Oracle LBAC_CACHE
Version 21c

General Information
Library Note Morgan's Library Page Header
ACE Director Alum Daniel Morgan, founder of Morgan's Library, is scheduling complimentary technical Workshops on Database Security for the first 30 Oracle Database customers located anywhere in North America, EMEA, LATAM, or APAC that send an email to asra_us@oracle.com. Request a Workshop for your organization today.
Purpose Undocumented Label Security support utilities.
AUTHID DEFINER
Dependencies
ALL_SA_AUDIT_OPTIONS DBA_LBAC_TABLE_POLICIES LBAC_SERVICES
ALL_SA_COMPARTMENTS DBA_SA_AUDIT_OPTIONS LBAC_SESSION
ALL_SA_DATA_LABELS DBA_SA_DATA_LABELS LBAC_STANDARD
ALL_SA_GROUPS DBA_SA_POLICIES LBAC_SYSDBA
ALL_SA_GROUP_HIERARCHY DBA_SA_SCHEMA_POLICIES LBAC_UTL
ALL_SA_LABELS DBA_SA_TABLE_POLICIES OID_ENABLED
ALL_SA_LEVELS DBA_SA_USERS OLS$DATAPUMP
ALL_SA_POLICIES DBA_SA_USER_LABELS OLS_DIP_NTFY
ALL_SA_PROGRAMS DBA_SA_USER_PRIVS ORA_GET_AUDITED_LABEL
ALL_SA_PROG_PRIVS DBMS_ASSERT PRIVS_TO_CHAR
ALL_SA_SCHEMA_POLICIES DBMS_SESSION PRIVS_TO_CHAR_N
ALL_SA_TABLE_POLICIES DBMS_UTILITY SA$POL
ALL_SA_USERS LBAC$CACHE_LIBT SA_AUDIT_ADMIN
ALL_SA_USER_COMPARTMENTS LBAC$SA SA_COMPONENTS
ALL_SA_USER_GROUPS LBAC$SA_LABELS SA_LABEL_ADMIN
ALL_SA_USER_LABELS LBAC_EVENTS SA_SESSION
ALL_SA_USER_LEVELS LBAC_EXP SA_USER_ADMIN_INT
ALL_SA_USER_PRIVS LBAC_LGSTNDBY_UTIL SA_UTL
DBA_LBAC_POLICIES LBAC_POLICY_ADMIN_INT TO_LABEL_LIST
DBA_LBAC_SCHEMA_POLICIES    
Documented Not in the docs but there is limited information at support.oracle.com
Exceptions
Error Code Reason
ORA-12458 Oracle Label Security not enabled
First Available Not known
Security Model Owned by LBACSYS with no privileges granted
Source {ORACLE_HOME}/rdbms/admin/prvtolsdd.plb
Subprograms
BYPASSALL INVERSE_GROUP OPTION_NUMBER
BYPASSREAD IS_DIP_SET OPTION_STRING
CACHE_TAGS IS_FAILOVER OPTION_STRING_IMP
CACHE_TAGS_INV IS_OID_CONFIGURED PACKAGE
CANONICALIZE_IDENTIFIER IS_OLS_ENABLED POLICYEXISTS
CHECK_POLICYADMIN IS_OP_ALLOWED_LOGICAL POLICY_NAME
CHECK_POLICYROLE IS_RAC_ENABLED POL_NUMBER
CHECK_POLICYSUBSCRIBED MAX_SES_POLICY_ID SET_ALTER_ALLOW
COLUMN_NAME OID_ENABLED SET_DIP_FLAG
FAILEDSTARTUP OID_SUBSCRIBE STORE_DEFAULT_OPTIONS
GET_UNIQUE_ID OID_UNSUBSCRIBE UPDATE_PROPS_TABLE
 
BYPASSALL
Undocumented lbac_cache.bypassAll(policy_name IN VARCHAR2) RETURN BOOLEAN;
TBD
 
BYPASSREAD
Undocumented lbac_cache.bypassRead(policy_name IN VARCHAR2) RETURN BOOLEAN;
TBD
 
CACHE_TAGS
Undocumented lbac_cache.cache_tags(refresh IN BOOLEAN);
exec lbacsys.lbac_cache.cache_tags(TRUE);

PL/SQL procedure successfully completed.
 
