11 SEM_OLS Package Subprograms
The SEM_OLS package contains subprograms (functions and procedures) related to triple-level security to RDF data, using Oracle Label Security (OLS).
To use the subprograms in this chapter, you should understand the conceptual and usage information in RDF Semantic Graph Overview and Fine-Grained Access Control for RDF Data.
This chapter provides reference information about the subprograms, listed in alphabetical order.
Parent topic: Reference and Supplementary Information
11.1 SEM_OLS.APPLY_POLICY_TO_APP_TAB
Format
SEM_OLS.APPLY_POLICY_TO_APP_TAB( policy_name IN VARCHAR2, schema_name IN VARCHAR2, table_name IN VARCHAR2, predicate IN VARCHAR2 DEFAULT NULL, network_owner IN VARCHAR2 DEFAULT 'MDSYS', network_name IN VARCHAR2 DEFAULT NULL);
Description
Applies an OLS policy to an application table.
Parameters
- policy_name
-
Name of an existing OLS policy.
- schema_name
-
Name of the schema containing the application table.
- table_name
-
Name of the application table.
- predicate
-
An additional predicate to combine with the label-based predicate.
- network_owner
-
Owner of the semantic network. (See Table 1-1.)
- network_name
-
Name of the semantic network. (See Table 1-1.)
Usage Notes
When you use triple-level security, OLS is applied to each semantic model in the network. That is, label security is applied to the relevant internal tables and to all the application tables; there is no need to manually apply policies to the application tables of existing semantic models. However, if you need to create additional models after applying the OLS policy, you must use the SEM_OLS.APPLY_POLICY_TO_APP_TAB procedure to apply OLS to the application table before creating the model.
You must have the following to execute this procedure: EXECUTE privilege for the SA_POLICY_ADMIN package, and the policy_DBA role.
Before executing this procedure, you must have executed the SEM_RDFSA.APPLY_OLS_POLICY procedure specifying SEM_RDFSA.TRIPLE_LEVEL_ONLY for the rdfsa_options parameter.
To remove the OLS policy from the application table, use the SEM_OLS.REMOVE_POLICY_FROM_APP_TAB procedure.
For information about support for OLS, see Fine-Grained Access Control for RDF Data.
For information about semantic network types and options, see Semantic Networks.
Examples
The following example applies an OLS policy named defense to the MY_SCHEMA.MY_APP_TABLE application table.
begin
sem_ols.apply_policy_to_app_table(
policy_name => 'defense',
schema_name => 'my_schema',
table_name => 'my_app_table');
end;
/Parent topic: SEM_OLS Package Subprograms
11.2 SEM_OLS.REMOVE_POLICY_FROM_APP_TAB
Format
SEM_OLS.REMOVE_POLICY_FROM_APP_TAB( policy_name IN VARCHAR2, schema_name IN VARCHAR2, table_name IN VARCHAR2, check_model IN BOOLEAN DEFAULT ), network_owner IN VARCHAR2 DEFAULT 'MDSYS', network_name IN VARCHAR2 DEFAULT NULL);
Description
Permanently removes or detaches the OLS policy from an application table.
Parameters
Usage Notes
If you have dropped a semantic model and you no longer need to protect the application table, you can use this procedure.
You must have the following to execute this procedure: EXECUTE privilege for the SA_POLICY_ADMIN package, and the policy_DBA role.
Before executing this procedure, you must have executed the SEM_RDFSA.APPLY_OLS_POLICY procedure specifying SEM_RDFSA.TRIPLE_LEVEL_ONLY for the rdfsa_options parameter.
An exception is generated if the associated model exists. In this case, if you want to execute this procedure, you must first drop the model.
For information about support for OLS, see Fine-Grained Access Control for RDF Data.
For information about semantic network types and options, see Semantic Networks.
Examples
The following example removes the OLS policy named defense from the MY_SCHEMA.MY_APP_TABLE application table.
begin
sem_ols.remove_policy_from_app_table(
policy_name => 'defense',
schema_name => 'my_schema',
table_name => 'my_app_table');
end;
/Parent topic: SEM_OLS Package Subprograms