1/32

Contents

List of Examples

List of Figures

List of Tables

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documentation
• Conventions

Changes in This Release for Oracle Label Security Administrator's Guide

• Changes in Oracle Database 12c Release 1 (12.1.0.2)
• Changes in Oracle Database 12c Release 1 (12.1.0.1)

Part I

1 Introduction to Oracle Label Security

• About Oracle Label Security
• Benefits of Oracle Label Security
• Who Has Privileges to Use Oracle Label Security?
• Organizing the Duties of Oracle Label Security Administrators
• Components of Oracle Label Security
• Oracle Label Security Architecture
• Choosing an Oracle Label Security Administrative Interface
  • Oracle Label Security Packages
    • Oracle Label Security Demonstration File
  • Oracle Enterprise Manager Cloud Control
• How Oracle Label Security Works with Other Oracle Products
  • Oracle Label Security Integration with Oracle Internet Directory
  • Oracle Label Security Integration in a Multitenant Environment

2 Understanding Data Labels and User Labels

• About to Label-Based Security
• About User Label and Privilege Management
• Label Components
  • Label Component Definitions and Valid Characters
  • Level Sensitivity Components
  • Compartment Components
  • Group Components
  • Industry Examples of Levels, Compartments, and Groups
• Label Syntax and Type
• How Data Labels and User Labels Work Together
• Administering Labels

3 Understanding Access Controls and Privileges

• Introducing Access Mediation
• Understanding Session Label and Row Label
  • The Session Label
  • The Row Label
  • Session Label Example
• Understanding User Authorizations
  • Authorizations Set by the Administrator
    • Authorized Levels
    • Authorized Compartments
    • Authorized Groups
  • Computed Session Labels
• Evaluating Labels for Access Mediation
  • Introducing Read/Write Access
    • Difference Between Read and Write Operations
    • Propagation of Read/Write Authorizations on Groups
  • The Oracle Label Security Algorithm for Read Access
  • The Oracle Label Security Algorithm for Write Access
• Using Oracle Label Security Privileges
  • Privileges Defined by Oracle Label Security Policies
  • Special Access Privileges
    • READ Privilege
    • FULL Privilege
    • COMPACCESS Privilege
    • PROFILE_ACCESS Privilege
  • Special Row Label Privileges
    • WRITEUP Privilege
    • WRITEDOWN Privilege
    • WRITEACROSS Privilege
  • System Privileges, Object Privileges, and Policy Privileges
  • Access Mediation and Views
  • Access Mediation and Program Unit Execution
  • Access Mediation and Policy Enforcement Options
• Working with Multiple Oracle Label Security Policies
  • Multiple Oracle Label Security Policies in a Single Database
  • Multiple Oracle Label Security Policies in a Distributed Environment

Part II Using Oracle Label Security Functionality

4 Getting Started with Oracle Label Security

• Registering Oracle Label Security with an Oracle Database
  • About Registering Oracle Label Security
  • Checking if Oracle Label Security Has Been Registered and Enabled
  • Registering and Enabling Oracle Label Security from SQL*Plus
  • Registering and Enabling Oracle Label Security Using DBCA
• Enabling the LBACSYS Oracle Label Security User Account
• Logging into Cloud Control or SQL*Plus for Oracle Label Security
  • Logging into Oracle Label Security from Enterprise Manager Cloud Control
  • Logging into Oracle Label Security from SQL*Plus

