Oracle SA_UTL
Version 20c

General Information
Library Note Morgan's Library Page Header
Which has the higher priority in your organization: Deploying a new database or securing the ones you already have? Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Purpose Contains utility functions and procedures that are used in PL/SQL programs.
AUTHID DEFINER
Dependencies
CREATE_OR_FETCH_ILABEL NUMERIC_DOMINATED_BY NUMERIC_STRICTLY_DOMINATES
DBMS_MACOLS NUMERIC_DOMINATES OLS$LAB
DBMS_MACOLS_SESSION NUMERIC_GREATEST_LBOUND OLS$LAB_LIBT
LBAC$SA NUMERIC_LABEL_TO_CHAR OLS$SESSION_LIBT
LBAC$SA_LABELS NUMERIC_LABEL_TO_LBAC OLS_LABEL_DOMINATES
LBAC_CACHE NUMERIC_LEAST_UBOUND SA_SESSION
LBAC_LABEL NUMERIC_MERGE_LABEL SA_USER_ADMIN
LBAC_STANDARD NUMERIC_STRICTLY_DOMINATED_BY TO_NUMERIC_LABEL
Documented Yes:Partial
First Available 10.1
Security Model Owned by LBACSYS with no privileges granted.
Source {ORACLE_HOME}/rdbms/admin/prvtolsdd.plb
Subprograms
 
CHECK_LABEL_CHANGE
Checks if the user can change the data label for a policy protected table row

Overload 1
sa_utl.check_label_change(
policy_name IN VARCHAR2,
old_label   IN NUMBER,
new_label   IN NUMBER)
RETURN NUMBER;
set serveroutput on
BEGIN
  IF sa_utl.check_label_change('DATA_ACCESS', 111, 211) = 1 THEN
    dbms_output.put_line('Data label can be altered in policy-protected rows');
  ELSE
    dbms_output.put_line('Data label can not be altered in policy-protected rows');
  END IF;
END;
/
Overload 2 sa_utl.check_label_change(
policy_name IN VARCHAR2,
old_label   IN XMLTYPE,
new_label   IN XMLTYPE)
RETURN NUMBER;
TBD
 
CHECK_READ
Checks if the user can read a policy-protected table row

Overload 1
sa_utl.check_read(
policy_name IN VARCHAR2,
label       IN NUMBER)
RETURN NUMBER;
set serveroutput on

BEGIN
  IF sa_utl.check_read('DATA_ACCESS',211) = 1 THEN
    dbms_output.put_line('Policy-protected rows can be read');
  ELSE
    dbms_output.put_line('Policy-protected rows cannot be read');
  END IF;
END;
/
Overload 2 sa_utl.check_read(
policy_name IN VARCHAR2,
label       IN XMLTYPE)
RETURN NUMBER;
TBD
 
CHECK_WRITE
Checks if the user can insert, update, or delete data in a policy protected table row

Overload 1
sa_utl.check_write(
policy_name IN VARCHAR2,
label       IN NUMBER)
RETURN NUMBER;
set serveroutput on

BEGIN
  IF sa_utl.check_write('DATA_ACCESS',211) = 1 THEN
    dbms_output.put_line('Policy-protected rows can be read');
  ELSE
    dbms_output.put_line('Policy-protected rows cannot be read');
  END IF;
END;
/
Overload 2 sa_utl.check_write(
policy_name IN VARCHAR2,
label       IN XMLTYPE)
RETURN NUMBER;
TBD
 
DATA_LABEL
Returns TRUE if the label is a data label

Overload 1
sa_utl.data_label(label IN BINARY_INTEGER) RETURN BOOLEAN;
DECLARE
 testVal BINARY_INTEGER := 111;
BEGIN
  IF sa_utl.data_label(testVal) THEN
    dbms_output.put_line(TO_CHAR(testVal) || 'is a valid data label');
  ELSE
    dbms_output.put_line(TO_CHAR(testVal) || 'is not a valid data label');
  END IF;
END;
/
Overload 2 sa_utl.data_label(label IN XMLTYPE) RETURN BOOLEAN;
TBD
 
