ACE Director Alum Daniel Morgan, founder of Morgan's Library, is scheduling
complimentary technical Workshops on Database Security for the first 30
Oracle Database customers located anywhere in North America, EMEA, LATAM, or
APAC that send an email to
asra_us@oracle.com. Request a Workshop for
your organization today.
Purpose
Undocumented Label Security support utilities.
AUTHID
DEFINER
Dependencies
ALL_SA_AUDIT_OPTIONS
DBA_LBAC_TABLE_POLICIES
LBAC_SERVICES
ALL_SA_COMPARTMENTS
DBA_SA_AUDIT_OPTIONS
LBAC_SESSION
ALL_SA_DATA_LABELS
DBA_SA_DATA_LABELS
LBAC_STANDARD
ALL_SA_GROUPS
DBA_SA_POLICIES
LBAC_SYSDBA
ALL_SA_GROUP_HIERARCHY
DBA_SA_SCHEMA_POLICIES
LBAC_UTL
ALL_SA_LABELS
DBA_SA_TABLE_POLICIES
OID_ENABLED
ALL_SA_LEVELS
DBA_SA_USERS
OLS$DATAPUMP
ALL_SA_POLICIES
DBA_SA_USER_LABELS
OLS_DIP_NTFY
ALL_SA_PROGRAMS
DBA_SA_USER_PRIVS
ORA_GET_AUDITED_LABEL
ALL_SA_PROG_PRIVS
DBMS_ASSERT
PRIVS_TO_CHAR
ALL_SA_SCHEMA_POLICIES
DBMS_SESSION
PRIVS_TO_CHAR_N
ALL_SA_TABLE_POLICIES
DBMS_UTILITY
SA$POL
ALL_SA_USERS
LBAC$CACHE_LIBT
SA_AUDIT_ADMIN
ALL_SA_USER_COMPARTMENTS
LBAC$SA
SA_COMPONENTS
ALL_SA_USER_GROUPS
LBAC$SA_LABELS
SA_LABEL_ADMIN
ALL_SA_USER_LABELS
LBAC_EVENTS
SA_SESSION
ALL_SA_USER_LEVELS
LBAC_EXP
SA_USER_ADMIN_INT
ALL_SA_USER_PRIVS
LBAC_LGSTNDBY_UTIL
SA_UTL
DBA_LBAC_POLICIES
LBAC_POLICY_ADMIN_INT
TO_LABEL_LIST
DBA_LBAC_SCHEMA_POLICIES
Documented
Not in the docs but there is limited information at support.oracle.com
BEGIN
IF lbacsys.lbac_cache.is_dip_set THEN
dbms_output.put_line('T');
ELSE
dbms_output.put_line('F');
END IF;
END;
/
BEGIN
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 316
ORA-06512: at line 2
Clearly "FAILOVER" is not just a reference to RAC though it may well be RAC related
lbac_cache.is_failover RETURN BOOLEAN;
BEGIN
IF lbacsys.lbac_cache.is_failover THEN
dbms_output.put_line('T');
ELSE
dbms_output.put_line('F');
END IF;
END;
/
BEGIN
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 452
ORA-06512: at line 2
BEGIN
IF lbacsys.lbac_cache.is_rac_enabled THEN
dbms_output.put_line('T');
ELSE
dbms_output.put_line('F');
END IF;
END;
/
BEGIN
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 439
ORA-06512: at line 2
SELECT lbacsys.lbac_cache.max_ses_policy_id
FROM dual;
SELECT lbacsys.lbac_cache.max_ses_policy_id
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 173
Returns TRUE if Oracle Identity Management is enabled but fails with an exception if it is not
Note: OID_ENABLED is also a wrapped stand-alone PL/SQL function owned by LBACSYS that it appears is called by this function
lbac_cache.oid_enabled RETURN BOOLEAN;
BEGIN
IF lbacsys.lbac_cache.oid_enabled THEN
dbms_output.put_line('T');
ELSE
dbms_output.put_line('F');
END IF;
END;
/
BEGIN
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 292
ORA-06512: at line 2
lbac_cache.policyExists(policy_name IN VARCHAR2) RETURN BOOLEAN;
BEGIN
IF lbacsys.lbac_cache.policyExists('ZZYZX') THEN
dbms_output.put_line('T');
ELSE
dbms_output.put_line('F');
END IF;
END;
/
BEGIN
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 144
ORA-06512: at line 2
Returns the policy name corresponding to a policy identifier
lbac_cache.policy_name(policy_id IN BINARY_INTEGER) RETURN VARCHAR2;
-- found in database catolsddv.sql
CREATE OR REPLACE VIEW LBACSYS.all_sa_levels AS
SELECT p.pol_name as policy_name, l.level# AS level_num, l.code AS short_name,
l.name AS long_name
FROM lbacsysS.sa$pol p, lbacsys.ols$levels l
WHERE p.pol# = l.pol#
AND p.pol# IN (
SELECT pol#
FROM lbacsys.sa$admin
WHERE usr_name = SYS_CONTEXT('USERENV', 'CURRENT_USER'))
UNION
SELECT p.pol_name as policy_name, l.level# AS level_num, l.code AS short_name,
l.name AS long_name
FROM lbacsys.sa$pol p, lbacsys.ols$levels l, lbacsys.ols$user_levels ul
WHERE p.pol# = l.pol#
AND l.pol# = ul.pol#
AND l.level# <= ul.max_level
AND
ul.usr_name =
lbacsys.sa_session.sa_user_name(lbacsys.lbac_cache.policy_name(ul.pol#));
lbac_cache.set_dip_flag(dip_flag IN BINARY_INTEGER);
exec lbacsys.lbac_cache.set_dip_flag(1);
BEGIN lbacsys.lbac_cache.set_dip_flag(1); END;
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 305
ORA-06512: at line 1