5 Creating an Oracle Label Security Policy

• About Creating Oracle Label Security Policies
• Step 1: Create the Label Security Policy Container
  • About the Label Security Policy Container
  • Creating a Label Policy Container
• Step 2: Create Data Labels for the Label Security Policy
  • About Data Labels
  • About Policy Level Sensitivity Components
  • Creating a Policy Level Component
  • About Policy Compartment Components
  • Creating a Policy Compartment Component
  • About Policy Group Components
  • Creating a Policy Group Component
  • About Associating the Policy Components with a Named Data Label
  • Associating the Policy Components with a Named Data Label
• Step 3: Authorize Users for the Label Security Policy
  • About Authorizing Users for Label Security Policies
  • About Authorizing Levels
  • Authorizing a Level
  • About Authorizing Compartments
  • Authorizing a Compartment
  • About Authorizing Groups
  • Authorizing a Group
• Step 4: Grant Privileges to Users and Trusted Stored Program Units
  • About Granting Privileges to Users and Trusted Program Units for the Policy
  • Granting Privileges to a User
  • Granting Privileges to a Trusted Program Unit
• Step 5: Apply the Policy to a Database Table or Schema
  • About Applying the Policy to a Database Table or Schema
  • Applying a Policy to a Schema
• Step 6: Add Policy Labels to Table Rows
  • About Adding Policy Labels to Table Rows
  • Adding a Policy Label to a Table Row
• Step 7: (Optional) Configure Auditing
  • About Configuring Auditing
  • Configuring Auditing
• Using Enterprise Manager Cloud Control to Create an OLS Policy
  • Creating the Label Security Policy Container Using Cloud Control
  • Creating Policy Components Using Cloud Control
  • Creating Data Labels for the Policy Using Cloud Control
  • Authorizing, Granting Privileges, and Auditing Users for a Policy Using Cloud Control
  • Granting Privileges to Trusted Program Units Using Cloud Control
  • Applying a Policy to a Database Table with Cloud Control
  • Applying Policy Labels to Table Rows Using Cloud Control
  • Auditing Oracle Label Security Policies Using Cloud Control

6 Working with Labeled Data

• The Policy Label Column and Label Tags
  • The Policy Label Column
    • Hiding the Policy Label Column
  • Label Tags
    • Manually Defining Label Tags to Order Labels
    • Manually Defining Label Tags to Manipulate Data
    • Automatically Generated Label Tags
• Assigning Labels to Data Rows
• Presenting the Label
  • Converting a Character String to a Label Tag, with CHAR_TO_LABEL
  • Converting a Label Tag to a Character String, with LABEL_TO_CHAR
    • LABEL_TO_CHAR Examples
    • Retrieving All Columns from a Table When the Policy Label Column Is Hidden
• Filtering Data Using Labels
  • Using Numeric Label Tags in WHERE Clauses
  • Ordering Labeled Data Rows
  • Ordering by Character Representation of Label
  • Determining Upper and Lower Bounds of Labels
    • Finding Least Upper Bound with LEAST_UBOUND
    • Finding Greatest Lower Bound with GREATEST_LBOUND
  • Merging Labels with the MERGE_LABEL Function
• Inserting Labeled Data
  • Inserting Labels Using CHAR_TO_LABEL
  • Inserting Labels Using Numeric Label Tag Values
  • Inserting Data Without Specifying a Label
  • Inserting Data When the Policy Label Column Is Hidden
  • Inserting Labels Using TO_DATA_LABEL
• Changing Session and Row Labels

