Oracle SA_SESSION
Version 20c

General Information
Library Note Morgan's Library Page Header
Which has the higher priority in your organization: Deploying a new database or securing the ones you already have? Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Purpose Use this package to manages user name, levels, labels, and read and write permissions for the current session.

Note: This page has been posted prior to the GA release of 20c. It will be completed once we have access to the release version.
AUTHID DEFINER
Dependencies
ALL_SA_COMPARTMENTS ALL_SA_USER_LEVELS OLS$POL
ALL_SA_GROUPS ALL_SA_USER_PRIVS OLS$SESSINFO
ALL_SA_GROUP_HIERARCHY DBMS_MACOLS OLS$SESSION_LIBT
ALL_SA_LEVELS DBMS_MACOLS_SESSION OLS$USER_LEVELS
ALL_SA_POLICIES DBMS_STANDARD SA_UTL
ALL_SA_USERS LBAC_CACHE USER_SA_SESSION
ALL_SA_USER_COMPARTMENTS LBAC_LGSTNDBY_UTIL V_$INSTANCE
ALL_SA_USER_GROUPS LBAC_STANDARD V_$OPTION
ALL_SA_USER_LABELS OLS$LAB  
Documented Yes: In Label Security Administration doc
First Available 10.1
Security Model Owned by LBACSYS with no privileges granted.
Source {ORACLE_HOME}/rdbms/admin/prvtolsdd.plb
Subprograms
 
COMP_READ
Returns a comma-delimited list of compartments that the user is authorized to read sa_session.comp_read(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT * FROM all_sa_policies;

SELECT sa_session.comp_read('DATA_ACCESS')
FROM dual;
 
COMP_WRITE
Returns a comma-delimited list of compartments to which the user is authorized to write sa_session.comp_write(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT * FROM all_sa_policies;

SELECT sa_session.comp_write('DATA_ACCESS')
FROM dual;
 
GROUP_READ
Returns a comma-delimited list of groups that the user is authorized to read sa_session.group_read(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.group_read('DATA_ACCESS')
FROM dual;
 
GROUP_WRITE
Returns a comma-delimited list of groups that the user is authorized to write sa_session.group_write(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.group_write('DATA_ACCESS')
FROM dual;
 
LABEL
Returns the label associated with the specified policy for the current session sa_session.label(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.label('DATA_ACCESS')
FROM dual;
 
MAX_LEVEL
Returns the session's maximum authorized level sa_session.max_level(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.max_level('DATA_ACCESS')
FROM dual;
 
MAX_READ_LABEL
Returns the label string that was used to initialize the session's maximum authorized read label composed of the maximum level, compartments and groups authorized for read access sa_session.max_read_label(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.max_read_label('DATA_ACCESS')
FROM dual;
 
MAX_WRITE_LABEL
Returns the label string that was used to initialize the session's maximum authorized write label composed of the maximum level, compartments and groups authorized for write access sa_session.max_write_label(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.max_write_label('DATA_ACCESS')
FROM dual;
 
MIN_LEVEL
Returns the session's minimum authorized level sa_session.min_level(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.min_level('DATA_ACCESS')
FROM dual;
 
PRIVS
Returns the current session's privileges as a comma-delimited list sa_session.privs(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.privs('DATA_ACCESS')
FROM dual;
 
READ_LABEL
Undocumented sa_session.read_label(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.read_label('DATA_ACCESS')
FROM dual;
 
RESTORE_DEFAULT_LABELS
Restores session and row labels to match the values stored in the data dictionary by SA_SESSION.SET_LABEL sa_session.restore_default_labels(policy_name IN VARCHAR2);
exec sa_session.restore_default_labels(policy_name IN VARCHAR2);
 
ROW_LABEL
Returns the name of the row label that is associated with the policy for the current session sa_session.row_label(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.row_label('DATA_ACCESS')
FROM dual;
 
SAVE_DEFAULT_LABELS
Stores the current session label and row label as the session's initial session label and default row label. Permits changing defaults to reflect the current session label and row label. Saved labels are used as the initial default settings for future sessions. sa_session.save_default_labels(policy_name IN VARCHAR2);
exec sa_session.save_default_labels(policy_name IN VARCHAR2);
 
SA_USER_NAME
Returns the name of the OLS user as set by SET_ACCESS_PROFILE or as established at login. sa_session.sa_user_name(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.sa_user_name('DATA_ACCESS')
FROM dual;
 
SET_ACCESS_PROFILE
Sets session OLS authorizations and privileges to those of the specified user.

The session executing SET_ACCESS_PROFILE procedure must have the PROFILE_ACCESS privilege.
sa_session.set_access_profile(
poliy_name IN VARCHAR2,
user_name  IN VARCHAR2);
exec sa_session.set_access_profile('DATA_ACCESS’,sys_context('USERENV','EXTERNAL_NAME');

exec sa_session.set_access_profile('DATA_ACCESS’,sys_context('USERENV','PROXY_USER');

exec sa_session.set_access_profile('DATA_ACCESS’,sys_context('USERENV','CLIENT_IDENTIFIER');
 
SET_LABEL
Sets the label for the current session. Performs a function similar to SA_USER_ADMIN.SET_USER _LABELS sa_session.set_label(
policy_name IN VARCHAR2,
label       IN VARCHAR2);
exec sa_session.set_label('DATA_ACCESS', 'C::IA::IS');
 
SET_ROW_LABEL
Sets the row label for the current session. Performs a function similar to SA_USER_ADMIN.SET_USER _LABELS sa_session.set_row_label(
policy_name IN VARCHAR2,
label       IN VARCHAR2);
exec sa_session.set_row_label('DATA_ACCESS', 'P::OP::AO');
 
WRITE_LABEL
Sets the write label for the current session. Performs a function similar to SA_USER_ADMIN.SET_USER _LABELS sa_session.write_label(policy_name IN VARCHAR2) RETURN VARCHAR2;
SELECT sa_session.write_label('DATA_ACCESS')
FROM dual;

Related Topics
LBAC_EXP
LBAC_POLICY_ADMIN
LBAC_SESSION
LBAC_STANDARD
LBAC_SYSDBA
OLS$DATAPUMP
OLS_DIP_NTFY
OLS_ENFORCEMENT
OLS_UTIL_WRAPPER
Oracle Label Security (OLS)
SA_COMPONENTS
SA_LABEL_ADMIN
SA_SYSDBA
SA_USER_ADMIN
TO_LABEL_LIST

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2019 Daniel A. Morgan All Rights Reserved
  DBSecWorx