Home > Developer > Oracle

Application of Oracle Mandatory Access Control Model

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

The following articles mainly introduce the comparison policies of the Oracle mandatory access control model and the actual application. If you are interested in the actual operations, the following articles will provide you with relevant knowledge. I hope you will gain some benefits.

(1) user security mark

You can specify the access permission when you grant a security flag to a user.

 
 
    
  
  
  1. GRANT SECURITY LABEL DataAccess.ManagerLabel TO USER JOE FOR READ ACCESS; 
    2.

Three ACCESS permissions are available: read access, write access, and all access. If the read/write security tag exists at the same time, the following conditions must be met: the value of the array-type component, the two security tags must be the same; the value of the Set-type component, the write access permission security tag must be included in the read Oracle mandatory access permission security tag; the value of the tree type component, the write access permission security tag must be the same as the Read access permission security tag or its child nodes.

One user can be granted multiple security tags, but only one read permission security tag and one write Oracle mandatory access permission security tag can be granted to the tags in a security policy.

(2) Row-level security mark

Use security tags to protect tables at the row level.

The following is a reference clip:

 
 
    
  
  
  1. CREATE TABLE T1 (   
    2. 
  
  
  2. A DB2SECURITYLABEL,   
    3. 
  
  
  3. B INTEGER,   
    4. 
  
  
  4. C CHAR(5))   
    5. 
  
  
  5. SECURITY POLICY DataAccess  
    6.

DB2SECURITYLABEL is the type of label column, which is actually processed as VARBINARY (128) internally ). The hidden flag column is not null with default, and the DEFAULT value is the user's write security tag.

(3) column-level security tag

Use security tags to protect tables at the column level.

The following is a reference clip:

 
 
    
  
  
  1. CREATE TABLE T1 (   
    2. 
  
  
  2. A CHAR(8) SECURED WITH ManagerLabel,   
    3. 
  
  
  3. B INTEGER,   
    4. 
  
  
  4. C CHAR(5))   
    5. 
  
  
  5. SECURITY POLICY DataAccess  
    6.

(4) Table-level security tag

Label Security labels are actually implemented using column-level security labels.

The following is a reference clip:

 
 
    
  
  
  1. CREATE TABLE T1 (   
    2. 
  
  
  2. A CHAR(8) SECURED WITH ManagerLabel,   
    3. 
  
  
  3. B INTEGER SECURED WITH ManagerLabel,   
    4. 
  
  
  4. C CHAR(5) SECURED WITH ManagerLabel)   
    5. 
  
  
  5. SECURITY POLICY DataAccess  
    6.

Set the same security tag on all columns that Oracle enforces, and associate a table as a whole with a security tag, which saves the time overhead for comparing row-level security tags and storage space overhead.

Note: A table can only have one security policy, and only one security policy tag can be used for one column. A table can only have one row-level tag column.

Article by: http://www.programbbs.com/doc/class10-1.htm

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More