9 Tutorial: Configuring Compartments in Oracle Label Security
This tutorial demonstrates how to create Oracle Label Security compartments.
- About This Tutorial
In this tutorial, you will use theHR
schema to learn how to use Oracle Label Security compartments. - Step 1: Create an Account for Lily Leagull
Lily Leagull will initially have the same privileges as Susan Mavris and Ida Neau. - Step 2: Authorize Lily Leagull for the HIGHLY_SENSITIVE Level
After thelleagull
account has been created, you can authorize it to use theHIGHLY_SENSITIVE
level. - Step 3: Create Two Compartments for the Oracle Label Security Policy
All three users (Susan Mavris, Ida Neau, and Lily Leagull) will use compartments to access their data. - Step 4: Create the Data Labels for the Compartments
You will create three data labels for the compartments. - Step 5: Assign the Labels to the Users
Assigning the labels to the users will designate the rows to which these users will have access. - Step 6: Add the Policy Labels to the HR.EMPLOYEES Table Data
TheHR
user will add the policy labels to theHR.EMPLOYEES
table data in theEMPLOYEE_ID
column. - Step 7: Test the Oracle Label Security Policy
To test the policy, each user will try to query theHR.EMPLOYEES
table. - Step 8: Optionally, Remove the Oracle Label Security Policy Components
You can remove the Oracle Label Security policy,HR_ROLE
role, and users Ida Neau, Susan Mavris, and Lily Leagull.
Parent topic: Oracle Label Security Tutorials
About This Tutorial
In this tutorial, you will use the HR
schema to learn how to use Oracle Label Security compartments.
This tutorial builds on the previous tutorial, which demonstrates how to create Oracle Label Security levels to control the access that two users, Susan Mavris and Ida Neau, have to the records in the HR.EMPLOYEES
schema. For this tutorial, a third user, Lily Leagull, is an attorney with the company's legal department. Two former employees are suing the company, and she must have access to their records. She must not have access to any other records. The access to the former users is set by the HIGHLY_SENSITIVE
level, which you created in the previous tutorial. Access to the records of the two suing former employees will be possible through the use of a compartment within the HIGHLY_SENSITIVE
data set, called LEGAL
.
Related Topics
Step 1: Create an Account for Lily Leagull
Lily Leagull will initially have the same privileges as Susan Mavris and Ida Neau.
Step 2: Authorize Lily Leagull for the HIGHLY_SENSITIVE Level
After the lleagull
account has been created, you can authorize it to use the HIGHLY_SENSITIVE
level.
Step 3: Create Two Compartments for the Oracle Label Security Policy
All three users (Susan Mavris, Ida Neau, and Lily Leagull) will use compartments to access their data.
HR
compartment. The Legal department employee, Lily Leagull, will use the LEGAL
(LEG
) compartment.
Step 4: Create the Data Labels for the Compartments
You will create three data labels for the compartments.
HR.EMPLOYEES
table.
Step 5: Assign the Labels to the Users
Assigning the labels to the users will designate the rows to which these users will have access.
Step 6: Add the Policy Labels to the HR.EMPLOYEES Table Data
The HR
user will add the policy labels to the HR.EMPLOYEES
table data in the EMPLOYEE_ID
column.
Step 7: Test the Oracle Label Security Policy
To test the policy, each user will try to query the HR.EMPLOYEES
table.