Oracle LBAC_SYSDBA
Version 21c

General Information
Library Note Morgan's Library Page Header
Which has the higher priority in your organization: Deploying a new database or securing the ones you already have? Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Purpose Manages Oracle Label Security policies, such as creating, altering and or disabling.
AUTHID DEFINER
Dependencies
DBMS_ASSERT LBAC$USER_LIBT LBAC_UTL
DBMS_DATAPUMP LBAC_CACHE OLS$POL
DBMS_PRIV_CAPTURE LBAC_LGSTNDBY_UTIL OLS$POLT
DBMS_SQL LBAC_SERVICES OLS_UTIL_WRAPPER
DBMS_STANDARD LBAC_STANDARD SA_SYSDBA
Documented No
Exceptions
Error Code Reason
ORA-12458 Oracle Label Security not enabled
First Available 10.1
Policy Enforcement Options
ALL_CONTROL LABEL_DEFAULT READ_CONTROL
CHECK_CONTROL LABEL_UPDATE UPDATE_CONTROL
DELETE_CONTROL NO_CONTROL WRITE_CONTROL
INSERT_CONTROL    
Security Model Owned by LBACSYS with no privileges granted.
-- sys must perform the following

GRANT inherit privileges ON USER sys TO lbacsys;
GRANT lbac_dba to SYS;
Source {ORACLE_HOME}/rdbms/admin/prvtolsdd.plb
Subprograms
 
ALTER_POLICY
Alter an OLS policy lbac_sysdba.alter_policy(
policy_name     IN VARCHAR2,
default_options IN VARCHAR2,
column_name     IN VARCHAR2,
username        IN VARCHAR2,
create_policy   IN BOOLEAN);
exec lbac_sysdba.alter_policy('DATA_ACCESS', 'READ_CONTROL, DELETE_CONTROL', 'ID_CTRL', 'UWCLASS', FALSE);
 
CREATE_POLICY
Creates a new Label Security policy, defining a package and a policy-specific column name lbac_sysdba.create_policy(
policy_name IN VARCHAR2,
package     IN VARCHAR2,
column_name IN VARCHAR2,
username    IN VARCHAR2);
TBD
 
DISABLE_POLICY
Disable an OLS policy lbac_sysdba.disable_policy(policy_name IN VARCHAR2);
exec lbacsys.lbac_sysdba.disable_policy('DATA_ACCESS');
 
DROP_POLICY
Drop an OLS policy lbac_sysdba.drop_policy(
policy_name IN VARCHAR2,
drop_column IN BOOLEAN,
username    IN VARCHAR2);
exec lbacsys.lbac_sysdba.drop_policy('DATA_ACCESS', TRUE, 'UWCLASS');
 
ENABLE_POLICY
Enable an OLS policy lbac_sysdba.enable_policy(policy_name IN VARCHAR2);
exec lbacsys.lbac_sysdba.enable_policy('DATA_ACCESS');

Related Topics
LBAC_EVENTS
LBAC_EXP
LBAC_POLICY_ADMIN
LBAC_SESSION
LBAC_STANDARD
LBAC_SYSDBA
OLS$DATAPUMP
OLS_DIP_NTFY
OLS_ENFORCEMENT
OLS_UTIL_WRAPPER
Oracle Label Security (OLS)
SA_COMPONENTS
SA_LABEL_ADMIN
SA_SYSDBA
SA_USER_ADMIN
TO_LABEL_LIST
What's New In 19c
What's New In 20c-21c

Morgan's Library Page Footer
This site is maintained by Dan Morgan. Last Updated: This site is protected by copyright and trademark laws under U.S. and International law. © 1998-2019 Daniel A. Morgan All Rights Reserved
  DBSecWorx