7 Oracle Label Security Using Oracle Internet Directory

• Introducing Label Management on Oracle Internet Directory
• Configuring Oracle Internet Directory-Enabled Label Security
  • Granting Permissions for Configuring OID-Enabled Oracle Label Security
  • Registering a Database and Configuring OID-Enabled Oracle Label Security
    • Step 1: Configure Your Oracle Home for Directory Usage
    • Step 2: Configure Oracle Internet Directory for Oracle Label Security
    • Step 2 Alternate: Configuring Database for OID-Enabled Oracle Label Security
    • Step 3: Set the DIP Password and Connect Data
  • Unregistering a Database with Oracle Internet Directory Enabled Oracle Label Security
• Removing Directory-Enabled Oracle Label Security from Database
• Oracle Label Security Profiles
• Integrated Capabilities When Label Security Uses the Directory
• Oracle Label Security Policy Attributes in Oracle Internet Directory
• Subscribing Policies in Directory-Enabled Label Security
• Restrictions on New Data Label Creation
• Administrator Duties for Oracle Internet Directory and Oracle Label Security
• Bootstrapping Databases
• Synchronizing the Database and Oracle Internet Directory
  • About Synchronizing the Database and Oracle Internet Directory
  • Oracle Directory Integration and Provisioning (DIP) Provisioning Profiles
  • Disabling, Changing, and Enabling a Provisioning Profile
  • Changing the Database Connection Information for a Provisioning Profile
  • Configuring Oracle Directory-Enabled Oracle Label Security with Oracle Data Guard
    • About Registering Oracle Label Security Failover with Oracle Internet Directory
    • Step 1: Set Up Directory-Enabled Oracle Label Security with Data Guard
    • Step 2: After the Switchover, Update the OID Provisioning Profile
• Security Roles and Permitted Actions
  • Restriction on Policy Creators for Directory-enabled Oracle Label Security
• Superseded PL/SQL Statements
• Procedures for Policy Administrators Only

Part III Administering an Oracle Label Security Application

8 Implementing Policy Enforcement Options and Labeling Functions

• Choosing Policy Options
  • About Policy Enforcement Options
  • Levels of Policy Enforcement Options
  • Categories of Policy Enforcement Options
  • Relationships of Policy Enforcement Options
  • The HIDE Policy Column Option
  • The Label Management Enforcement Options
    • LABEL_DEFAULT: Using the Session's Default Row Label
    • LABEL_UPDATE: Changing Data Labels
    • CHECK_CONTROL: Checking Data Labels
  • The Access Control Enforcement Options
    • READ_CONTROL: Reading Data
    • WRITE_CONTROL: Writing Data
    • INSERT_CONTROL, UPDATE_CONTROL, and DELETE_CONTROL
  • The Overriding Enforcement Options
  • Guidelines for Using the Policy Enforcement Options
  • Exemptions from Oracle Label Security Policy Enforcement
  • Viewing Policy Options on Tables and Schemas
• Using a Labeling Function
  • Labeling Data Rows under Oracle Label Security
  • Understanding Labeling Functions in Oracle Label Security Policies
  • Creating a Labeling Function for a Policy
  • Specifying a Labeling Function in a Policy
• Inserting Labeled Data Using Policy Options and Labeling Functions
  • Evaluating Enforcement Control Options and INSERT
  • Inserting Labels When a Labeling Function Is Specified
  • Inserting Child Rows into Tables with Declarative Referential Integrity Enabled
• Updating Labeled Data Using Policy Options and Labeling Functions
  • Updating Labels Using CHAR_TO_LABEL
  • Evaluating Enforcement Control Options and UPDATE
  • Updating Labels When a Labeling Function Is Specified
  • Updating Child Rows in Tables with Declarative Referential Integrity Enabled
• Deleting Labeled Data Using Policy Options and Labeling Functions
• Using a SQL Predicate with an Oracle Label Security Policy
  • Modifying an Oracle Label Security Policy with a SQL Predicate
  • Affecting Oracle Label Security Policies with Multiple SQL Predicates

9 Administering and Using Trusted Stored Program Units

• Introduction to Trusted Stored Program Units
  • How a Trusted Stored Program Unit Runs
  • Trusted Stored Program Unit Example
• Creating and Compiling Trusted Stored Program Units
  • Creating Trusted Stored Program Units
  • Setting Privileges for Trusted Stored Program Units
  • Recompiling Trusted Stored Program Units
  • Re-creating Trusted Stored Program Units
  • Running Trusted Stored Program Units
• Setting and Returning Label Information

