Oracle SA_UTL
Version 21c

General Information
Library Note Morgan's Library Page Header
ACE Director Alum Daniel Morgan, founder of Morgan's Library, is scheduling complimentary technical Workshops on Database Security for the first 30 Oracle Database customers located anywhere in North America, EMEA, LATAM, or APAC that send an email to asra_us@oracle.com. Request a Workshop for your organization today.
Purpose Contains utility functions and procedures that are used in PL/SQL programs.
AUTHID DEFINER
Dependencies
CREATE_OR_FETCH_ILABEL NUMERIC_DOMINATES OLS$LAB
DBMS_MACOLS NUMERIC_GREATEST_LBOUND OLS$LAB_LIBT
DBMS_MACOLS_SESSION NUMERIC_LABEL_TO_CHAR OLS$SESSION_LIBT
LBAC$SA NUMERIC_LABEL_TO_LBAC OLS_LABEL_DOMINATES
LBAC$SA_LABELS NUMERIC_LEAST_UBOUND SA_SESSION
LBAC_CACHE NUMERIC_MERGE_LABEL SA_USER_ADMIN
LBAC_LABEL NUMERIC_STRICTLY_DOMINATED_BY SA_USER_ADMIN_INT
LBAC_STANDARD NUMERIC_STRICTLY_DOMINATES TO_NUMERIC_LABEL
NUMERIC_DOMINATED_BY    
Documented Yes:Partial
First Available 10.1
Security Model Owned by LBACSYS with EXECUTE granted to PUBLIC and DVSYS.
Source {ORACLE_HOME}/rdbms/admin/prvtolsdd.plb
Subprograms
 
CHECK_LABEL_CHANGE
Checks if the user can change the data label for a policy protected table row

Overload 1
sa_utl.check_label_change(
policy_name IN VARCHAR2,
old_label   IN NUMBER,
new_label   IN NUMBER)
RETURN NUMBER;
set serveroutput on
BEGIN
  IF sa_utl.check_label_change('DATA_ACCESS', 111, 211) = 1 THEN
    dbms_output.put_line('Data label can be altered in policy-protected rows');
  ELSE
    dbms_output.put_line('Data label can not be altered in policy-protected rows');
  END IF;
END;
/
Overload 2 sa_utl.check_label_change(
policy_name IN VARCHAR2,
old_label   IN XMLTYPE,
new_label   IN XMLTYPE)
RETURN NUMBER;
TBD
 
CHECK_READ
Checks if the user can read a policy-protected table row

Overload 1
sa_utl.check_read(
policy_name IN VARCHAR2,
label       IN NUMBER)
RETURN NUMBER;
set serveroutput on

BEGIN
  IF sa_utl.check_read('DATA_ACCESS',211) = 1 THEN
    dbms_output.put_line('Policy-protected rows can be read');
  ELSE
    dbms_output.put_line('Policy-protected rows cannot be read');
  END IF;
END;
/
Overload 2 sa_utl.check_read(
policy_name IN VARCHAR2,
label       IN XMLTYPE)
RETURN NUMBER;
TBD
 
CHECK_WRITE
Checks if the user can insert, update, or delete data in a policy protected table row

Overload 1
sa_utl.check_write(
policy_name IN VARCHAR2,
label       IN NUMBER)
RETURN NUMBER;
set serveroutput on

BEGIN
  IF sa_utl.check_write('DATA_ACCESS',211) = 1 THEN
    dbms_output.put_line('Policy-protected rows can be read');
  ELSE
    dbms_output.put_line('Policy-protected rows cannot be read');
  END IF;
END;
/
Overload 2 sa_utl.check_write(
policy_name IN VARCHAR2,
label       IN XMLTYPE)
RETURN NUMBER;
TBD
 
DATA_LABEL
Returns TRUE if the label is a data label

Overload 1
sa_utl.data_label(label IN BINARY_INTEGER) RETURN BOOLEAN;
DECLARE
 testVal BINARY_INTEGER := 111;
BEGIN
  IF sa_utl.data_label(testVal) THEN
    dbms_output.put_line(TO_CHAR(testVal) || 'is a valid data label');
  ELSE
    dbms_output.put_line(TO_CHAR(testVal) || 'is not a valid data label');
  END IF;
END;
/
Overload 2 sa_utl.data_label(label IN XMLTYPE) RETURN BOOLEAN;
TBD
 
