Oracle Label Securit Profile
Oracle Label Security is built into the database engine set of process conditions and constraints, this embodiment of the data engine on a single table or an entire pattern " OK " level access control. To take advantage of the Oracle the Label Security , you need to create one or more security policies, each of which contains a set of security policy label. You can use these tags to indicate which users can access what data type. After creating a policy, the policy applies to the need to protect the table and grant your users of these labels, so you complete the whole process. Oracle Label Security is transparent to modify the query, and the calculated level of access in real time to implement your new strategy. Oracle Label Security allows enterprises and government agencies will be able to have access to different data requirements (including government confidential data) integrated into a single database. It is based on application data and user access classification tags embodiment multilevel access control. With this powerful feature, users can in Oracle Database demand access to R & D projects, non-public financial information or health information related to sensitive data.
Oracle Label Security installation
First, use the following script to check the database instance is installed Oracle Label Security Components
col comp_name for a36;
col version for a30;
select comp_id, comp_name, version, status
from dba_registry
where comp_name='Oracle Label Security';
If you do not install Oracle Label Security component, you can use catols.sql create scripts Oracle Label Security user needs LBACSYS and database objects
@?/rdbms/admin/catols.sql
Script execution process may encounter " ORA-01 432: public synonym to BE dropped Total does not exist " error, this is a synonym for deletion does not exist, do not tangle. Can be ignored. Also, note that: after the script finishes performs shutdown immediate turn off data instance.
Oracle Label Security objects and validity checks
You can use the following script to check Oracle Label Security objects and object validity, as follows:
select object_type,object_name
from dba_objects
where owner='LBACSYS' and status='INVALID';
select object_type,count(*)
from dba_objects
where owner='LBACSYS' group by object_type;
卸载Oracle Label Security
卸载Oracle Label Security也仅需执行一个catnools.sql脚本即可。如下所示:
SQL> @?/rdbms/admin/catnools.sql
PL/SQL procedure successfully completed.
PL/SQL procedure successfully completed.
Trigger dropped.
Trigger dropped.
Trigger dropped.
PL/SQL procedure successfully completed.
PL/SQL procedure successfully completed.
User dropped.
2 rows deleted.
Commit complete.
SQL>