10 Auditing Under Oracle Label Security

• Overview of Oracle Label Security Auditing
• Enabling Systemwide Auditing: AUDIT_TRAIL Initialization Parameter
• Enabling Oracle Label Security Auditing
• Oracle Label Security and Unified Auditing
• Oracle Label Security Auditing Tips
  • Strategy for Setting SA_AUDIT_ADMIN Options
  • Auditing Privileged Operations

11 Using Oracle Label Security with a Distributed Database

• An Oracle Label Security Distributed Configuration
• Connecting to a Remote Database Under Oracle Label Security
• Establishing Session Label and Row Label for a Remote Session
• Setting Up Labels in a Distributed Environment
  • Setting Label Tags in a Distributed Environment
  • Setting Numeric Form of Label Components in a Distributed Environment
• Using Oracle Label Security Policies in a Distributed Environment
• Using Replication with Oracle Label Security
  • Introduction to Replication Under Oracle Label Security
    • Replication Functionality Supported by Oracle Label Security
    • Row-Level Security Restriction on Replication Under Oracle Label Security
  • Contents of a Materialized View
    • How Materialized View Contents Are Determined
    • Complete Materialized Views
    • Partial Materialized Views
  • Requirements for Creating Materialized Views Under Oracle Label Security
    • Requirements for a Replication Administrator
    • Requirements for the Owner of the Materialized View
    • Requirements for Creating Partial Multilevel Materialized Views
    • Requirements for Creating Complete Multilevel Materialized Views
  • How to Refresh Materialized Views

12 Performing DBA Functions Under Oracle Label Security

• Using Oracle Data Pump Export with Oracle Label Security
  • Full Database Export
  • Schema and Table-Level Export
• Using Data Pump Import with Oracle Label Security
  • Full Database Import for the LBACSYS Schema Metadata
  • Schema and Table Level Import
    • Requirements for Import Under Oracle Label Security
    • Defining Data Labels for Import
    • Importing Labeled Data Without Installing Oracle Label Security
    • Importing Unlabeled Data
    • Importing Tables with Hidden Columns
• Using SQL*Loader with Oracle Label Security
  • Requirements for Using SQL*Loader Under Oracle Label Security
  • Oracle Label Security Input to SQL*Loader
• Performance Tips for Oracle Label Security
  • Using ANALYZE to Improve Oracle Label Security Performance
  • Creating Indexes on the Policy Label Column
  • Planning a Label Tag Strategy to Enhance Performance
  • Partitioning Data Based on Numeric Label Tags
• Creating Additional Databases After Installation
• Oracle Label Security Upgrades and Downgrades
  • Oracle Label Security Release 12.1 Upgrades
  • Oracle Label Security Downgrades

13 Releasability Using Inverse Groups

• Introduction to Inverse Groups and Releasability
• Comparing Standard Groups and Inverse Groups
• How Inverse Groups Work
  • Implementing Inverse Groups with the INVERSE_GROUP Enforcement Option
  • Inverse Groups and Label Components
  • Computed Labels with Inverse Groups
    • Computed Session Labels with Inverse Groups
    • Inverse Groups and Computed Max Read Groups and Max Write Groups
  • Inverse Groups and Hierarchical Structure
  • Inverse Groups and User Privileges
• Algorithm for Read Access with Inverse Groups
• Algorithm for Write Access with Inverse Groups
• Algorithms for COMPACCESS Privilege with Inverse Groups
• Session Labels and Inverse Groups
  • Setting Initial Session/Row Labels for Standard or Inverse Groups
    • Standard Groups: Rules for Changing Initial Session/Row Labels
    • Inverse Groups: Rules for Changing Initial Session/Row Labels
  • Setting Current Session/Row Labels for Standard or Inverse Groups
    • Standard Groups: Rules for Changing Current Session/Row Labels
    • Inverse Groups: Rules for Changing Current Session/Row Labels
  • Examples of Session Labels and Inverse Groups
    • Inverse Groups Example 1
    • Inverse Groups Example 2
• Changes in Behavior of Procedures with Inverse Groups
  • SA_SYSDBA.CREATE_POLICY with Inverse Groups
  • SA_SYSDBA.ALTER_POLICY with Inverse Groups
  • SA_USER_ADMIN.ADD_GROUPS with Inverse Groups
  • SA_USER_ADMIN.ALTER_GROUPS with Inverse Groups
  • SA_USER_ADMIN.SET_GROUPS with Inverse Groups
  • SA_USER_ADMIN.SET_USER_LABELS with Inverse Groups
  • SA_USER_ADMIN.SET_DEFAULT_LABEL with Inverse Groups
  • SA_USER_ADMIN.SET_ROW_LABEL with Inverse Groups
  • SA_COMPONENTS.CREATE_GROUP with Inverse Groups
  • SA_COMPONENTS.ALTER_GROUP_PARENT with Inverse Groups
  • SA_SESSION.SET_LABEL with Inverse Groups
  • SA_SESSION.SET_ROW_LABEL with Inverse Groups
  • LEAST_UBOUND with Inverse Groups
  • GREATEST_LBOUND with Inverse Groups
• Dominance Rules for Labels with Inverse Groups