DOMINATED_BY
Returns TRUE if label1 is dominated by label2

Overload 1
sa_utl.dominated_by(
label1 IN BINARY_INTEGER,
label2 IN BINARY_INTEGER)
RETURN BOOLEAN;
set serveroutput on

BEGIN
  IF sa_util.dominated_by(111, 211) THEN
    dbms_output.put_line('Label 111 is dominated by label 211');
  ELSE
    dbms_output.put_line('Label 211 is not dominated label 111');
  END IF;
END;
/
Overload 2 sa_utl.dominated_by(
label1 IN XMLTYPE,
label2 IN XMLTYPE)
RETURN BOOLEAN;
TBD
 
DOMINATES
Returns TRUE if label1 dominates label2 or if the session label for the given OLS policy dominates label 2

Overload 1
sa_utl.dominates(
label1 IN BINARY_INTEGER,
label2 IN BINARY_INTEGER)
RETURN BOOLEAN;
set serveroutput on

BEGIN
  IF sa_util.dominates(111, 211) THEN
    dbms_output.put_line('Label 111 dominates label 211');
  ELSE
    dbms_output.put_line('Label 211 dominates label 111');
  END IF;
END;
/
Overload 2 sa_utl.dominates(
label1 IN XMLTYPE,
label2 IN XMLTYPE)
RETURN BOOLEAN;
TBD
Returns TRUE if the label tested is the dominant label

Overload 3
sa_utl.dominates(
policy_name IN VARCHAR2,
label       IN VARCHAR2)
RETURN BOOLEAN;
set serveroutput on

BEGIN
  IF sa_utl.dominates('DATA_ACCESS', 111) THEN
    dbms_output.put_line('Label 111 is the dominate label');
  ELSE
    dbms_output.put_line('Label 111 is not the dominate label');
  END IF;
END;
/
 
GREATEST_LBOUND
Returns a label that is the greatest lower bound of the two label arguments

Overload 1
sa_utl.greatest_lbound(
label1 IN NUMBER,
label2 IN NUMBER)
RETURN NUMBER;
exec sa_utl.greatest_lbound(111, 211)
FROM dual;
Overload 2 sa_utl.greatest_lbound(
label1 IN XMLTYPE,
label2 IN XMLTYPE)
RETURN NUMBER;
TBD
 
LABEL
Returns the current session label sa_utl.label(policy_name IN VARCHAR2) RETURN XMLTYPE;
SELECT sa_utl.label('DATA_ACCESS')
FROM dual;
 
LBAC_READ_LABEL
Undocumented sa_utl.lbac_read_label(policy_name IN VARCHAR2) RETURN XMLTYPE;
SELECT sa_utl.lbac_read_label('DATA_ACCESS')
FROM dual;
 
LBAC_ROW_LABEL
Undocumented sa_utl.lbac_row_label(policy_name IN VARCHAR2) RETURN XMLTYPE;
SELECT sa_utl.lbac_row_label('DATA_ACCESS')
FROM dual;
 
LBAC_WRITE_LABEL
Undocumented sa_utl.lbac_write_label(policy_name IN VARCHAR2) RETURN XMLTYPE;
SELECT sa_utl.lbac_write_label('DATA_ACCESS')
FROM dual;
 
LEAST_UBOUND
Returns a label that is the least upper bound of the label arguments

Overload 1
sa_utl.least_ubound(
label1 IN NUMBER,
label2 IN NUMBER)
RETURN NUMBER;
SELECT sa_utl.least_ubound(111, 211)
FROM dual;
Overload 2 sa_utl.least_ubound(
label1 IN XMLTYPE,
label2 IN XMLTYPE)
RETURN XMLTYPE;
TBD
 
MERGE_LABEL
Undocumented

Overload 1
sa_utl.merge_label(
label1       IN NUMBER,
label2       IN NUMBER,
merge_format IN VARCHAR2)
RETURN NUMBER;
TBD
Overload 2 sa_utl.merge_label(
label1       IN XMLTYPE,
label2       IN XMLTYPE,
merge_format IN VARCHAR2)
REUTRN XMLTYPE;
TBD
 
