What is the difference between mandatory access to Oracle databases and DM?

The following is a detailed description of Oracle label security compared to the Mandatory Access Control Model of Oracle Database and DM. If you are interested in the practical application of this aspect, the following articles will provide you with relevant information.

Security element

(1) Mark components

There are three different components: Level, grid, and group.

A) level)

Level is used to identify the sensitivity level of the data. The more sensitive the data is, the higher the level. Each level is composed of numbers and characters. The value range is 0-99.

Oracle Database creation-level stored procedures:

The following is a reference clip:

 
 

  
  
PROCEDURE CREATE_LEVEL (   
  
  
policy_name IN VARCHAR2, 
 
 

Policy Name

 
 

  
  
level_num IN INTEGER, 
 
 

Level number

 
 

  
  
short_name IN VARCHAR2, 
 
 

Short Name

 
 

  
  
long_name IN VARCHAR2); 
 
 

Long Name

B) lattice (compartment)

Cells are used for the sensitivity area of the data tag, and the cells have no level. The numbers and character forms of cells are similar to the level. The difference is that there is no sensitivity between cells. A grid can contain up to 10000 elements.

Storage process for creating cells:

The following is a reference clip:

 
 

  
  
PROCEDURE CREATE_COMPARTMENT (   
  
  
policy_name IN VARCHAR2, 
 
 

Oracle Database Policy Name

 
 

  
  
comp_num IN INTEGER,  
 
 

Grid number

 
 

  
  
short_name IN VARCHAR2,  
 
 

Short Name

 
 

  
  
long_name IN VARCHAR2); 
 
 

Long Name

C) group)

A group is used to identify the organizational structure that owns or accesses data. Tags of data belonging to the same department can have the same group. Groups are classified. You can use groups to identify data based on your organizational structure. A group can contain up to 10000 elements.

Stored Procedure for creating a group:

The following is a reference clip:

 
 

  
  
PROCEDURE CREATE_GROUP (   
  
  
policy_name IN VARCHAR2, 
 
 

Policy Name

 
 

  
  
group_num IN INTEGER, 
 
 

Group Number

 
 

  
  
short_name IN VARCHAR2, 
 
 

Short Name

 
 

  
  
long_name IN VARCHAR2, 
 
 

Long Name

 
 

  
  
parent_name IN VARCHAR2 DEFAULT NULL);  
 
 

Parent group name

(1) Policy

A policy must contain one level component. A policy can contain at most one level and one group of components.

Create a policy stored procedure:

 
 

  
  
PROCEDURE CREATE_POLICY (  
  
  
policy_name IN VARCHAR2,   
 
 

Oracle Database Policy Name

 
 

  
  
column_name IN VARCHAR2 DEFAULT NULL,  
 
 

The default name of the Flag column.

 
 

  
  
default_options IN VARCHAR2 DEFAULT NULL); 
 
 

Default options

(2) mark

Tag Syntax:

 
 

  
  
LEVEL：COMPARTMENT1,...,COMPARTMENTn：GROUP1,...,GROUPn 
 
 

The maximum length of a tag string is 4000 characters, including numbers, spaces, and underscores. The tag string is case-insensitive and displayed in uppercase/lowercase format.

When a valid tag is created, a numeric tag is associated with the tag string. This numeric identifier is stored in the table's tag column.

Create a tag stored procedure:

The following is a reference clip:

 
 

  
  
PROCEDURE CREATE_LABEL (   
  
  
policy_name IN VARCHAR2, 
 
 

Policy Name

 
 

  
  
label_tag IN INTEGER, 
 
 

Mark Number

 
 

  
  
label_value IN VARCHAR2,  
 
 

Tag Value

 
 

  
  
data_label IN BOOLEAN DEFAULT TRUE); 
 
 

Indicates whether it is a data mark.

Article by: http://www.programbbs.com/doc/class10-1.htm