Part IV Appendixes

A Disabling and Enabling Oracle Label Security

• When You Must Disable Oracle Label Security
• Checking if Oracle Label Security Is Enabled or Disabled
• Disabling Oracle Label Security
• Enabling Oracle Label Security

B Advanced Topics in Oracle Label Security

• Analyzing the Relationships Between Labels
  • About Dominant and Dominated Labels
  • Non-Comparable Labels
  • Using Dominance Functions
    • About the Dominance Functions
    • OLS_DOMINATES Standalone Function
    • OLS_LABEL_DOMINATES Standalone Function
    • OLS_STRICTLY_DOMINATES Standalone Function
    • OLS_DOMINATED_BY Standalone Function
    • OLS_STRICTLY_DOMINATED_BY Standalone Function
    • SA_UTL.DOMINATES
    • SA_UTL.STRICTLY_DOMINATES
    • SA_UTL.DOMINATED_BY
    • SA_UTL.STRICTLY_DOMINATED_BY
• Querying for Audited Oracle Label Security Session Labels
  • LBACSYS.ORA_GET_AUDITED_LABEL Function
• Oracle Call Interface for Setting Session Labels
  • Using OCI with SYS_CONTEXT

C Command-line Tools for Label Security Using Oracle Internet Directory

• Command Explanations
• Relating Parameters to Commands for olsadmintool
  • Summaries
• Examples of Using olsadmintool
  • Make Other Users Policy Creators
  • Create Policies with Valid Options
  • Create Policy Administrators
  • Create Some Levels
  • Create Some Compartments
  • Create Some Groups
  • Create Some Labels
  • Create a Profile
  • Add a User to the Profile
  • Add Another User to the Profile
  • Set Some Audit Options
  • Results of These Examples

D Oracle Label Security in an Oracle RAC Environment

• Using Oracle Label Security Policy Functions in an Oracle RAC Environment
• Using Transparent Application Failover in Oracle Label Security

