10 Tutorial: Configuring Groups in Oracle Label Security
This tutorial demonstrates how to create an Oracle Label Security parent group that has four child groups.
- About This Tutorial
In this tutorial, you will use theOE
schema to learn how to use Oracle Label Security groups. - Step 1: Create a Role and User Accounts
The role that you create will enable any user who is granted it to have theSELECT
privilege on theOE.CUSTOMERS
table. The user accounts are for four sales representatives and the - Step 2: Create the Oracle Label Security Policy Container
As an Oracle Label Security administrator, you must create and then enable the policy container. - Step 3: Create and Authorize a Level Component for the Oracle Label Security Policy
After you create the Oracle Label Security policy container, you are ready to create and authorize a level component. - Step 4: Create and Authorize Groups for the Oracle Label Security Policy
You will create and authorize one parent group and four child groups for this parent group. Each user will be authorized for a group. - Step 5: Apply and Authorize the Policy to the Table
You must apply theOE_OLS_POL
policy to theOE.CUSTOMERS
table and then authorize theOE
schema user to have read privileges for the policy. - Step 6: Add the Policy Labels to the OE.CUSTOMERS Table Data
TheOE
user will add the policy labels to theOE.CUSTOMERS
table data in theACCOUNT_MGR_ID
column. - Step 7: Test the Oracle Label Security Policy
To test the policy, each user will query theOE.CUSTOMERS
table. - Step 8: Optionally, Remove the Oracle Label Security Policy Components
You can remove the Oracle Label Security policy,OE_CUST
role, and the user accounts.
Parent topic: Oracle Label Security Tutorials
About This Tutorial
In this tutorial, you will use the OE
schema to learn how to use Oracle Label Security groups.
Each sales manager must have access to the records of his or her customers in the OE.CUSTOMERS
table. The company president of advertising, Steven King, who each sales manager reports to, must have access to all customer records. The customer records are divided into groups based on the sales managers' territories.
The Oracle Label Security policy that you create will assign each of the sales managers a group, and this group will be used to label the appropriate rows in the OE.CUSTOMERS
table. The groups will have a parent group, GLOBAL_SALES
, which will be associated with advertising president Steven King. The child groups of GLOBAL_SALES
are as follows:
EUROPE
, with access by sales manager Alberto ErrazurizASIA
, with access by sales manager Gerald CambraultUNITED_STATES_1
, with access by sales manager John RussellUNITED_STATES_2
, with access by sales manager Eleni Zlotkey
By default, the OE
schema is not installed. You can download this schema from GitHub, as explained in Oracle Database Sample Schemas.
Related Topics
Parent topic: Tutorial: Configuring Groups in Oracle Label Security
Step 1: Create a Role and User Accounts
The role that you create will enable any user who is granted it to have the SELECT
privilege on the OE.CUSTOMERS
table. The user accounts are for four sales representatives and the
Related Topics
Parent topic: Tutorial: Configuring Groups in Oracle Label Security
Step 2: Create the Oracle Label Security Policy Container
As an Oracle Label Security administrator, you must create and then enable the policy container.
Parent topic: Tutorial: Configuring Groups in Oracle Label Security
Step 3: Create and Authorize a Level Component for the Oracle Label Security Policy
After you create the Oracle Label Security policy container, you are ready to create and authorize a level component.
Parent topic: Tutorial: Configuring Groups in Oracle Label Security
Step 4: Create and Authorize Groups for the Oracle Label Security Policy
You will create and authorize one parent group and four child groups for this parent group. Each user will be authorized for a group.
DBA_SA_LABELS
data dictionary view. For example:SELECT POLICY_NAME, LABEL, LABEL_TAG FROM DBA_SA_LABELS ORDER BY LABEL_TAG;
Output similar to the following appears:
POLICY_NAME LABEL LABEL_TAG ------------ ------ ----------- OE_OLS_POL D 1000000085 OE_OLS_POL D::GS 1000000086 OE_OLS_POL D::EU 1000000087 OE_OLS_POL D::AS 1000000088 OE_OLS_POL D::US1 1000000089 OE_OLS_POL D::US2 1000000090
Parent topic: Tutorial: Configuring Groups in Oracle Label Security
Step 5: Apply and Authorize the Policy to the Table
You must apply the OE_OLS_POL
policy to the OE.CUSTOMERS
table and then authorize the OE
schema user to have read privileges for the policy.
Parent topic: Tutorial: Configuring Groups in Oracle Label Security
Step 6: Add the Policy Labels to the OE.CUSTOMERS Table Data
The OE
user will add the policy labels to the OE.CUSTOMERS
table data in the ACCOUNT_MGR_ID
column.
Parent topic: Tutorial: Configuring Groups in Oracle Label Security
Step 7: Test the Oracle Label Security Policy
To test the policy, each user will query the OE.CUSTOMERS
table.
Parent topic: Tutorial: Configuring Groups in Oracle Label Security
Step 8: Optionally, Remove the Oracle Label Security Policy Components
You can remove the Oracle Label Security policy, OE_CUST
role, and the user accounts.
Parent topic: Tutorial: Configuring Groups in Oracle Label Security