没有合适的资源?快使用搜索试试~ 我知道了~
Oracle Label Security Administrator’s Guide Release 2 (9.2)
需积分: 1 0 下载量 103 浏览量
2023-04-07
14:15:55
上传
评论
收藏 1.88MB PDF 举报
温馨提示
试读
306页
Oracle Label Security Administrator’s Guide Release 2 (9.2)
资源推荐
资源详情
资源评论
Oracle Label Security
Administrator’s Guide
Release 2 (9.2)
March 2002
Part No. A96578-01
Oracle Label Security Administrator’s Guide, Release 2 (9.2)
Part No. A96578-01
Copyright © 2000, 2002 Oracle Corporation. All rights reserved.
Author: Jeff Levinger
Contributing Author: Rita Moran
Contributors: Paul Needham, Rae Burns, Gary Murphy, Patrick Sack, Vikram Pesati, Shiu Wong,
Ramprasad Sripada, Krishnamurthy Raghuraman, Douglas Kemp, Srvidya Tata
Graphic Designer: Valarie Moore
The Programs (which include both the software and documentation) contain proprietary information of
Oracle Corporation; they are provided under a license agreement containing restrictions on use and
disclosure and are also protected by copyright, patent and other intellectual and industrial property
laws. Reverse engineering, disassembly or decompilation of the Programs, except to the extent required
to obtain interoperability with other independently created software or as specified by law, is prohibited.
The information contained in this document is subject to change without notice. If you find any problems
in the documentation, please report them to us in writing. Oracle Corporation does not warrant that this
document is error-free. Except as may be expressly permitted in your license agreement for these
Programs, no part of these Programs may be reproduced or transmitted in any form or by any means,
electronic or mechanical, for any purpose, without the express written permission of Oracle Corporation.
If the Programs are delivered to the U.S. Government or anyone licensing or using the programs on
behalf of the U.S. Government, the following notice is applicable:
Restricted Rights Notice Programs delivered subject to the DOD FAR Supplement are "commercial
computer software" and use, duplication, and disclosure of the Programs, including documentation,
shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement.
Otherwise, Programs delivered subject to the Federal Acquisition Regulations are "restricted computer
software" and use, duplication, and disclosure of the Programs shall be subject to the restrictions in FAR
52.227-19, Commercial Computer Software - Restricted Rights (June, 1987). Oracle Corporation, 500
Oracle Parkway, Redwood City, CA 94065.
The Programs are not intended for use in any nuclear, aviation, mass transit, medical, or other inherently
dangerous applications. It shall be the licensee's responsibility to take all appropriate fail-safe, backup,
redundancy, and other measures to ensure the safe use of such applications if the Programs are used for
such purposes, and Oracle Corporation disclaims liability for any damages caused by such use of the
Programs.
Oracle is a registered trademark, and Oracle8i, Oracle9i, Oracle Store, PL/SQL, and SQL*Plus are
trademarks or registered trademarks of Oracle Corporation. Other names may be trademarks of their
respective owners.
iii
Contents
Send Us Your Comments................................................................................................................ xvii
Preface.......................................................................................................................................................... xix
Audience ................................................................................................................................................ xx
Organization.......................................................................................................................................... xx
Related Documentation ..................................................................................................................... xxii
Conventions........................................................................................................................................ xxiii
Documentation Accessibility ........................................................................................................... xxvi
1 Introduction to Oracle Label Security
Computer Security and Data Access Controls.............................................................................. 1-2
Introduction to Computer Security............................................................................................ 1-2
Oracle Label Security and Security Standards......................................................................... 1-3
Security Policies............................................................................................................................ 1-3
Access Control............................................................................................................................... 1-4
Discretionary Access Control .............................................................................................. 1-4
Label-Based Access Control................................................................................................. 1-5
How Label-Based Access Control Works with Discretionary Access Control............. 1-5
Oracle Label Security Architecture ................................................................................................. 1-6
Oracle9i Enterprise Edition: Virtual Private Database Technology...................................... 1-6
Oracle Label Security: An Out-of-the-Box VPD Policy........................................................... 1-7
Features of Oracle Label Security.................................................................................................... 1-8
Overview of Oracle Label Security Policy Functionality........................................................ 1-9
Label Policy Framework Features............................................................................................ 1-10
iv
Data Labels ........................................................................................................................... 1-10
Label Authorizations........................................................................................................... 1-11
Policy Privileges................................................................................................................... 1-11
Policy Enforcement Options .............................................................................................. 1-11
Summary: Four Aspects of Label-Based Row Access.................................................... 1-12
Auditing Features....................................................................................................................... 1-12
Oracle Label Security Distributed Capabilities...................................................................... 1-12
2 Understanding Data Labels and User Labels
Introduction to Label-Based Security ............................................................................................. 2-2
Label Components.............................................................................................................................. 2-3
Label Component Definitions and Valid Characters .............................................................. 2-3