E Oracle Label Security PL/SQL Packages

• SA_AUDIT_ADMIN Oracle Label Security Auditing PL/SQL Package
  • SA_AUDIT_ADMIN.AUDIT Procedure
  • SA_AUDIT_ADMIN.AUDIT_LABEL Procedure
  • SA_AUDIT_ADMIN.AUDIT_LABEL_ENABLED Function
  • SA_AUDIT_ADMIN.CREATE_VIEW Procedure
  • SA_AUDIT_ADMIN.DROP_VIEW Procedure
  • SA_AUDIT_ADMIN.NOAUDIT Procedure
  • SA_AUDIT_ADMIN.NOAUDIT_LABEL Procedure
• SA_COMPONENTS Label Components PL/SQL Package
  • SA_COMPONENTS.ALTER_COMPARTMENT Procedure
  • SA_COMPONENTS.ALTER_GROUP Procedure
  • SA_COMPONENTS.ALTER_GROUP_PARENT Procedure
  • SA_COMPONENTS.ALTER_LEVEL Procedure
  • SA_COMPONENTS.CREATE_COMPARTMENT Procedure
  • SA_COMPONENTS.CREATE_GROUP Procedure
  • SA_COMPONENTS.CREATE_LEVEL Procedure
  • SA_COMPONENTS.DROP_COMPARTMENT Procedure
  • SA_COMPONENTS.DROP_GROUP Procedure
  • SA_COMPONENTS.DROP_LEVEL Procedure
• SA_LABEL_ADMIN Label Management PL/SQL Package
  • SA_LABEL_ADMIN.ALTER_LABEL Procedure
  • SA_LABEL_ADMIN.CREATE_LABEL Procedure
  • SA_LABEL_ADMIN.DROP_LABEL Procedure
• SA_POLICY_ADMIN Policy Administration PL/SQL Package
  • SA_POLICY_ADMIN.ALTER_SCHEMA_POLICY Procedure
  • SA_POLICY_ADMIN.APPLY_SCHEMA_POLICY Procedure
  • SA_POLICY_ADMIN.APPLY_TABLE_POLICY Procedure
  • SA_POLICY_ADMIN.DISABLE_SCHEMA_POLICY Procedure
  • SA_POLICY_ADMIN.DISABLE_TABLE_POLICY Procedure
  • SA_POLICY_ADMIN.ENABLE_SCHEMA_POLICY Procedure
  • SA_POLICY_ADMIN.ENABLE_TABLE_POLICY Procedure
  • SA_POLICY_ADMIN.POLICY_SUBSCRIBE Procedure
  • SA_POLICY_ADMIN.POLICY_UNSUBSCRIBE Procedure
  • SA_POLICY_ADMIN.REMOVE_SCHEMA_POLICY Procedure
  • SA_POLICY_ADMIN.REMOVE_TABLE_POLICY Procedure
• SA_SESSION Session Management PL/SQL Package
  • SA_SESSION.COMP_READ Function
  • SA_SESSION.COMP_WRITE Function
  • SA_SESSION.GROUP_READ Function
  • SA_SESSION.GROUP_WRITE Function
  • SA_SESSION.LABEL Function
  • SA_SESSION.MAX_LEVEL Function
  • SA_SESSION.MAX_READ_LABEL Function
  • SA_SESSION.MAX_WRITE_LABEL Function
  • SA_SESSION.MIN_LEVEL Function
  • SA_SESSION.MIN_WRITE_LABEL Function
  • SA_SESSION.PRIVS Function
  • SA_SESSION.RESTORE_DEFAULT_LABELS Procedure
  • SA_SESSION.ROW_LABEL Function
  • SA_SESSION.SET_LABEL Procedure
  • SA_SESSION.SA_USER_NAME Function
  • SA_SESSION.SAVE_DEFAULT_LABELS Procedure
  • SA_SESSION.SET_ACCESS_PROFILE Procedure
  • SA_SESSION.SET_ROW_LABEL Procedure
• SA_SYSDBA Policy Management PL/SQL Package
  • SA_SYSDBA.ALTER_POLICY Procedure
  • SA_SYSDBA.CREATE_POLICY Procedure
  • SA_SYSDBA.DISABLE_POLICY Procedure
  • SA_SYSDBA.DROP_POLICY Procedure
  • SA_SYSDBA.ENABLE_POLICY Procedure
• SA_USER_ADMIN User, Levels, Groups, and Compartments PL/SQL Package
  • SA_USER_ADMIN.ADD_COMPARTMENTS Procedure
  • SA_USER_ADMIN.ADD_GROUPS Procedure
  • SA_USER_ADMIN.ALTER_COMPARTMENTS Procedure
  • SA_USER_ADMIN.ALTER_GROUPS Procedure
  • SA_USER_ADMIN.DROP_ALL_COMPARTMENTS Procedure
  • SA_USER_ADMIN.DROP_ALL_GROUPS Procedure
  • SA_USER_ADMIN.DROP_COMPARTMENTS Procedure
  • SA_USER_ADMIN.DROP_GROUPS Procedure
  • SA_USER_ADMIN.DROP_USER_ACCESS Procedure
  • SA_USER_ADMIN.SET_COMPARTMENTS Procedure
  • SA_USER_ADMIN.SET_DEFAULT_LABEL Procedure
  • SA_USER_ADMIN.SET_GROUPS Procedure
  • SA_USER_ADMIN.SET_LEVELS Procedure
  • SA_USER_ADMIN.SET_PROG_PRIVS Procedure
  • SA_USER_ADMIN.SET_ROW_LABEL Procedure
  • SA_USER_ADMIN.SET_USER_LABELS Procedure
  • SA_USER_ADMIN.SET_USER_PRIVS Procedure
• SA_UTL PL/SQL Utility Functions and Procedures
  • SA_UTL.CHECK_LABEL_CHANGE Function
  • SA_UTL.CHECK_READ Function
  • SA_UTL.CHECK_WRITE Function
  • SA_UTL.DATA_LABEL Function
  • SA_UTL.GREATEST_LBOUND Function
  • SA_UTL.LEAST_UBOUND Function
  • SA_UTL.NUMERIC_LABEL Function
  • SA_UTL.NUMERIC_ROW_LABEL Function
  • SA_UTL.SET_LABEL Procedure
  • SA_UTL.SET_ROW_LABEL Procedure

