没有合适的资源?快使用搜索试试~ 我知道了~
Oracle Label Security Administrator’s Guide 11g Release 2 (11.2)
需积分: 5 0 下载量 43 浏览量
2023-06-18
10:29:22
上传
评论
收藏 4.5MB PDF 举报
温馨提示
试读
294页
Oracle Label Security Administrator’s Guide 11g Release 2 (11.2)-294
资源推荐
资源详情
资源评论
Oracle® Label Security
Administrator’s Guide
11g Release 2 (11.2)
E10745-04
August 2013
Oracle Label Security Administrator's Guide, 11g Release 2 (11.2)
E10745-04
Copyright © 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Primary Author: Sumit Jeloka
Contributor: Peter Wahl, Paul Needham, Vikram Pesati, Srividya Tata, Chi Ching Chui, Digvijay
Sirmukaddam, Hozefa Palitanawala, Pat Huey, Manoj Kamani, Kamal Tbeileh, Lakshmi Kethana
This software and related documentation are provided under a license agreement containing restrictions on
use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your
license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license,
transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse
engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is
prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it
on behalf of the U.S. Government, the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software,
any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users
are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and
agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and
adaptation of the programs, including any operating system, integrated software, any programs installed on
the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to
the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management
applications. It is not developed or intended for use in any inherently dangerous applications, including
applications that may create a risk of personal injury. If you use this software or hardware in dangerous
applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other
measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages
caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of
their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks
are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD,
Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced
Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information on content, products,
and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly
disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle
Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your
access to or use of third-party content, products, or services.
iii
Contents
Preface............................................................................................................................................................... xix
Audience..................................................................................................................................................... xix
Documentation Accessibility................................................................................................................... xix
Related Documentation............................................................................................................................ xx
Conventions ............................................................................................................................................... xx
Part I
1 Introduction to Oracle Label Security
Computer Security and Data Access Controls.................................................................................... 1-2
Oracle Label Security and Security Standards............................................................................... 1-3
Security Policies.................................................................................................................................. 1-3
Access Control.................................................................................................................................... 1-3
Discretionary Access Control.................................................................................................... 1-3
Oracle Label Security.................................................................................................................. 1-3
How Oracle Label Security Works with Discretionary Access Control ............................. 1-4
Oracle Label Security Architecture....................................................................................................... 1-4
Features of Oracle Label Security ......................................................................................................... 1-5
Overview of Oracle Label Security Policy Functionality ............................................................. 1-5
Oracle Enterprise Edition: VPD Technology.................................................................................. 1-6
Oracle Label Security: An Out-of-the-Box VPD ............................................................................ 1-7
Label Policy Features......................................................................................................................... 1-7
Data Labels................................................................................................................................... 1-8
Label Authorizations.................................................................................................................. 1-8
Policy Privileges.......................................................................................................................... 1-9
Policy Enforcement Options...................................................................................................... 1-9
Summary: Four Aspects of Label-Based Row Access............................................................ 1-9
Oracle Label Security Integration with Oracle Internet Directory................................................. 1-9
2 Understanding Data Labels and User Labels
Introduction to Label-Based Security................................................................................................... 2-1
Label Components................................................................................................................................... 2-2
Label Component Definitions and Valid Characters.................................................................... 2-2
Levels................................................................................................................................................... 2-3
Compartments.................................................................................................................................... 2-4
iv
Groups ................................................................................................................................................. 2-6
Industry Examples of Levels, Compartments, and Groups ........................................................ 2-7
Label Syntax and Type ............................................................................................................................ 2-8
How Data Labels and User Labels Work Together............................................................................ 2-9
Administering Labels........................................................................................................................... 2-11
3 Understanding Access Controls and Privileges
Introducing Access Mediation............................................................................................................... 3-1
Understanding Session Label and Row Label.................................................................................... 3-2
The Session Label............................................................................................................................... 3-2
The Row Label.................................................................................................................................... 3-3
Session Label Example ...................................................................................................................... 3-3
Understanding User Authorizations .................................................................................................... 3-4
Authorizations Set by the Administrator ....................................................................................... 3-4
Authorized Levels....................................................................................................................... 3-4
Authorized Compartments ....................................................................................................... 3-5
Authorized Groups..................................................................................................................... 3-6
Computed Session Labels................................................................................................................. 3-7
Evaluating Labels for Access Mediation ............................................................................................. 3-7
