Scribd Logo
Upload

Welcome to Scribd!

  • Label Security

    Uploaded by

    Harry Prathama Yudha
    32 views4 pages
    The document describes the creation of a Oracle Label Security (OLS) policy named "ols_pol1". It creates label levels, data labels, applies the policy to a table, sets user authorizations, and alters the policy to enforce read control. It also creates a second policy "ACCESS_LOCATIONS" and defines label levels for it.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document describes the creation of a Oracle Label Security (OLS) policy named "ols_pol1". It creates label levels, data labels, applies the policy to a table, sets user authorizations, and alters the policy to enforce read control. It also creates a second policy "ACCESS_LOCATIONS" and defines label levels for it.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    32 views4 pages

    Label Security

    Uploaded by

    Harry Prathama Yudha
    The document describes the creation of a Oracle Label Security (OLS) policy named "ols_pol1". It creates label levels, data labels, applies the policy to a table, sets user authorizations, and alters the policy to enforce read control. It also creates a second policy "ACCESS_LOCATIONS" and defines label levels for it.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    BEGIN

    SA_SYSDBA.CREATE_POLICY(
    policy_name => 'ols_pol1',
    column_name => 'lb_col',
    default_options => 'no_control'
    );

    -- Create label component levels


    -- TOP_SECRET has the highest level of access
    SA_COMPONENTS.CREATE_LEVEL(
    policy_name => 'ols_pol1',
    level_num => 4,
    short_name => 'TS',
    long_name => 'top_secret'
    );

    SA_COMPONENTS.CREATE_LEVEL(
    policy_name => 'ols_pol1',
    level_num => 3,
    short_name => 'S',
    long_name => 'secret'
    );

    SA_COMPONENTS.CREATE_LEVEL(
    policy_name => 'ols_pol1',
    level_num => 2,
    short_name => 'C',
    long_name => 'confidential'
    );

    SA_COMPONENTS.CREATE_LEVEL(
    policy_name => 'ols_pol1',
    level_num => 1,
    short_name => 'UC',
    long_name => 'unclassified'
    );

    -- Create data labels


    SA_LABEL_ADMIN.CREATE_LABEL(
    policy_name => 'ols_pol1',
    label_tag => 40,
    label_value => 'TS',
    data_label => TRUE
    );

    SA_LABEL_ADMIN.CREATE_LABEL(
    policy_name => 'ols_pol1',
    label_tag => 30,
    label_value => 'S',
    data_label => TRUE
    );

    SA_LABEL_ADMIN.CREATE_LABEL(
    policy_name => 'ols_pol1',
    label_tag => 20,
    label_value => 'C',
    data_label => TRUE
    );
    SA_LABEL_ADMIN.CREATE_LABEL(
    policy_name => 'ols_pol1',
    label_tag => 10,
    label_value => 'UC',
    data_label => TRUE
    );

    -- Apply access_pol policy on table gov.flight


    SA_POLICY_ADMIN.APPLY_TABLE_POLICY(
    policy_name => 'ols_pol1',
    schema_name => 'gov',
    table_name => 'flight',
    table_options => null,
    label_function => null,
    predicate => null
    );

    -- Add user authorizations (i.e. clearance levels)


    SA_USER_ADMIN.SET_LEVELS(
    policy_name => 'ols_pol1',
    user_name => 'bob',
    max_level => 'S',
    min_level => 'UC',
    def_level => 'S',
    row_level => 'S'
    );

    SA_USER_ADMIN.SET_LEVELS(
    policy_name => 'ols_pol1',
    user_name => 'tim',
    max_level => 'UC',
    min_level => 'UC',
    def_level => 'UC',
    row_level => 'UC'
    );
    END;
    /

    BEGIN
    -- Now we change the policy to enfoce on read by first altering the policy
    -- and then removing and applying the policy again
    SA_SYSDBA.ALTER_POLICY(
    policy_name => 'ols_pol1',
    default_options => 'read_control, label_default'
    );

    SA_POLICY_ADMIN.REMOVE_TABLE_POLICY(
    policy_name => 'ols_pol1',
    schema_name => 'gov',
    table_name => 'flight',
    drop_column => false
    );

    SA_POLICY_ADMIN.APPLY_TABLE_POLICY(
    policy_name => 'ols_pol1',
    schema_name => 'gov',
    table_name => 'flight'
    );
    END;
    /

    BEGIN
    SA_USER_ADMIN.SET_USER_PRIVS(
    policy_name => 'ols_pol1',
    user_name => 'scott',
    privileges => 'READ'
    );
    END;
    /

    BEGIN
    SA_SESSION.SET_ROW_LABEL(
    policy_name => 'ols_pol1',
    label => 'UC'
    );
    END;
    /

    alter user "SCOTT" account unlock;

    conn sys as sysdba


    Password Admin12345;

    create role "EMP_ROLE" NOT IDENTIFIED;

    grant select on hr.LOCATIONS to emp_role;

    create user "SKING" identified by Admin12345 profile "DEFAULT" account unlock


    default tablespace "EXAMPLE" temporary tablespace "TEMP";

    grant emp_role to sking;


    grant CREATE SESSION to "SKING";
    create policy

    BEGIN
    SA_SYSDBA.CREATE_POLICY (
    policy_name => 'ACCESS_LOCATIONS',
    column_name => 'ols_col',
    default_options => 'read_control, update_control');
    END;

    Creating a Policy Level Component


    BEGIN
    SA_COMPONENTS.CREATE_LEVEL (
    policy_name => 'ACCESS_LOCATIONS',
    level_num => 3000,
    short_name => 'sens',
    long_name => 'SENSITIVE');
    END;

    Creating a Policy Level Component


    BEGIN
    SA_COMPONENTS.CREATE_LEVEL (
    policy_name => 'ACCESS_LOCATIONS',
    level_num => 40,
    short_name => 'HS',
    long_name => 'HIGHLY_SENSITIVE');
    END;

    SA_COMPONENTS.CREATE_LEVEL (
    policy_name IN VARCHAR2,
    level_num IN NUMBER(38),
    short_name IN VARCHAR2,
    long_name IN VARCHAR2);

    SA_COMPONENTS.DROP_COMPARTMENT
    BEGIN
    SA_COMPONENTS.DROP_COMPARTMENT (
    policy_name => 'hr_ols_pol',
    short_name => 'FIN');
    END;

    You might also like