Oracle LBAC_SYSDBA
Version 21c

General Information
Library Note Morgan's Library Page Header
ACE Director Alum Daniel Morgan, founder of Morgan's Library, is scheduling complimentary technical Workshops on Database Security for the first 30 Oracle Database customers located anywhere in North America, EMEA, LATAM, or APAC that send an email to asra_us@oracle.com. Request a Workshop for your organization today.
Purpose Manages Oracle Label Security policies, such as creating, altering and or disabling.
AUTHID DEFINER
Dependencies
DBMS_ASSERT LBAC$USER_LIBT LBAC_UTL
DBMS_DATAPUMP LBAC_CACHE OLS$POL
DBMS_PRIV_CAPTURE LBAC_LGSTNDBY_UTIL OLS$POLT
DBMS_SQL LBAC_SERVICES OLS_UTIL_WRAPPER
DBMS_STANDARD LBAC_STANDARD SA_SYSDBA
Documented No
Exceptions
Error Code Reason
ORA-12458 Oracle Label Security not enabled
First Available 10.1
Policy Enforcement Options
ALL_CONTROL LABEL_DEFAULT READ_CONTROL
CHECK_CONTROL LABEL_UPDATE UPDATE_CONTROL
DELETE_CONTROL NO_CONTROL WRITE_CONTROL
INSERT_CONTROL    
Security Model Owned by LBACSYS with no privileges granted.
-- sys must perform the following

GRANT inherit privileges ON USER sys TO lbacsys;
GRANT lbac_dba to SYS;
Source {ORACLE_HOME}/rdbms/admin/prvtolsdd.plb
Subprograms
 
ALTER_POLICY
Alter an OLS policy lbac_sysdba.alter_policy(
policy_name     IN VARCHAR2,
default_options IN VARCHAR2,
column_name     IN VARCHAR2,
username        IN VARCHAR2,
create_policy   IN BOOLEAN);
exec lbac_sysdba.alter_policy('DATA_ACCESS', 'READ_CONTROL, DELETE_CONTROL', 'ID_CTRL', 'UWCLASS', FALSE);
 
CREATE_POLICY
Creates a new Label Security policy, defining a package and a policy-specific column name lbac_sysdba.create_policy(
policy_name IN VARCHAR2,
package     IN VARCHAR2,
column_name IN VARCHAR2,
username    IN VARCHAR2);
TBD
 
DISABLE_POLICY
Disable an OLS policy lbac_sysdba.disable_policy(policy_name IN VARCHAR2);
exec lbacsys.lbac_sysdba.disable_policy('DATA_ACCESS');
 
DROP_POLICY
Drop an OLS policy lbac_sysdba.drop_policy(
policy_name IN VARCHAR2,
drop_column IN BOOLEAN,
username    IN VARCHAR2);
exec lbacsys.lbac_sysdba.drop_policy('DATA_ACCESS', TRUE, 'UWCLASS');
 
ENABLE_POLICY
Enable an OLS policy lbac_sysdba.enable_policy(policy_name IN VARCHAR2);
exec lbacsys.lbac_sysdba.enable_policy('DATA_ACCESS');

Related Topics
LBAC_EVENTS
LBAC_EXP
LBAC_POLICY_ADMIN
LBAC_SESSION
LBAC_STANDARD
LBAC_SYSDBA
OLS$DATAPUMP
OLS_ENFORCEMENT
OLS_UTIL_WRAPPER
Oracle Label Security (OLS)
SA_COMPONENTS
SA_LABEL_ADMIN
SA_SYSDBA
SA_USER_ADMIN
TO_LABEL_LIST
What's New In 21c
What's New In 23c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2023 Daniel A. Morgan All Rights Reserved
  DBSecWorx