CACHE_TAGS_INV
Undocumented lbac_cache.cache_tags_inv(polid IN BINARY_INTEGER);
TBD
 
CANONICALIZE_IDENTIFIER
Undocumented lbac_cache.canonicalize_identifier(
name      IN  VARCHAR2,
parameter IN  VARCHAR2,
result    OUT VARCHAR2);
TBD
 
CHECK_POLICYADMIN
Undocumented lbac_cache.check_policyAdmin(policy_name IN VARCHAR2) RETURN BOOLEAN;
TBD
 
CHECK_POLICYROLE
Undocumented lbac_cache.check_policyRole(
policy_name  IN VARCHAR2,
audit_action IN BINARY_INTEGER)
RETURN BOOLEAN;
TBD
 
CHECK_POLICYSUBSCRIBED
Undocumented lbac_cache.check_policySubscribed(policy_name IN VARCHAR2) RETURN BOOLEAN;
TBD
 
COLUMN_NAME
Undocumented lbac_cache.column_name(policy_name IN VARCHAR2) RETURN VARCHAR2;
TBD
 
FAILEDSTARTUP
Undocumented lbac_cache.failedStartup(policy_name IN VARCHAR2) RETURN BOOLEAN;
TBD
 
GET_UNIQUE_ID
Undocumented lbac_cache.get_unique_id RETURN VARCHAR2;
SELECT lbac_cache.get_unique_id
FROM dual;

SELECT NVL(lbacsys.lbac_cache.get_unique_id, 'Problem!') AS UID
FROM dual;
 
INVERSE_GROUP
Undocumented lbac_cache.inverse_group(pol_number IN BINARY_INTEGER) RETURN BOOLEAN;
TBD
 
IS_DIP_SET
Undocumented lbac_cache.is_dip_set RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.is_dip_set THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
BEGIN
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 316
ORA-06512: at line 2
 
IS_FAILOVER
Clearly "FAILOVER" is not just a reference to RAC though it may well be RAC related lbac_cache.is_failover RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.is_failover THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
BEGIN
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 452
ORA-06512: at line 2
 
IS_OID_CONFIGURED
Returns TRUE if Oracle Identity Management is configured, else FALSE lbac_cache.is_oid_configured RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.is_oid_configured THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
F

PL/SQL procedure successfully completed.
 
IS_OLS_ENABLED
Returns TRUE if Oracle Label Security is configured, else FALSE lbac_cache.is_ols_enabled RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.is_ols_enabled THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
F

PL/SQL procedure successfully completed.
 
IS_OP_ALLOWED_LOGICAL
Undocumented lbac_cache.is_op_allowed_logical;
exec lbacsys.lbac_cache.is_op_allowed_logical;

PL/SQL procedure successfully completed.
 
IS_RAC_ENABLED
Undocumented lbac_cache.is_rac_enabled RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.is_rac_enabled THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
BEGIN
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 439
ORA-06512: at line 2
 
MAX_SES_POLICY_ID
Undocumented lbac_cache.max_ses_policy_id RETURN BINARY_INTEGER;
SELECT lbacsys.lbac_cache.max_ses_policy_id
FROM dual;
SELECT lbacsys.lbac_cache.max_ses_policy_id
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 173
 
OID_ENABLED
Returns TRUE if Oracle Identity Management is enabled but fails with an exception if it is not

Note: OID_ENABLED is also a wrapped stand-alone PL/SQL function owned by LBACSYS that it appears is called by this function		 lbac_cache.oid_enabled RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.oid_enabled THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
BEGIN
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 292
ORA-06512: at line 2
 
OID_SUBSCRIBE
Undocumented lbac_cache.oid_subscribe(policy_name IN VARCHAR2);
TBD
 
OID_UNSUBSCRIBE
Undocumented lbac_cache.oid_unsubscribe(policy_name IN VARCHAR2);
TBD
 
OPTION_NUMBER
Undocumented lbac_cache.option_number(options IN VARCHAR2) RETURN BINARY_INTEGER;
TBD
 
