OPTIONS.
See Also:
"ALL_SA_AUDIT_OPTIONS View"The ALL_SA_COMPARTMENTS data dictionary view shows for the entire database information about Oracle Label Security policy compartments. Its columns are the same as ALL_SA_COMPARTMENTS.
See Also:
"ALL_SA_COMPARTMENTS View"The ALL_SA_DATA_LABELS data dictionary view shows for the entire database the label and label tag for the specified Oracle Label Security policy. Its columns are the same as ALL_SA_DATA_LABELS.
See Also:
"ALL_SA_DATA_LABELS View"The ALL_SA_GROUPS data dictionary view shows for the entire database information about Oracle Label Security policy groups. Its columns are the same as ALL_SA_GROUPS.
See Also:
"ALL_SA_GROUPS View"The DBA_SA_GROUP_HIERARCHY data dictionary view shows the hierarchy of groups (that is, parent-child relationships) in a policy.
| Column | Type | Null | Description |
|---|---|---|---|
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
HIERARCHY_LEVEL |
NUMBER |
Indicates the level of a particular group in a group hierarchy. A group with no parent group will have HIERARCHY_LEVEL 1. Its child group will have HIERARCHY_LEVEL 2 and so on.
For example, consider these groups in the following order:
Here, The parent-child relationships are:
|
|
GROUP_NAME |
VARCHAR2(4000) |
Short name of the group intended to indicate the hierarchy level |
The ALL_SA_LABELS data dictionary view shows for the entire database information about the tags and types of labels for a policy. Its columns are the same as ALL_SA_LABELS.
See Also:
"ALL_SA_LABELS View"The ALL_SA_LEVELS data dictionary view shows for the entire database information about levels associated with a policy. Its columns are the same as ALL_SA_LEVELS.
See Also:
"ALL_SA_LABELS View"The DBA_SA_POLICIES data dictionary view shows for the entire database information about Oracle Label Security policies, based on the SA_SYSDBA.CREATE_POLICY procedure, and whether the policy has been enabled or disabled and its subscription status.
| Column | Datatype | Null | Description |
|---|---|---|---|
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
COLUMN_NAME |
VARCHAR2(128) |
NOT NULL |
Name of the column that was added to tables protected by the policy |
STATUS |
VARCHAR2(8) |
Whether the policy has been enabled or disabled | |
POLICY_OPTIONS |
VARCHAR2(4000) |
Options that were set for this policy.
See Table 8-2 for a listing of the possible enforcement options. |
|
POLICY_SUBSCRIBED |
VARCHAR2(5) |
Indicates the policy's subscription status, based on the SA_POLICY_ADMIN.POLICY_SUBSCRIBE or SA_POLICY_ADMIN.POLICY_UNSUBSCRIBE procedure |
The DBA_SA_PROG_PRIVS data dictionary view shows for the entire database information about the policy-specific privileges for program units. Its columns are the same as ALL_SA_PROG_PRIVS.
See Also:
"ALL_SA_PROG_PRIVS View"The DBA_SA_SCHEMA_POLICIES data dictionary view shows for the entire database information about policies that have been applied to all tables in the schema. Its columns are the same as ALL_SA_SCHEMA_POLICIES.
See Also:
"ALL_SA_SCHEMA_POLICIES View"The DBA_SA_TABLE_POLICIES data dictionary view shows for the entire database information about a policy that has been added to a specific database table. Its columns are the same as ALL_SA_TABLE_POLICIES.
See Also:
"ALL_SA_SCHEMA_POLICIES View"The DBA_SA_USERS data dictionary view shows for the entire database information about the privileges that Oracle Label Security users have. Its columns are the same as ALL_SA_USERS.
See Also:
"ALL_SA_USERS View"The DBA_SA_USER_COMPARTMENTS data dictionary view shows for the entire database the user authorizations, indicating whether the compartments are authorized for write and read privileges, based on the SA_USER_ADMIN.ADD_COMPARTMENTS procedure. (See "SA_USER_ADMIN.ADD_COMPARTMENTS Procedure".)
| Column | Datatype | Null | Description |
|---|---|---|---|
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
USER_NAME |
VARCHAR2(1024) |
NOT NULL |
Name of the user |
COMP |
VARCHAR2(30) |
NOT NULL |
Short name of compartments that were added |
RW_ACCESS |
VARCHAR2(5) |
Access mode. Possible values are:
|
|
DEF_COMP |
VARCHAR2(1) |
NOT NULL |
Whether the compartments are in the default compartments |
ROW_COMP |
VARCHAR2(1) |
NOT NULL |
whether the compartments are in the row label |
The DBA_SA_USER_GROUPS data dictionary view shows for the entire database the groups that are associated with users, based on the SA_USER_ADMIN.ADD_GROUPS procedure. (See "SA_USER_ADMIN.ADD_GROUPS Procedure".)
| Column | Datatype | Null | Description |
|---|---|---|---|
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
USER_NAME |
VARCHAR2(1024) |
NOT NULL |
Name of the user |
GRP |
VARCHAR2(30) |
NOT NULL |
Short name of groups that were added |
RW_ACCESS |
VARCHAR2(5) |
Access mode. Possible values are:
|
|
DEF_GROUP |
VARCHAR2(1) |
NOT NULL |
Whether the group is in a default group |
ROW_GROUP |
VARCHAR2(1) |
NOT NULL |
Whether the group is in a label |
The DBA_SA_USER_LABELS data dictionary view shows for the entire database label-specific information about users. Its columns are the same as ALL_SA_USER_LABELS.
See Also:
"ALL_SA_USER_LABELS View"The DBA_SA_USER_LEVELS data dictionary view shows, for the entire database, the minimum and maximum levels that have been assigned to users and lists the default values for the user's session label and row label. Its columns are the same as ALL_SA_USER_LEVELS.