Introducing Read/Write Access...................................................................................................... 3-7
Difference Between Read and Write Operations ................................................................... 3-8
Propagation of Read/Write Authorizations on Groups....................................................... 3-8
The Oracle Label Security Algorithm for Read Access ................................................................ 3-9
The Oracle Label Security Algorithm for Write Access............................................................. 3-10
Using Oracle Label Security Privileges ........................................................................................... 3-12
Privileges Defined by Oracle Label Security Policies ........................................................... 3-12
Special Access Privileges ........................................................................................................... 3-12
READ......................................................................................................................................... 3-13
FULL .......................................................................................................................................... 3-13
COMPACCESS......................................................................................................................... 3-13
PROFILE_ACCESS .................................................................................................................. 3-14
Special Row Label Privileges ................................................................................................... 3-15
WRITEUP.................................................................................................................................. 3-15
WRITEDOWN.......................................................................................................................... 3-15
WRITEACROSS........................................................................................................................ 3-15
System Privileges, Object Privileges, and Policy Privileges ..................................................... 3-15
Access Mediation and Views......................................................................................................... 3-16
Access Mediation and Program Unit Execution......................................................................... 3-16
Access Mediation and Policy Enforcement Options.................................................................. 3-17
Working with Multiple Oracle Label Security Policies................................................................. 3-18
Multiple Oracle Label Security Policies in a Single Database .................................................. 3-18
Multiple Oracle Label Security Policies in a Distributed Environment.................................. 3-18
Part II Using Oracle Label Security Functionality
v
4 Getting Started with Oracle Label Security
Installing OLS and Enabling the LBACSYS User ............................................................................. 4-1
Creating an OLS Policy........................................................................................................................... 4-3
Step 1: Creating the Policy................................................................................................................ 4-4
Step 2: Creating Label Components for the Policy........................................................................ 4-5
Step 3: Creating Data Labels for the Policy.................................................................................... 4-5
Step 4: Authorizing Users for the Policy......................................................................................... 4-6
Step 5: Applying the Policy to a Database Table........................................................................... 4-8
Step 6: Adding Policy Labels to Table Rows.................................................................................. 4-9
Creating a Sample OLS Policy............................................................................................................ 4-10
Step 1: Creating Users for the Oracle Label Security Example................................................. 4-11
Step 2: Creating the ACCESS_LOCATIONS Policy................................................................... 4-12
Step 3: Defining the ACCESS_LOCATIONS Policy-Level Components................................ 4-13
Step 4: Creating the ACCESS_LOCATIONS Policy Data Labels............................................. 4-13
Step 5: Creating the ACCESS_LOCATIONS Policy User Authorizations.............................. 4-14
Step 6: Applying the ACCESS_LOCATIONS Policy to the HR.LOCATIONS Table ........... 4-16
Step 7: Adding Policy Labels to Table Data................................................................................ 4-16
Step 8: Testing the ACCESS_LOCATIONS Policy..................................................................... 4-18
Step 9: Removing the Components for This Example (Optional)............................................ 4-18
5 Working with Labeled Data
The Policy Label Column and Label Tags........................................................................................... 5-1
The Policy Label Column.................................................................................................................. 5-1
Hiding the Policy Label Column.............................................................................................. 5-2
Example 1: Numeric Column Data Type (NUMBER)........................................................... 5-2
Example 2: Numeric Column Data Type with Hidden Column......................................... 5-2
Label Tags ........................................................................................................................................... 5-3
Manually Defining Label Tags to Order Labels..................................................................... 5-3
Manually Defining Label Tags to Manipulate Data .............................................................. 5-4
Automatically Generated Label Tags....................................................................................... 5-4
Assigning Labels to Data Rows............................................................................................................. 5-5
Presenting the Label ................................................................................................................................ 5-5
Converting a Character String to a Label Tag, with CHAR_TO_LABEL.................................. 5-5
Converting a Label Tag to a Character String, with LABEL_TO_CHAR.................................. 5-5
LABEL_TO_CHAR Examples .................................................................................................. 5-6
Retrieving All Columns from a Table When the Policy Label Column Is Hidden........... 5-7
Filtering Data Using Labels.................................................................................................................... 5-7
Using Numeric Label Tags in WHERE Clauses............................................................................ 5-7
Ordering Labeled Data Rows........................................................................................................... 5-8
Ordering by Character Representation of Label............................................................................ 5-8
Determining Upper and Lower Bounds of Labels........................................................................ 5-9
Finding Least Upper Bound with LEAST_UBOUND........................................................... 5-9
Finding Greatest Lower Bound with GREATEST_LBOUND.............................................. 5-9
Merging Labels with the MERGE_LABEL Function ................................................................. 5-10
Inserting Labeled Data......................................................................................................................... 5-11
Inserting Labels Using CHAR_TO_LABEL ................................................................................ 5-12
剩余293页未读,继续阅读
资源评论
weixin_40191861_zj
- 粉丝: 63
- 资源: 1万+
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 2015高中信息技术excel操作题及素材(精品文档).xls
- SW3518S全协议快充USB Type-c接口电源模块硬件参考设计评估版硬件(原理图 +pcb)+封装库文件.zip
- 基于深度强化学习算法实现多星对区域目标观测的规划python源码+数据集+模型+超详细注释.zip
- RT1052+SDRAM(IS42S16160) +SIM7600CE(PCIE接口封装)控制板硬件(原理图+PCB)+封装库
- 2017大学英语四级词汇-excel-列表版(精品文档).xls
- 2017版国家医保药品目录(excel版)完整版.xls
- 基于STM32F103单片机设计的无刷电机控制板硬件(原理图+PCB+BOM)+MCU软件控制源码+文档资料.zip
- 肺结节检测数据集VOC+YOLO格式1186张1类别.zip
- Faster-RCNN基于知识蒸馏的目标检测模型增量深度学习方法python源码+项目运行说明.zip
- 2018年考勤表——excel版.xls
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功