ACE Director Alum Daniel Morgan, founder of Morgan's Library, is scheduling
complimentary technical Workshops on Database Security for the first 30
Oracle Database customers located anywhere in North America, EMEA, LATAM, or
APAC that send an email to
asra_us@oracle.com. Request a Workshop for
your organization today.
Purpose
This package configures auditing for labels and policies specific to Oracle Label Security and, in addition, creates an auditing-related view.
AUTHID
DEFINER
Dependencies
DBMS_ASSERT
LBAC_CACHE
LBAC_UTL
DBMS_STANDARD
LBAC_SERVICES
OLS$POL
LBAC$USER_LIBT
LBAC_STANDARD
OLS_DIP_NTFY
Documented
Yes
First Available
10.1
Security Model
Owned by LBACSYS with no privileges granted.
To use this package a schema must be granted the policy_DBA role.
Enables policy-specific auditing. Audit records capture Oracle OLS administrative actions and the use of Oracle Label Security privileges
that were used during logons, DML executions, and trusted stored procedure invocations
sa_audit_admin.audit(
policy_name IN VARCHAR2,
users IN VARCHAR2 DEFAULT NULL,
audit_option IN VARCHAR2 DEFAULT NULL,
audit_type IN VARCHAR2 DEFAULT NULL, -- options 'BY ACCESS' or 'BY SESSION'
success IN VARCHAR2 DEFAULT NULL); -- options 'SUCCESSFUL' or 'NOT SUCCESSFUL'
Audit Options
Option
Description
APPLY
Audits application of specified Oracle Label Security policies to tables and schemas
PRIVILEGES
Audits use of all policy-specific privileges
REMOVE
Audits removal of specified Oracle Label Security policies from tables and schemas
SET
Audits the setting of user authorizations, and user and program privileges
Undocumented but identical in function to AUDIT_LABEL_ENABLED, above, except that it returns an integer value and the function can be incorporated into SQL statements
sa_audit_admin.audit_label_enabled_sql(policy_name IN VARCHAR2)
RETURN BINARY_INTEGER;
SELECT sa_audit_admin.audit_label_enabled_sql('DATA_ACCESS')
FROM dual;