The following is a detailed description of Oracle label security compared to the Mandatory Access Control Model of Oracle Database and DM. If you are interested in the practical application of this aspect, the following articles will provide you with relevant information.
Security element
(1) Mark components
There are three different components: Level, grid, and group.
A) level)
Level is used to identify the sensitivity level of the data. The more sensitive the data is, the higher the level. Each level is composed of numbers and characters. The value range is 0-99.
Oracle Database creation-level stored procedures:
The following is a reference clip:
- PROCEDURE CREATE_LEVEL (
- policy_name IN VARCHAR2,
Policy Name
- level_num IN INTEGER,
Level number
- short_name IN VARCHAR2,
Short Name
- long_name IN VARCHAR2);
Long Name
B) lattice (compartment)
Cells are used for the sensitivity area of the data tag, and the cells have no level. The numbers and character forms of cells are similar to the level. The difference is that there is no sensitivity between cells. A grid can contain up to 10000 elements.
Storage process for creating cells:
The following is a reference clip:
- PROCEDURE CREATE_COMPARTMENT (
- policy_name IN VARCHAR2,
Oracle Database Policy Name
- comp_num IN INTEGER,
Grid number
- short_name IN VARCHAR2,
Short Name
- long_name IN VARCHAR2);
Long Name
C) group)
A group is used to identify the organizational structure that owns or accesses data. Tags of data belonging to the same department can have the same group. Groups are classified. You can use groups to identify data based on your organizational structure. A group can contain up to 10000 elements.
Stored Procedure for creating a group:
The following is a reference clip:
- PROCEDURE CREATE_GROUP (
- policy_name IN VARCHAR2,
Policy Name
- group_num IN INTEGER,
Group Number
- short_name IN VARCHAR2,
Short Name
- long_name IN VARCHAR2,
Long Name
- parent_name IN VARCHAR2 DEFAULT NULL);
Parent group name
(1) Policy
A policy must contain one level component. A policy can contain at most one level and one group of components.
Create a policy stored procedure:
- PROCEDURE CREATE_POLICY (
- policy_name IN VARCHAR2,
Oracle Database Policy Name
- column_name IN VARCHAR2 DEFAULT NULL,
The default name of the Flag column.
- default_options IN VARCHAR2 DEFAULT NULL);
Default options
(2) mark
Tag Syntax:
- LEVEL:COMPARTMENT1,...,COMPARTMENTn:GROUP1,...,GROUPn
The maximum length of a tag string is 4000 characters, including numbers, spaces, and underscores. The tag string is case-insensitive and displayed in uppercase/lowercase format.
When a valid tag is created, a numeric tag is associated with the tag string. This numeric identifier is stored in the table's tag column.
Create a tag stored procedure:
The following is a reference clip:
- PROCEDURE CREATE_LABEL (
- policy_name IN VARCHAR2,
Policy Name
- label_tag IN INTEGER,
Mark Number
- label_value IN VARCHAR2,
Tag Value
- data_label IN BOOLEAN DEFAULT TRUE);
Indicates whether it is a data mark.
Article by: http://www.programbbs.com/doc/class10-1.htm