NUMERIC_LABEL
Returns the current session label sa_utl.numeric_label(policy_name IN VARCHAR2) RETURN BINARY_INTEGER;
SELECT sa_utl.numeric_label('DATA_ACCESS')
FROM dual;
 
NUMERIC_READ_LABEL
Returns the current session read label sa_utl.numeric_read_label(policy_name IN VARCHAR2) RETURN BINARY_INTEGER;
SELECT sa_utl.numeric_read_label('DATA_ACCESS')
FROM dual;
 
NUMERIC_ROW_LABEL
Returns the current row label sa_utl.numeric_row_label(policy_name IN VARCHAR2) RETURN BINARY_INTEGER;
SELECT sa_utl.numeric_row_label('DATA_ACCESS')
FROM dual;
 
NUMERIC_WRITE_LABEL
Returns the current session write label sa_utl.numeric_write_label(policy_name IN VARCHAR2) RETURN BINARY_INTEGER;
SELECT sa_utl.numeric_write_label('DATA_ACCESS')
FROM dual;;
 
SET_LABEL
Sets the label of the current database session

Overload 1
sa_utl.set_label(policy_name IN VARCHAR2) RETURN BINARY_INTEGER;
SELECT sa_utl.set_label('DATA_ACCESS')
FROM dual;
Overload 2 sa_utl.set_label(policy_name IN VARCHAR2) RETURN XMLTYPE;
TBD
 
SET_ROW_LABEL
Set the row label of the current database session

Overload 1
sa_utl.set_row_label(policy_name IN VARCHAR2) RETURN BINARY_INTEGER;
exec sa_utl.set_row_label('DATA_ACCESS')
FROM dual;
Overload 2 sa_utl.set_row_label(policy_name IN VARCHAR2) RETURN XMLTYPE;
TBD
 
STRICTLY_DOMINATED_BY
Returns TRUE if label1 is dominated by label2 and is not equal to it

Overload 1
sa_utl.strictly_dominated_by(
label1 IN BINARY_INTEGER,
label2 IN BINARY_INTEGER)
RETURN BOOLEAN;
set serveroutput on

BEGIN
  IF sa_util.strictly_dominated_by(111, 211) THEN
    dbms_output.put_line('Label 111 dominates label 211');
  ELSE
    dbms_output.put_line('Label 211 dominates label 111');
  END IF;
END;
/
Overload 2 sa_utl.strictly_dominated_by(
label1 IN XMLTYPE,
label2 IN XMLTYPE)
RETURN BOOLEAN;
TBD
 
STRICTLY_DOMINATES
Returns TRUE if label1 dominates label2 and is not equal to it

Overload 1
sa_utl.strictly_dominates(
label1 IN BINARY_INTEGER,
label2 IN BINARY_INTEGER)
RETURN BOOLEAN;
set serveroutput on

BEGIN
  IF sa_util.strictly_dominates(111, 211) THEN
    dbms_output.put_line('Label 111 dominates label 211');
  ELSE
    dbms_output.put_line('Label 211 dominates label 111');
  END IF;
END;
/
Overload 2 sa_utl.strictly_dominates(
label1 IN XMLTYPE,
label2 IN XMLTYPE)
RETURN BOOLEAN;
TBD

Related Topics
Built-in Functions
Built-in Packages
Database Security
LBAC$SA_LABELS
LBAC_EVENTS
LBAC_EXP
LBAC_POLICY_ADMIN
LBAC_POLICY_ADMIN_INT
LBAC_SESSION
LBAC_STANDARD
LBAC_SYSDBA
OLS$DATAPUMP
OLS_DIP_NTFY
OLS_ENFORCEMENT
OLS_UTIL_WRAPPER
Oracle Label Security (OLS)
SA_AUDIT_ADMIN
SA_COMPONENTS
SA_LABEL_ADMIN
SA_POLICY_ADMIN
SA_SYSDBA
SA_USER_ADMIN
TO_LABEL_LIST
What's New In 21c
What's New In 23c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2023 Daniel A. Morgan All Rights Reserved
  DBSecWorx