DOMINATED_BY
Returns TRUE if label1 is dominated by label2

Overload 1
sa_utl.dominated_by(
label1 IN BINARY_INTEGER,
label2 IN BINARY_INTEGER)
RETURN BOOLEAN;
set serveroutput on

BEGIN
  IF sa_util.dominated_by(111, 211) THEN
    dbms_output.put_line('Label 111 is dominated by label 211');
  ELSE
    dbms_output.put_line('Label 211 is not dominated label 111');
  END IF;
END;
/
Overload 2 sa_utl.dominated_by(
label1 IN XMLTYPE,
label2 IN XMLTYPE)
RETURN BOOLEAN;
TBD
 
DOMINATES
Returns TRUE if label1 dominates label2 or if the session label for the given OLS policy dominates label 2

Overload 1
sa_utl.dominates(
label1 IN BINARY_INTEGER,
label2 IN BINARY_INTEGER)
RETURN BOOLEAN;
set serveroutput on

BEGIN
  IF sa_util.dominates(111, 211) THEN
    dbms_output.put_line('Label 111 dominates label 211');
  ELSE
    dbms_output.put_line('Label 211 dominates label 111');
  END IF;
END;
/
Overload 2 sa_utl.dominates(
label1 IN XMLTYPE,
label2 IN XMLTYPE)
RETURN BOOLEAN;
TBD
Returns TRUE if the label tested is the dominant label

Overload 3
sa_utl.dominates(
policy_name IN VARCHAR2,
label       IN VARCHAR2)
RETURN BOOLEAN;
set serveroutput on

BEGIN
  IF sa_utl.dominates('DATA_ACCESS', 111) THEN
    dbms_output.put_line('Label 111 is the dominate label');
  ELSE
    dbms_output.put_line('Label 111 is not the dominate label');
  END IF;
END;
/
 
GREATEST_LBOUND
Returns a label that is the greatest lower bound of the two label arguments

Overload 1
sa_utl.greatest_lbound(
label1 IN NUMBER,
label2 IN NUMBER)
RETURN NUMBER;
exec sa_utl.greatest_lbound(111, 211)
FROM dual;
Overload 2 sa_utl.greatest_lbound(
label1 IN XMLTYPE,
label2 IN XMLTYPE)
RETURN NUMBER;
TBD
 
LABEL
Returns the current session label sa_utl.label(policy_name IN VARCHAR2) RETURN XMLTYPE;
SELECT sa_utl.label('DATA_ACCESS')
FROM dual;
 
LBAC_READ_LABEL
Undocumented sa_utl.lbac_read_label(policy_name IN VARCHAR2) RETURN XMLTYPE;
SELECT sa_utl.lbac_read_label('DATA_ACCESS')
FROM dual;
 
LBAC_ROW_LABEL
Undocumented sa_utl.lbac_row_label(policy_name IN VARCHAR2) RETURN XMLTYPE;
SELECT sa_utl.lbac_row_label('DATA_ACCESS')
FROM dual;
 
LBAC_WRITE_LABEL
Undocumented sa_utl.lbac_write_label(policy_name IN VARCHAR2) RETURN XMLTYPE;
SELECT sa_utl.lbac_write_label('DATA_ACCESS')
FROM dual;
 
LEAST_UBOUND
Returns a label that is the least upper bound of the label arguments

Overload 1
sa_utl.least_ubound(
label1 IN NUMBER,
label2 IN NUMBER)
RETURN NUMBER;
SELECT sa_utl.least_ubound(111, 211)
FROM dual;
Overload 2 sa_utl.least_ubound(
label1 IN XMLTYPE,
label2 IN XMLTYPE)
RETURN XMLTYPE;
TBD
 
MERGE_LABEL
Undocumented

Overload 1
sa_utl.merge_label(
label1       IN NUMBER,
label2       IN NUMBER,
merge_format IN VARCHAR2)
RETURN NUMBER;
TBD
Overload 2 sa_utl.merge_label(
label1       IN XMLTYPE,
label2       IN XMLTYPE,
merge_format IN VARCHAR2)
REUTRN XMLTYPE;
TBD
 