F Oracle Label Security Reference

• Oracle Label Security Data Dictionary Tables and Views
  • Oracle Database Data Dictionary Tables
  • Oracle Label Security Data Dictionary Views
    • ALL_SA_AUDIT_OPTIONS View
    • ALL_SA_COMPARTMENTS View
    • ALL_SA_DATA_LABELS View
    • ALL_SA_GROUPS View
    • ALL_SA_LABELS View
    • ALL_SA_LEVELS View
    • ALL_SA_POLICIES View
    • ALL_SA_PROG_PRIVS View
    • ALL_SA_SCHEMA_POLICIES View
    • ALL_SA_TABLE_POLICIES View
    • ALL_SA_USERS View
    • ALL_SA_USER_LABELS View
    • ALL_SA_USER_LEVELS View
    • ALL_SA_USER_PRIVS View
    • DBA_SA_AUDIT_OPTIONS View
    • DBA_SA_COMPARTMENTS View
    • DBA_SA_DATA_LABELS View
    • DBA_SA_GROUPS View
    • DBA_SA_GROUP_HIERARCHY View
    • DBA_SA_LABELS View
    • DBA_SA_LEVELS View
    • DBA_SA_POLICIES View
    • DBA_SA_PROG_PRIVS View
    • DBA_SA_SCHEMA_POLICIES View
    • DBA_SA_TABLE_POLICIES View
    • DBA_SA_USERS View
    • DBA_SA_USER_COMPARTMENTS View
    • DBA_SA_USER_GROUPS View
    • DBA_SA_USER_LABELS View
    • DBA_SA_USER_LEVELS View
    • DBA_SA_USER_PRIVS View
    • DBA_OLS_STATUS View
    • USER_SA_SESSION View
  • Oracle Label Security User-Created Auditing View
• Restrictions in Oracle Label Security
  • CREATE TABLE AS SELECT Restriction in Oracle Label Security
  • Label Tag Restriction
  • Export Restriction in Oracle Label Security
  • Oracle Label Security Removal Restriction
  • Shared Schema Support
  • Hidden Columns Restriction

G Frequently Asked Questions about Oracle Label Security

Index