Re: Oracle Lable Security and Oracle Warehouse Builder

Marc A. Lefebvre US-775 wrote:

> Is there anyway to implement and/or manage OLS from within OWB? I am
> currently running 9iR2? If it's not supported in 9iR2 is it supported
> in 10g?
>

Please explain in a bit more detail what you are trying to accomplish.

In the most general terms, RLS provides a predicate that can be 'appended' to a where clause against a table. As a special case it matches a userid to a selectable condition that can be found in a table, for example, user 'XYZ' can look at rows marked 'SECRET'

One way of 'managing' RLS is simply by ensuring apropriate rows have appropriate 'stamps' - IF that is the type of policy you are using. In that case, OWB could easily set up the individual rows properly.

Much more complex security policies are possible as the predicate that is added to the query or DML statement is generated by PL/SQL procedure. Basic Row Level Security, aka Virtual Private Database, as been around since 8i. I believe in 9i Oracle added a canned implementation as an option (called Label Security - which you reference) to simplify the admin and eliminate the programming. But that should not preclude using the inherent capability as described in Chapter 9 of the

Oracle9i Security Overview
Release 2 (9.2)
Part Number A96582-01

found at http://docs.oracle.com - Oracle9iR2 section or more directly at http://www.oracle.com/pls/db92/db92.homepage

While looking at the docs, you might also want to check the "Label Security Administrator's Guide".

/Hans
By the way - cross posting is not necessary (or appreciated) in the comp.database.oracle heirarchy. Received on Tue Sep 21 2004 - 23:21:08 CDT