Levels.............................................................................................................................................. 2-4
Compartments............................................................................................................................... 2-6
Groups............................................................................................................................................ 2-8
Industry Examples of Levels, Compartments, and Groups................................................. 2-10
Label Syntax and Type..................................................................................................................... 2-11
How Data Labels and User Labels Work Together..................................................................... 2-12
Administering Labels....................................................................................................................... 2-14
3 Understanding Access Controls and Privileges
Introduction to Access Mediation.................................................................................................... 3-2
Understanding Session Label and Row Label.............................................................................. 3-3
The Session Label.......................................................................................................................... 3-3
The Row Label............................................................................................................................... 3-3
Session Label Example................................................................................................................. 3-4
Understanding User Authorizations............................................................................................... 3-5
Authorizations Set by the Administrator.................................................................................. 3-5
Authorized Levels ................................................................................................................. 3-6
Authorized Compartments.................................................................................................. 3-7
Authorized Groups ............................................................................................................... 3-8
Computed Session Labels............................................................................................................ 3-9
How Labels Are Evaluated for Access Mediation...................................................................... 3-10
Introduction to Read/Write Access......................................................................................... 3-10
Difference Between Read and Write Operations............................................................ 3-10
v
Propagation of Read/Write Authorizations on Groups................................................ 3-11
The Oracle Label Security Algorithm for Read Access......................................................... 3-13
The Oracle Label Security Algorithm for Write Access........................................................ 3-15
Using Oracle Label Security Privileges........................................................................................ 3-18
Privileges Defined by Oracle Label Security Policies............................................................ 3-18
Special Access Privileges........................................................................................................... 3-19
READ..................................................................................................................................... 3-19
FULL...................................................................................................................................... 3-19
COMPACCESS .................................................................................................................... 3-20
PROFILE_ACCESS.............................................................................................................. 3-21
Special Row Label Privileges.................................................................................................... 3-22
WRITEUP ............................................................................................................................. 3-22
WRITEDOWN ..................................................................................................................... 3-22
WRITEACROSS................................................................................................................... 3-22
System Privileges, Object Privileges, and Policy Privileges................................................. 3-23
Access Mediation and Views.................................................................................................... 3-23
Access Mediation and Program Unit Execution.................................................................... 3-24
Access Mediation and Policy Enforcement Options ............................................................. 3-25
Multiple Oracle Label Security Policies....................................................................................... 3-26
Multiple Oracle Label Security Policies in a Single Database....................................... 3-26
Multiple Oracle Label Security Policies in a Distributed Environment...................... 3-26
4 Working with Labeled Data
The Policy Label Column and Label Tags ..................................................................................... 4-2
The Policy Label Column ............................................................................................................ 4-2
Hiding the Policy Label Column......................................................................................... 4-2
Example 1: Numeric Column Datatype (NUMBER)........................................................ 4-3
Example 2: Numeric Column Datatype with Hidden Column...................................... 4-3
Label Tags...................................................................................................................................... 4-4
Manually Defining Label Tags to Order Labels................................................................ 4-4
Manually Defining Label Tags to Manipulate Data......................................................... 4-5
Automatically Generated Label Tags................................................................................. 4-6
Presenting the Label........................................................................................................................... 4-7
Converting a Character String to a Label Tag, with CHAR_TO_LABEL ............................ 4-7
Converting a Label Tag to a Character String, with LABEL_TO_CHAR ............................ 4-8
剩余305页未读,继续阅读
资源评论
rocazj
- 粉丝: 9
- 资源: 726
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 计科11班未参与实习认知名单.xlsx
- Java 使用回溯法解决01背包问题(含算法原理和代码)
- 毕业答辩模板2016超值实用黑板风毕业论文答辩模版
- 大学生创新创业的心得.doc
- MMDF3N06HDR2G-VB一款SOP8封装2个N-Channel场效应MOS管
- 毕业答辩模板2016超值实用黑板风毕业论文答辩模版(赠手绘图表)
- 毕业答辩模板(中文版式)黑白风毕业论文答辩通用PPT模板B-14
- MMDF3N04HDR2G-VB一款SOP8封装2个N-Channel场效应MOS管
- MMDF3301-VB一款SOP8封装2个P-Channel场效应MOS管
- 毕业答辩模板(医药专业)红色医药论文答辩模板
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功