See Also:
"ALL_SA_USER_LEVELS View"The DBA_SA_USER_PRIVS data dictionary view shows for the current user the policy-specific privileges that have been granted to users. Its columns are the same as ALL_SA_USER_PRIVS.
See Also:
"ALL_SA_USER_PRIVS View"The DBA_OLS_STATUS data dictionary view describes the configuration status of Oracle Label Security in the database.
| Column | Null | Datatype | Description |
|---|---|---|---|
NAME |
VARCHAR2(20) |
Name of the status. Values are:
|
|
STATUS |
VARCHAR2(5) |
Indicates the status of the feature mentioned in the corresponding name column. For example, a TRUE value for the OLS_CONFIGURE_STATUS status says that Oracle Label Security has been configured. |
|
DESCRIPTION |
VARCHAR2(4000) |
Description of the status:
|
The USER_SA_SESSION data dictionary view shows the security attribute values for the current database session. Access to this view is PUBLIC.
| Column | Datatype | Null | Description |
|---|---|---|---|
POLICY_NAME |
VARCHAR2(30) |
NOT NULL |
Name of the Oracle Label Security policy |
SA_USER_NAME |
VARCHAR2(4000) |
Name of the current session user | |
PRIVS |
VARCHAR2(4000) |
Current session privileges | |
MAX_READ_LABEL |
VARCHAR2(4000) |
Label string that initialized the user's maximum authorized read label | |
MAX_WRITE_LABEL |
VARCHAR2(4000) |
Label string that initialized the user's maximum authorized write label | |
MIN_LEVEL |
VARCHAR2(4000) |
Minimum Oracle Label Security level authorized for the session | |
LABEL |
VARCHAR2(4000) |
Label for the current database session | |
COMP_WRITE |
VARCHAR2(4000) |
Compartments to which the user is authorized to write | |
GROUP_WRITE |
VARCHAR2(4000) |
Groups to which the user is authorized to write | |
ROW_LABEL |
VARCHAR2(4000) |
Row label that is associated with the policy for the current session |
Using the SA_AUDIT_ADMIN.CREATE_VIEW procedure, you can create an audit trail view for a specific policy. By default, this view is named DBA_policyname_AUDIT_TRAIL.
| Column | Datatype | Null | Description |
|---|---|---|---|
USERNAME |
VARCHAR2(128) |
Name of the user whose actions were audited | |
USERHOST |
VARCHAR2(128) |
Client host machine name | |
TERMINAL |
VARCHAR2(255) |
Identifier of the user's terminal | |
TIMESTAMP |
DATE |
Date and time of the creation of the audit trail entry (date and time of user login for entries created by AUDIT SESSION) in the local database session time zone |
|
OWNER |
VARCHAR2(128) |
Creator of the object affected by the action | |
OBJ_NAME |
VARCHAR2(128) |
Name of the object affected by the action | |
ACTION |
NUMBER |
NOT NULL |
Numeric action type code. The corresponding name of the action type is in the ACTION_NAME column. |
ACTION_NAME |
VARCHAR2(47) |
Name of the action type corresponding to the numeric code in the ACTION column |
|
COMMENT_TEXT |
VARCHAR2(4000) |
Text comment on the audit trail entry, providing more information about the statement audited
Also indicates how the user was authenticated. The method can be one of the following:
|
|
SESSIONID |
NUMBER |
NOT NULL |
Numeric ID for each Oracle session |
ENTRYID |
NUMBER |
NOT NULL |
Numeric ID for each audit trail entry in the session |
STATEMENTID |
NUMBER |
NOT NULL |
Numeric ID for each statement run |
RETURNCODE |
NUMBER |
NOT NULL |
Oracle error code generated by the action. Some useful values:
|
EXTENDED_TIMESTAMP |
TIMESTAMP (6) WITH TIME ZONE |
Timestamp of the creation of the audit trail entry (timestamp of user login for entries created by AUDIT SESSION) in UTC (Coordinated Universal Time) time zone |
|
OLS_COL |
VARCHAR2(4000) |
Name of the column that was added to the tables that Oracle Label Security protects |
See Also:
"SA_AUDIT_ADMIN.CREATE_VIEW Procedure"The following restrictions exist in this Oracle Label Security release:
If you attempt to perform CREATE TABLE AS SELECT in a schema that is protected by an Oracle Label Security policy, then the statement will fail.
Label tags must be unique across the policies in the database. When you use multiple policies in a database, you cannot use the same numeric label tag in different policies.
Before Oracle Database 12c Release 1 (12.1), the LBACSYS schema could not be exported due to the use of opaque types in Oracle Label Security. An export of the entire database (parameter FULL=Y) with Oracle Label Security installed can be done, except that the LBACSYS schema would not be exported. From Oracle Database Release 12c on, this restriction has been removed. See "Full Database Export" for additional details on the database versions that the export can be supported from.
Do not perform a DROP USER CASCADE on the LBACSYS account.
Connect to the database as user SYS, using the AS SYSDBA syntax, and run the file $ORACLE_HOME/rdbms/admin/catnools.sql to remove Oracle Label Security.
See Also:
Your platform-specific Oracle installation documentationUser accounts defined in the Oracle Internet Directory cannot be given individual Oracle Label Security authorizations. However, authorizations can be given to the shared schema to which the directory users are mapped.
The Oracle Label Security function SET_ACCESS_PROFILE can be used programmatically to set the label authorization profile to use after a user has been authenticated and mapped to a shared schema. Oracle Label Security does not enforce a mapping between users who are given label authorizations in Oracle Label Security and actual database users.