There are several terms involved, which can be explained as follows:
Policy: A security Policy. A security Policy is a set of level, compartment, group, and label.
Level: Level. This is the most basic security control Level and must be set.
Compartment: separated (not officially translated). It provides Level 2 security control and is optional.
Group: A Group (not officially translated). It provides Level 3 security control and is optional.
Label: Label, which is the security Label of each row. It must be set. The row can be accessed only when the tags assigned to the user are the same or of a higher level as the tags on the row.
1. Create Policy:
EXEC sa_sysdba.create_policy ('doc _ policy', 'doc _ label ');
2. Create Sensitivity Level:
EXEC sa_components.create_level ('doc _ policy', 1000, 'public', 'public level ');
EXEC sa_components.create_level ('doc _ policy', 2000, 'internal', 'internal ');
3. Separated by creation:
EXEC sa_components.create_compartment ('doc _ policy', 200, 'fin ', 'Finance ');
EXEC sa_components.create_compartment ('doc _ policy', 100, 'hr', 'human _ resource ');
4. Create group:
EXEC sa_components.create_group ('doc _ policy', 10, 'all', 'all _ regions ');
EXEC sa_components.create_group ('doc _ policy', 20, 'west', 'West _ REGION ', 'all ');
EXEC sa_components.create_group ('doc _ policy', 30, 'east', 'east _ REGION ', 'all ');
(Level: separated: Group) to form a tag (that is, a different tag is assigned to the data (Records) of users in a region of a department, that is, the number of tags, the same tag is assigned to the user)
5. Create tags:
EXEC sa_label_admin.create_label ('doc _ policy', '000000', 'public', TRUE );
EXEC sa_label_admin.create_label ('doc _ policy', '000000', 'Internal: HR: West', TRUE );
EXEC sa_label_admin.create_label ('doc _ policy', '000000', 'Internal: FIN: East', TRUE );
EXEC sa_label_admin.create_label ('doc _ policy', '000000', 'Internal: HR, FIN: all', TRUE );
7. Assign tags to users:
EXEC sa_user_admin.set_user_labels-
(Policy_name => 'doc _ policy '-
, User_name => 'test '-
, Max_read_label => 'internal: HR, FIN: all '-
, Max_write_label => 'internal: HR, FIN: all '-
, Min_write_label => 'public '-
, Def_label => 'internal: HR, FIN: all '-
, Row_label => 'public ');
EXEC sa_user_admin.set_user_labels-
(Policy_name => 'doc _ policy '-
, User_name => 'hr '-
, Max_read_label => 'internal: HR: West '-
, Max_write_label => 'internal: HR: West '-
, Min_write_label => 'public '-
, Def_label => 'internal: HR: West '-
, Row_label => 'public ');
EXEC sa_user_admin.set_user_labels-
(Policy_name => 'doc _ policy '-
, User_name => 'Scott '-
, Max_read_label => 'public '-
, Max_write_label => 'public '-
, Min_write_label => 'public '-
, Def_label => 'public '-
, Row_label => 'public ');
Insert into ts.doc ument VALUES (1, 'share _ WARE ', CHAR_TO_LABEL ('doc _ policy', 'public '));
Insert into ts.doc ument VALUES (2, 'West _ payroll', 20200 );
Insert into ts.doc ument VALUES (3, 'east _ sales', 20400 );
Insert into ts.doc ument VALUES (4, 'comp _ PAYROLL ', 30900 );
[Content navigation] |
Page 1st: Knowledge advanced: fully understand Oracle tag Security Testing |
Page 2nd: Knowledge advanced: fully understand Oracle tag Security Testing |