OPTION_STRING
Undocumented lbac_cache.option_string(options IN BINARY_INTEGER) RETURN VARCHAR2;
-- found in catolsddv.sql

CREATE OR REPLACE VIEW LBACSYS.dba_lbac_policies
(policy_name, column_name, package, status, policy_options, policy_subscribed) AS
SELECT pol_name, column_name, package,
       DECODE(BITAND(flags,1),0,'DISABLED',1,'ENABLED','ERROR'),
       lbacsys.lbac_cache.option_string(options),
       DECODE(BITAND(flags,16),0,'FALSE',16,'TRUE','ERROR')
FROM LBACSYS.ols$pol;
 
OPTION_STRING_IMP
Undocumented lbac_cache.option_string_imp(options IN BINARY_INTEGER) RETURN VARCHAR2;
TBD
 
PACKAGE
Undocumented lbac_cache.package(policy_name IN VARCHAR2) RETURN VARCHAR2;
TBD
 
POLICYEXISTS
Undocumented lbac_cache.policyExists(policy_name IN VARCHAR2) RETURN BOOLEAN;
BEGIN
  IF lbacsys.lbac_cache.policyExists('ZZYZX') THEN
    dbms_output.put_line('T');
  ELSE
    dbms_output.put_line('F');
  END IF;
END;
/
BEGIN
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 144
ORA-06512: at line 2
 
POLICY_NAME
Returns the policy name corresponding to a policy identifier lbac_cache.policy_name(policy_id IN BINARY_INTEGER) RETURN VARCHAR2;
-- found in database catolsddv.sql

CREATE OR REPLACE VIEW LBACSYS.all_sa_levels AS
SELECT p.pol_name as policy_name, l.level# AS level_num, l.code AS short_name,
       l.name AS long_name
FROM lbacsysS.sa$pol p, lbacsys.ols$levels l
WHERE p.pol# = l.pol#
AND p.pol# IN (
  SELECT pol#
  FROM lbacsys.sa$admin
  WHERE usr_name = SYS_CONTEXT('USERENV', 'CURRENT_USER'))
UNION
SELECT p.pol_name as policy_name, l.level# AS level_num, l.code AS short_name,
       l.name AS long_name
FROM lbacsys.sa$pol p, lbacsys.ols$levels l, lbacsys.ols$user_levels ul
WHERE p.pol# = l.pol#
AND l.pol# = ul.pol#
AND l.level# <= ul.max_level
AND ul.usr_name =
    lbacsys.sa_session.sa_user_name(lbacsys.lbac_cache.policy_name(ul.pol#));
 
POL_NUMBER
Returns the policy identifier corresponding to a policy name lbac_cache.pol_number(policy_name IN VARCHAR2) RETURN BINARY_INTEGER;
TBD
 
SET_ALTER_ALLOW
Undocumented lbac_cache.set_alter_allow(allow IN NUMBER);
TBD
 
SET_DIP_FLAG
Undocumented lbac_cache.set_dip_flag(dip_flag IN BINARY_INTEGER);
exec lbacsys.lbac_cache.set_dip_flag(1);
BEGIN lbacsys.lbac_cache.set_dip_flag(1); END;
*
ERROR at line 1:
ORA-12458: Oracle Label Security not enabled
ORA-06512: at "LBACSYS.LBAC_CACHE", line 305
ORA-06512: at line 1
 
STORE_DEFAULT_OPTIONS
Undocumented lbac_cache.store_default_options(
policy_name     IN VARCHAR2,
default_options IN BINARY_INTEGER);
TBD
 
UPDATE_PROPS_TABLE
Undocumented lbac_cache.update_props_table(
ols_oid IN BINARY_INTEGER,
remove  IN BOOLEAN);
exec lbacsys.lbac_cache.update_props_table(0, TRUE);

Related Topics
Built-in Functions
Built-in Packages
Database Security
LBAC_EVENTS
LBAC_EXP
LBAC_POLICY_ADMIN
LBAC_POLICY_ADMIN_INT
LBAC_SESSION
LBAC_RLS
LBAC_STANDARD
LBAC_SYSDBA
SA_SESSION
What's New In 21c
What's New In 23c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2023 Daniel A. Morgan All Rights Reserved
  DBSecWorx