Security policy solutions for creating Oracle access rules

The following articles mainly describe how to specify the tags and related comparison rules when creating relevant security policies for Oracle access rules and Oracle access privileges. DB2LABCRULES is the only comparison rule. It can be divided into read rules and write rules.

Read rules:

 
 

  
  
DB2LBACREADARRAY 
 
 

The array Components Marked by user security must be greater than or equal to the array Components Marked by Object Security;

 
 

  
  
DB2LBACREADSET: 
 
 

The collection component of the user security tag must contain the collection component of the object security tag;

 
 

  
  
DB2LBACREADTREE: 
 
 

The tree component of the user label must contain at least one tree component element (or the ancestor of these elements) marked by the object security ).

Write rules:

 
 

  
  
DB2LBACWRITEARRAY: 
 
 

The array Components Marked by user security must be equal to the array Components Marked by Object Security;

 
 

  
  
DB2LBACWRITESET: 
 
 

Same-read rules;

 
 

  
  
DB2LBACWRITETREE 
 
 

: Same read Rule. You can see through DB2LBACREADARRAY and DB2LBACWRITEARRAY that the read and write rules are actually "same-level write, downward read ".

Oracle access privileges

Grant user privileges:

 
 

  
  
GRANT EXEMPTION ON RULE DB2LBACREADSET FOR DataAccess TO USER JOE 
 
 

The meaning of the privilege here is to exempt the specified rule, that is, the user does not need to follow the specified rule when accessing data.

The types of privileges are as follows:

 
 

  
  
DB2LBACREADARRAY   
  
  
DB2LBACREADSET   
  
  
DB2LBACREADTREE   
  
  
DB2LBACWRITEARRAY WRITEDOWN   
  
  
DB2LBACWRITEARRAY WRITEUP   
  
  
DB2LBACWRITESET   
  
  
DB2LBACWRITETREE   
  
  
ALL   
 
 

The above content is an introduction to Oracle access rules and Oracle access privileges. I hope you will gain some benefits.

Article by: http://www.programbbs.com/doc/class10-1.htm