NUMERIC_LABEL
Returns the current session label sa_utl.numeric_label(policy_name IN VARCHAR2) RETURN BINARY_INTEGER;
SELECT sa_utl.numeric_label('DATA_ACCESS')
FROM dual;
 
NUMERIC_READ_LABEL
Returns the current session read label sa_utl.numeric_read_label(policy_name IN VARCHAR2) RETURN BINARY_INTEGER;
SELECT sa_utl.numeric_read_label('DATA_ACCESS')
FROM dual;
 
NUMERIC_ROW_LABEL
Returns the current row label sa_utl.numeric_row_label(policy_name IN VARCHAR2) RETURN BINARY_INTEGER;
SELECT sa_utl.numeric_row_label('DATA_ACCESS')
FROM dual;
 
NUMERIC_WRITE_LABEL
Returns the current session write label sa_utl.numeric_write_label(policy_name IN VARCHAR2) RETURN BINARY_INTEGER;
SELECT sa_utl.numeric_write_label('DATA_ACCESS')
FROM dual;;
 
SET_LABEL
Sets the label of the current database session

Overload 1
sa_utl.set_label(policy_name IN VARCHAR2) RETURN BINARY_INTEGER;
SELECT sa_utl.set_label('DATA_ACCESS')
FROM dual;
Overload 2 sa_utl.set_label(policy_name IN VARCHAR2) RETURN XMLTYPE;
TBD
 
SET_ROW_LABEL
Set the row label of the current database session

Overload 1
sa_utl.set_row_label(policy_name IN VARCHAR2) RETURN BINARY_INTEGER;
exec sa_utl.set_row_label('DATA_ACCESS')
FROM dual;
Overload 2 sa_utl.set_row_label(policy_name IN VARCHAR2) RETURN XMLTYPE;
TBD
 
STRICTLY_DOMINATED_BY
Returns TRUE if label1 is dominated by label2 and is not equal to it

Overload 1
sa_utl.strictly_dominated_by(
label1 IN BINARY_INTEGER,
label2 IN BINARY_INTEGER)
RETURN BOOLEAN;
set serveroutput on

BEGIN
  IF sa_util.strictly_dominated_by(111, 211) THEN
    dbms_output.put_line('Label 111 dominates label 211');
  ELSE
    dbms_output.put_line('Label 211 dominates label 111');
  END IF;
END;
/
Overload 2 sa_utl.strictly_dominated_by(
label1 IN XMLTYPE,
label2 IN XMLTYPE)
RETURN BOOLEAN;
TBD
 
STRICTLY_DOMINATES
Returns TRUE if label1 dominates label2 and is not equal to it

Overload 1
sa_utl.strictly_dominates(
label1 IN BINARY_INTEGER,
label2 IN BINARY_INTEGER)
RETURN BOOLEAN;
set serveroutput on

BEGIN
  IF sa_util.strictly_dominates(111, 211) THEN
    dbms_output.put_line('Label 111 dominates label 211');
  ELSE
    dbms_output.put_line('Label 211 dominates label 111');
  END IF;
END;
/
Overload 2 sa_utl.strictly_dominates(
label1 IN XMLTYPE,
label2 IN XMLTYPE)
RETURN BOOLEAN;
TBD

Related Topics
LBAC_EXP
LBAC_POLICY_ADMIN
LBAC_SESSION
LBAC_STANDARD
LBAC_SYSDBA
OLS$DATAPUMP
OLS_DIP_NTFY
OLS_ENFORCEMENT
OLS_UTIL_WRAPPER
Oracle Label Security (OLS)
SA_AUDIT_ADMIN
SA_COMPONENTS
SA_LABEL_ADMIN
SA_POLICY_ADMIN
SA_SYSDBA
SA_USER_ADMIN
TO_LABEL_LIST

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2019 Daniel A. Morgan All Rights Reserved
  DBSecWorx